There is something refreshing about the start of a new year. It’s a traditional time of reflection but more significantly it’s about the possibilities that lie ahead of us in a new year. Unfortunately, in the world of cybersecurity, that typically means what new exploits will be unleashed in the coming year that will threaten our businesses and our data. Interestingly, it is not all doom and gloom. However, awareness of rising threats is useful in planning our cybersecurity spending as well as staying alert in our daily work.
So what does 2019 have in store for the cybersecurity community? What can Businesses expect in 2019?
Internet of Things (IoT), bring your own devices (BYOD), and the increasing complexity of networks with cloud and staff mobility will all continue to add to the threat surface area. The example of smart devices, innocently brought into our homes and businesses with the goal of making our lives better, offer another avenue for exploit by cybercriminals in 2019. It’s no secret that as these devices become more numerous in our lives, they increase the threat surface area in our networks. Often security is ignored or is an after-thought in these IoT devices. Potential attackers know this. 2019 is only a couple weeks old and already one of the exploits being reported is a breach of Chromecast devices utilizing Universal Plug and Play (UPnP). Attention to the security of any additions to the network needs to be paid to avoid or at least be aware of the potential threats these new devices pose.
Business Email Compromise (BEC) really came to the forefront of breaches in 2018, largely related to the growth of Office365 and the use of BYOD. This trend shows no sign of slowing in 2019 as a primary source of a breach. Often the security of O365 is not considered and logging was not turned on (although Microsoft is now enabling this by default) and rarely is 2FA being used. Sophisticated phishing attacks are becoming very successful in tricking users out of their O365 credentials and are being used to compromise email. In 2019, if your cybersecurity awareness training does not include information on how to recognize and prevent this type of exploit and if your IT team is not securing your O365 environment by utilizing the tools that are available to help prevent BEC, then you are putting your business at risk.
The European Union’s (EU) GDPR (General Data Protection Regulation), and in particular the management of privacy will become more relevant in the US. Already, several industries, like banking (SEC) and healthcare (HIPAA) have strict laws and technical requirements regarding data privacy. However, following the EU’s implementation of GDPR last May, and with California enacting similar legislation set to take effect in 2020, data privacy regulations and subsequent IT requirements are coming to America in 2019. The FTC, Congress, and the US Chamber of Commerce are all weighing in on a push to establish a national law. Privacy compliance will become a consideration for business in 2019.
And while our defenses and tools to protect our data become more ubiquitous and feature-rich, so will the tools and tactics of cybercriminals in 2019. Profit motivates most of the cybercrime directed at SMB’s. Cybercriminals are increasingly utilizing exploits that can be purchased on the dark web and we are seeing “malware as a service”. Also, as more credentials are breached, these are being sold and used in exploit attempts as well because employees often use the same credentials in multiple sites. Social media is also seen as a growing vector for cybercriminals to target as a method to identify potential victims. Our propensity to share too much and our growth in use of social media make it an easy means for free information gathering by cybercriminals.
None of these predictions should be very surprising but the real question is what is your business doing to protect you in 2019? What are you budgeting to defend against cybercrime? Unfortunately, the days where a firewall and antivirus were enough are past us. A company like Integrity IT can help you plan, implement and continuously monitor for these types of threats to your network and data. We have experienced Security Analysts and Engineers who can help your existing IT department or can be a stand alone, trusted, outsourced solution.
Whatever you do in 2019, we strongly recommend you don’t ignore cybersecurity for your business.
For more information, please contact us
Sign up for our weekly Security Tips email at https://www.integrityky.com/my-security-tips/
Watch the Data Privacy Day 2019 Event Online on January 28
The technology landscape is rapidly changing and is forging a new era in privacy. On Monday, January 28, the National Cyber Security Alliance (NCSA) and privacy leaders with diverse perspectives will explain opportunities and challenges for the privacy road ahead, and you can watch it all online at https://staysafeonline.org/dpd19-live/