The last 24 months have been filled with news of breaches, attacks, and privacy concerns with no end in sight. Here are my 2019 cyber security predictions.
1. Both consumer and commercial IoT (Internet of things) devices will be a prime target for hackers. IoT devices (such as smart refrigerators and thermostats) can already be found everywhere and are becoming even more popular. Hundreds of millions of connected devices have little or no defense against hackers, making them easy targets. In a retail setting, IP cameras are one of the many devices that can be vulnerable to hacks. The surge of smart cars and medical equipment may be targeted as well.
IoT device makers have been slothful in securing their products. Such slow progress isn’t beneficial for the plethora of devices already deployed unsecured and are difficult to patch. Your smart TV from five years ago isn’t smart or safe anymore. Furthermore, weak, overused default passwords in the consumer setting pose a significant risk.
2. Automation and artificial intelligence (AI) will improve threat detection. AI is has become widely adopted in searching for and analyzing potential threats. Use cases will include endpoint, firewall, network traffic and exception reporting. However, there is a point of concern with AI: a great potential for humans to become complacent and fail to monitor threat detection as they would have before AI. On the flip side, hackers will use AI to forge more advanced automatic attacks. The battle of good and evil does not stop with AI.
3. GDPR is here, so expect more regulation related to data protection. In 2019, you should expect substantial monetary punishment for US companies that are not compliant with GDRP. I would also expect to see a much wider adoption of the best demonstrated practices in data protection standards globally. We should see a great deal of governmental regulation for data privacy in 2019.
4. Spear phishing will increase dramatically in 2019. A more targeted approach on corporations and government agencies from both state actors and hackers for profit. Spear phishing occurs when a social engineer creates fraudulent communications with a target, making it a point to appear legitimate and often claiming to be from a trusted or known source. Phishing is one of the more well-known tricks of social engineers, but it’s still one of the most successful.
5. We may see a rise in hacking as a service (HaaS) through the wider adoption of AI for both the good guys and bad alike. The need for more advanced methods of hacking is here in some cases. HaaS will be the solution for some bad actors.
6. Wider adoption of multi-factor authentication will occur. 2019 will likely be the year where multi-factor authentication becomes a standard practice in online transactions, banking transactions, and social networks. Many financial institutions have already instituted this as a default. I predict that you will see it as a requirement for many e-commerce transactions. Your Amazon order may need it in the future.
7. Ransomware attacks seemed to slow down in 2018. However, they still do occur and have an impact. Ransomware is a type of malicious software designed to block access to computer files by encryption. A hacker will demand a sum of money to be paid to get your files back. Ransomware is here to stay, and I expect it to remain a significant risk in 2019.
8. Cyber warfare becomes a real danger in 2019. Both state actors and terrorists should be a concern. Terrorist organizations will solicit hackers to help wage cyber warfare. Attacks on utility, infrastructure, transportation, and commercial entities should be expected. Some of our biggest fears regarding major cyber attack could come true in 2019.
Managing cybersecurity risks while balancing the appropriate prevention will continue to play a major role throughout all sectors. The need to have advanced response plans to a cyber incident come to the forefront in 2019. Our risk in retail is continually evolving. The rapid adoption of technology in retail is making it increasingly difficult for us to mitigate risk. We must remain vigilant and take a balanced approach that focuses on prevention and how we respond to a cyber event.