As 2019 arrives and budgets and plans get finalized, I like to take stock of what cybersecurity trends may emerge in the New Year. Cybercriminals constantly evolve—as does technology—so it’s important to periodically take stock of the current threat and security landscape. Today, I want to emphasize four predictions for the coming year.
1. Experts will emphasize users and risk
The nature of work has shifted over the years. More people work remotely. Users bring personal devices to work. Executives take their work laptops—and sensitive company data—home to networks that could be insecure. And with the increasing amount of encrypted internet traffic, perimeter-level defenses offer fewer protections.
Instead, security experts will start managing risk based on users and the devices they use. For example, an employee who connects from a trusted work device from inside the company network presents less risk than an employee on a personal mobile device on their home network. In the first case, the security organization may allow the user easy access, but for the mobile user, they may add safeguards like multifactor authentication.
Handling user-centric security doesn’t have to be daunting. Businesses may focus efforts on “risky users.” For example, the head of human resources who has access to private employee data needs more rigorous security requirements than a web designer who only accesses the design files. You could require that the head of HR always connect via VPN to ensure their machine is clean. The point here is that we may need to shift our thinking toward users rather than just data or IT assets.
2. Data breach reporting may expand
Data breaches will continue causing problems. If cybercriminals can make money, they’ll still try to steal data. But businesses will face new risks in the coming year.
While data breaches continue, we may see an increased number of data breach reports. New laws like the General Data Protection Regulation (GDPR) may cause an increase in reported breaches. This isn’t entirely due to the reporting requirements—GDPR may shift the way we think about private and public data. For example, I consider things like my name or employer to be public data because you can find them easily via a Google search. I always considered data like medical records to be private. Under GDPR, however, you must report any personal data, which is defined as, “any information relating to an identified or identifiable natural person (‘data subject’)." This expands the scope of reportable breaches, which could lead to increased data breach reports (even if the number of breaches stays level).
New legislation could come down the pipeline using GDPR as a model. This shouldn’t immediately trigger cause for alarm—this transparency is good for consumers. However, increased fines and penalties could become major risks for businesses.
3. Ransomware won’t go away, and neither will cryptomining
This past year, we saw fewer news reports about major ransomware attacks. Instead, we saw an increase in crytpomining-based attacks. In these attacks, cybercriminals can compromise a system, steal some processing power, add it to their farm of processors from other victims, and start making money from Bitcoin, Monero, Zcash, or another cryptocurrency.
Remember to stay vigilant against these kinds of attacks. Because they’re only stealing a small amount of processing power, it may seem like a minor nuisance compared to a ransomware attack. However, cryptominers and ransomware are merely the payloads. If someone puts a cryptominer on your systems, they could choose to change to a financial Trojan or to ransomware. Stay vigilant here with both basic cyberhygiene and, if you need to, security operations center (SOC) services.
However, don’t assume ransomware has gone away. Ransomware attacks are still profitable for cybercriminals—especially when they affect continuity for a major organization like an enterprise, a hospital, or a government agency.
4. MSPs and MSSPs will seek to partner
With an increasing emphasis on security, MSPs may wonder if they need to become MSSPs. Ultimately, there’s not only room for both businesses, they can work synergistically.
MSPs are the CIOs of their clients. They provide IT services to help them achieve their business goals. MSSPs, on the other hand, focus on security. They monitor for intrusions, remediate threats, and provide advanced threats. MSPs focus on supporting the good guys; MSSPs focus on thwarting the bad guys. To top it off, most MSSPs don’t want to be MSPs.
MSPs that partner with MSSPs can provide even greater services to their clients and help serve more of their IT needs. If an MSP, for example, picks up a client in a regulated industry that requires 24/7 security monitoring, they could easily partner with an MSSP to deliver to the customer.
Don’t get me wrong—MSPs should still handle the fundamentals of cyberhygiene for their clients. If the MSP doesn’t help ensure systems get patched, antivirus stays up to date, and backups remain current, the customer will likely find an MSP who will.
Don’t slow down as the New Year Arrives
As the new year arrives, it’s important to keep up with your security practices. Cybercriminals don’t take holidays, and your security can’t either. So, make sure to both continue with your cyberhygiene practices—and start preparing for some of the trends we may see in 2019.
And if you’re interested in partnering with an MSSP, SolarWinds MSP has a new Threat Monitoring Service Program that matches MSPs with our approved MSSPs. Contact SolarWinds MSP today to learn more.
Tim Brown is VP of security at SolarWinds MSP. Read more SolarWinds MSP blogs here.
