The year of 2018 is coming to a quick and rapid end, but with the new year coming many cybersecurity professionals are scrambling to prepare for what may meet them on the “battlefield” in 2019. What will dominate the conversation in the upcoming year and what will be the greatest threat to security? The team at VIPRE Security decided to tackle this question and predict what will happen in the 2019.
We sat down with three of our team members to ask what surprised them most in 2018 and what they believe will dominate the cybersecurity conversation in the upcoming year.
John ‘TJ’ Letourneau, Senior Director of Customer Success
I believe that there are a few areas that will dominate in 2019. (1) First, I think ransomware of the Internet of Things (IoT) will be a frontrunner. I can see where bad actors would benefit from being able to control your smart locks and lights. It is easy to work around (remove the smart plug) but it could get progressively worst over time. Want to watch this show? Malicious actors could charge you $5.00 to unlock your TV now.
(2) Another area I see ripe for growth is security camera breaches and ransom. We are already seeing spam campaigns that say webcams have caught you in a vulnerable state or bad actors have your internet history now pay a certain amount to keep it quiet. With the amount of stick up cameras (ring, blink, arlo, etc.) and security not typically being paramount with IoT, I could see bad actors ACTUALLY getting compromising video and holding it for ransom.
(3) I also see cryptomining ransomware making its way to the forefront. Why ask for bitcoin when you can use spare CPU cycles for a given time to mine your own bitcoin? Instead of paying directly I could see where bad actors would flip the script and start ransoming spare CPU/GPU cycles instead of direct payment. It is easier for the organization and would likely result in the bad actors getting paid more often than not. No need to restore from backups, no need to pay cash, just using your hardware during company downtime (or even worse).
(4) Next, I see that the password will finally bite the bullet and die. This seems like it should happen rather soon. There is no need for a password anymore, we all carry phones or other methods of hardware identification. With all of the breaches that occur due to reuse of passwords, this is a problem that should be solved soon.
(5) Finally, I predict that we will witness the end of security training in 2019. This may be a longshot prediction but the investments made in security training for end users SHOULD stop once the organizations making the investment recognize that you can’t fix human error sometimes. Why pay for all of this training when people will continue to make the same mistakes? Unless organizations are using this training and placing employees on continuous performance improvement plans or terminating employment due to failed tests, end user security training companies should be concerned. This will start to look like wasted money to an organization every time they get infected and that budget will vanish.
Jason Norton, Product Marketing Director
I’m a bit surprised at the attention paid to Cryptojacking toward the end of this year. Some security companies have claimed this to be a bigger threat than ransomware and malware. However, I’m not sure I believe that will be the case. Having your computer highjacked to mine Cryptocurrency will tax the resources but I’m not convinced that’s worse than having files encrypted for a demand of physical monetary payment.
Looking ahead, I feel that 2019 should be a fun year. (6) I believe the security space will continue to undergo more mergers and acquisitions, which was also a hallmark of 2018. (7) I also believe that channel partners and end users will continue to look for their SaaS services from a single vendor, or as close to it as possible. We see this in the shift in MSP’s going to aggregators like ConnectWise for an easy SaaS model and a full catalog of IT services.
David Corlette, Director of Product Management
I would say that 2018’s biggest surprise was the acquisition of Cylance by BlackBerry. While shocking, I will say I’m excited to see what 2019 has in store for all. I believe that three issues will define the cybersecurity space this upcoming year.
(8) First, weaknesses in the IoT supply chain will continue to make the overall threat environment worse. This is already a major issue. Cheap, poorly-designed, consumer-grad IoT devices with major security holes that are either not patched or are completely abandoned by their vendors will continue to get infected. Attackers will get more creative and go beyond ever-more-massive DDOS botnets to incorporate IoT cryptomining, IoT ransom, and using the IoT device to pivot and attack the internal environment. Legislation mandating that vendors protect their consumers will fail to keep up. I predict major DDOS attacks in 2019 that dwarf those from 2018, and a tripling or more in consumer losses from ransom payments, loss of service, etc.
(9) Second, we will see “Critical” IoT devices become deadly. Although we’ve known about vulnerabilities in IoT devices that provide critical (i.e. potentially life-endangering) functions – such as connect cars, medical devices, etc. – for several years now, in 2019 we will see real-world targeted attacks and loss of life connected to security holes in these systems.
(10) Finally, I predict that there will be massive pro-privacy backlash in the new year. Pro-privacy legislation akin to GDPR will spread, and Facebook/Twitter/etc. will be forced to continue to defend their policies as to how they collect and use customer data. Privacy will become a significant concern for a much larger segment of the population. Despite all the noise, companies will still be able to exploit user data to target advertising and that same data will still be used to compromise free and fair elections.
Final Thoughts
There is a lot to be concerned about as we enter 2019, but the consensus seems to center around the need for massive cybersecurity upgrades to IoT devices and networks. Additionally, it seems that crptomining/cryptojacking will be an area that is one for concern in the upcoming year. We will see if our predictions do come true, but now more than ever is the right time to have a proper cybersecurity strategy implemented with a true layered security approach.
Blog courtesy of VIPRE Security and parent company J2 Global. Read more VIPRE Security blogs here.
