Saepio’s Threat Landscape Predictions
Every December at Saepio we unbox our crystal ball and predict what next year has in store for the cyber security industry. We thought you would appreciate our findings and welcome any feedback.
2019 Threat Landscape
The cyber-attack surface widened in 2018. As organisations automate and innovate, the accelerated adoption of new technology and internet connected systems is apparent. Couple this with the rise in cyber criminals armed with tools and knowledge to compromise software vulnerabilities…. well, the result is obvious.
The EU GDPR and the NIS Directive offer more fuel to hold sensitive data and business systems to ransom. So, with malicious cyber activity on the up and the attack surface continuing to broaden, what do we expect to see in 2020?
The good news is the attack vectors are unlikely to change but we do expect existing techniques to evolve and be increasingly sophisticated and targeted in nature.
1) The birth of a new Celebrity Vulnerability
Expect a new ‘celeb vulnerability’ in 2019 to join the likes of WannaCry, NonPetya, Meltdown and Spectre. It will almost certainly be malware that takes advantage of a common vulnerability and will likely arrive in a Maldoc contained in spear phishing emails. Once infected, we expect it to self-propagate much like EternalBlue. Effective vulnerability management and patching, mature email security controls, NextGen AV and security awareness training are all important preventative controls. Malware protection guide
2) Ransomware will continue…
… but the more serious attacks resulting in higher ransom demands will target IoT devices such as smart devices in transportation systems, production lines, medical equipment. So many of these smart devices have been bought to market quickly, speed of innovation appears to take priority over security which leaves them vulnerable. The concept of ‘Secure by Design’ requires broad adoption. Expect to hear more about DevSecOps.
3) IoT botnets will come to a device near you
Internet connected hardware devices will be compromised to serve up everything from cryptominers to Trojans to DDoS attacks. Large scale compromises of routers and IoT Devices are going to take place, and they are a lot harder to patch than computers. Even just patching does not fix the problem, if the device is infected.
4) Attacks on Internet Connectivity
Internet availability is more important than ever. Like electricity, it’s a core utility at home and work. Whether physically cutting cables or using DDoS mechanisms, targeted attacks will be used to disrupt business processes. As organisations increasingly rely on web connected devices and systems, we expect to see more being held to ransom by disrupting access to the internet.
5) If you can’t crack the lock, steal the key
Those with access to critical data or the ability to change the configuration of critical IT systems pose a rising threat. Cybercriminals want their credentials. Whether intentional, malicious or ‘forced’ by violent criminal groups, as companies are increasingly software driven, attackers will compromise the individuals with the privileges to gain the control they desire.
6) Behold, the CISO
As new technology emerges, more data and process is moved to the cloud, and with growing compliance requirements, in 2019 the importance of a dedicated member of staff to oversee Information Security will be more relevant than ever. For larger organisations, the voice of the CISO will elevate in importance, there is a lot of work for them to do. With there being a skills gap for this role we expect to see more organisations employ part time virtual CISOs who will advise the board and provide the cyber expertise, policy and guidance that is required.
7) Patching the Human Firewall
People are your greatest risk and greatest asset when it comes to information security. Social Engineering powers the vast majority of threats, and the sophistication is increasing. To counteract it, we predict accelerated adoption of new school awareness training to minimise the risk of people triggering cyber incidents at work and home. Aware people report threats and are an asset to the incident response process. We expect widespread mindset adoption that patching human vulnerabilities is as important as patching technical vulnerabilities.
Summary:
Every year the cyber threat landscape evolves and information security becomes a greater business challenge. The majority of risk is mitigated by doing the security essentials well. Do what is reasonable to prevent breaches with the right controls and processes in place but be prepared to deal with cyber incidents – it’s not if, it’s when.
In 2019 Saepio expect to spend a lot of time helping customers deploy security monitoring tools that highlight malicious cyber activity and automate the containment and response. If you don’t have one already, document your Cyber Incident Response Plan (CIRP) and conduct table top scenarios to test it.