As the new year approaches, there is always value in looking back and learning from the experiences of the past, as well as what lies in store in the year to come.
ESET security experts have done just this as well, taking stock of 2018 and what they predict 2019 may bring in the area of cybersecurity and privacy. The result is ESET’s new report, Cybersecurity Trends 2019: Privacy and Intrusion in the Global Village, which takes a look at five critical topics in today’s digital world.
Below are my top takeaways. Take a moment to download the full report, or watch our webinar with ESET North America security researchers discussing these trends and how organizations can prepare.
Trend #1: Cryptomining continues to rise
Cryptocurrencies have grabbed media headlines due to the volatility in pricing, with extreme high values to sudden low points. The idea of cryptocurrency, or more specifically a currency without borders, is solid, but there are areas of concern, including coin-mining malware, which my colleague David Harley discusses. The ability to transfer money pseudo-anonymously makes it the currency of choice for cybercriminals when extorting cash from victims, but the currency also requires significant resources to maintain its infrastructure. This gives cybercriminals another opportunity, as they can steal resources from victims to provide the computing power needed to maintain the cryptocurrency infrastructure.
If you step away and take a broader look, it seems sensible that some form of regulation is needed to remove the opportunities that cryptocurrency affords cybercriminals.
To learn more about how organizations can protect themselves, watch our recent webinar, Cryptojacking: The Latest Spin on Data Breaches.
Trend #2: Attackers use automation to advance social engineering campaigns
Artificial intelligence (AI), machine learning (ML)… Living in Silicon Valley, I hardly ever hear a conversation that does not use one of these buzzwords. In the context of cybersecurity, these are not new. Many companies have been using machine learning to protect customers for many years—they just didn’t shout about the back office technology being used.
I recently attended a meeting where AI/ML was the topic of discussion, focused on how educators could teach high school students the principles and allow them to experiment. At first glance, you may think that the infrastructure needed would be too costly, but with cloud computing resources available to rent, it is available to everyone who needs it—even cybercriminals—at very competitive prices.
My colleague Lysa Myers takes a detailed look at the potential uses of AI/ML—or misuses—depending on your view, in the full report.
Trend #3: A move towards a global privacy law?
ESET Sr. Security Researcher Stephen Cobb reflects on the past year and how it’s been monumental in the world of privacy, as this time last year the talk was all about the European Union’s General Data Protection Regulation (GDPR), which became active legislation in May 2018. Affording individuals protection and control of personal information in an age where data can so readily be used for profit is essential, and the EU took the first bold step to ensure that its citizens are informed and given choice, and that when they choose to give their data, it’s held responsibly and securely.
Companies around the world have needed to change behavior and processes to comply. If you’re tackling compliance initiatives, try ESET’s free compliance checker. For those who run afoul of the regulation, the first significant fines are expected to be handed out in 2019. The EU is not alone—California has also stepped up and passed similar legislation. With many of the world’s largest tech companies being based in California, it is likely to cause reflection on and changes to how personal data is used.
Trend #4: Data privacy will make or break companies
Lysa and Stephen also take a look at the implications of data breaches and how the use of some social platforms may change based on data breaches and security incidents. With 1.8 billion records exposed in breaches by the third quarter of the year, the leakage of personal information seems to have no end in sight.
There is then the misuse of social platforms and the continuing exposure of fake news that is being pushed out by disreputable organizations attempting to change opinions or even interfere with democracy. Facebook usage seems to have contracted, but what this means for the company, which owns the growing platforms Instagram, WhatsApp and Messenger, is yet to be seen.
Trend #5: IoT attacks will continue apace
The Internet of things, IoT, will change the entire environment that we live in, especially when you consider that IDC, an analyst company, predicts there will be 80 billion connected devices by 2020. As a cybersecurity company, we predict that attacks will keep pace with the growth as cybercriminals exploit the resources of the devices and the access to personal data. Attacks such as the Mirai botnet, which disrupted popular websites including Netflix, Spotify and Twitter, already demonstrated the impact of harnessing the power of IoT for malicious purposes.
In 2018, several governments published standards and advice to manufacturers and consumers of devices, with California going one step further and legislating that by 2020 all devices will need to have a unique password set by default. As the trends report alludes to, with GDPR coming into force and more privacy legislation on the horizon, many IoT vendors will increasingly focus on protecting personal data in 2019.
As for me, I encourage everyone to put down their device when possible over the holidays and enjoy spending time with friends and family!