Cybersecurity Trends for 2019 – The Escalating War Against Encryption, Privacy, and Security
It’s time to take stock of security for another year. 2018 has seen some corkers, from the BA data breach to Cambridge Analytica, but as ever, it could always be worse. The range of consumer-facing breaches in 2018 have truly proved that cyber security is the last line of defence for personal security.
Companies and individuals alike have lots to lose if their digital security is lacking, and whether the attacker is a terrorist or a disgruntled employee, there’s plenty to combat over the next year. From public infrastructure hacks to sleeper agents and the looming threat of GDPR fines, companies should understand how to protect themselves in 2019 – and what they are protecting themselves from. With this in mind, here are three things we should expect to see in the coming year.
1.The next public disaster will be a cyber-attack
We saw with WannaCry that one virus can spread across the whole NHS fairly quickly, wreaking havoc as it goes. The next target will be the UK’s power and telecoms networks. A successful sector-wide attack could cause major disruption to the country, switching off people’s lights, heat and communications. If that were tied in with a health network hack, the impact could turn deadly. The real threat is that there doesn’t even have to be a large, well-funded terrorist organisation behind it. It could just be a lone gun with the right skills and software.
2. Sleeper agents with time bombs will sink your company
Do you know when you’ve been attacked? It takes companies an average of 206 days to discover a breach, so the answer is ‘probably not.’ And the threat doesn’t just have to be external: you could have sleeper agents placing time bombs in advance. They don’t necessarily need to be onsite at the crucial moment.
It could be a developer with a grudge placing a time bomb in the system to erase crucial intellectual property, or even an outgoing executive quietly deleting things in the background. If done quietly over a period of time, you could lose your backups as well, with no way of tracing the culprit. This is in addition to the huge GDPR fines you would face. Companies need to have measures in place to track data movement to prevent this kind of insider threat.
3. We’re going to get our first big GDPR fine.
If 2018 was the year of compliance, 2019 will be the year of retribution for everyone’s favourite data privacy regulation. The period of grace is drawing to a close, and the new year will see the ICO taking its first high-profile scalp over treatment of personally identifiable information. That will set the precedent by which all further cases are judged – letting companies know along the way just how strictly enforced the rules are going to be, and how heavy the fines. Now is the time to check your compliance levels – don’t wait for the hammer to fall.
If 2019 is anything like 2018, consumers are in the firing line. With these scenarios in mind, it’s time to re-evaluate 2019 security plans – again and again. Does this plan put the customer first? Is our security system tracking insider threats? Are we aware of which employees have access to what data? Are we GDPR compliant?
If organisations can safely answer yes to all these questions, congratulations – you’ve avoided the biggest security hazards of the year. However, that doesn’t mean it’s time to stop evaluating your systems, in today’s security landscape, you can never be too safe.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.