What will be the major digital threats of 2019? What should enterprises be most prepared to defend against? When designing their digital perimeter, what should enterprises keep in the front of their mind? How will the digital threats of 2019 fare against next-generation cybersecurity?
Of course, determining the major digital threats of 2019 is no mean feat. Experts around the world and from a variety of different cybersecurity disciplines—endpoint security, SIEM, and identity management—all have their own perspectives on what enterprises could face in the coming year. But one thing is clear: the digital threats of 2019 will be just as damaging as the threats of 2018.
Therefore, we’ve assembled expert predictions on the digital threats of 2019. Here they are:
Robert Block, Senior Vice President of Identity Strategy, SecureAuth
Due to the rise of both hardware- and software-based nation-state and organized crime attacks over the past several years that infiltrate systems and servers slowly exfiltrating data, organizations are paying closer attention to incidents where small amounts of data are being exported from their networks. Companies are being more careful than ever before. As a result, I expect to see the effects of large-scale malware attacks such as WannaCry will decrease. Malware attackers won’t stop, but their impact will be less meaningful and substantial over time. I predict attackers will turn their focus and efforts looking at identity and access exploitation.
Stephen Cox, Vice President and Chief Security Architect, SecureAuth
According to the latest studies, it takes roughly 100 days from the time a breach occurs to evidence of the attack being detected. That is over three months of an attacker or attackers with a foothold, likely moving laterally within your organization to complete their mission of robbing you of your valuable data. The good news is over the past five years, the number of days to detect a breach has decreased. The bad news is that 100 days is still too long. The longer the breach, the more data that is stolen and the more users that are affected, the costlier it is.
As organizations adopt machine learning based advanced analytics and security orchestration and automation (SOAR) technology to enhance the relationship between the three pillars of security – network, endpoint, and identity, they will be more efficient in analyzing the mountains of security data they own and continue to collect. As a result, I see the mean time to detection falling and more breaches that are greater than 100 days old, perhaps even longer, coming to light in 2019 as organizations get better at identifying them.
These newly identified breaches could be devastating – where an attacker held a foothold for years but was only recently identified with these newly integrated security capabilities. Similar to how forensic science was revolutionized by DNA analysis, newly non-siloed cybersecurity capabilities backed by machine learning may be able to discover attacker presence that simply couldn’t be seen before.
Mark Gazit, CEO, ThetaRay
The complexity of attacks will continue to grow as criminals increasingly use artificial intelligence (AI) to conduct their schemes. Banks will receive more fines for money laundering because they will have a decreased ability to protect themselves. Rogue regimes will also use AI to achieve their cyber-crime goals, including election fraud, social media manipulation, money laundering and more. Perhaps worst of all, AI-enabled money laundering will create a greater flow of money to criminal organizations to finance narcotrafficking, human trafficking, and terror attacks.
On the bright side, new advances and AI technologies will help financial organizations, critical infrastructure, and enterprises to better protect themselves if they choose to deploy such systems.
Carl Wright, Chief Commercial officer, AttackIQ
A week barely passes without the disclosure of a significant breach these days. Companies should be learning from others’ mistakes before a similar breach happens to them. Executives and Board of Directors must evaluate how much of the IT budget is being allocated to security control validation and testing, especially since several U.S. states have passed legislation to expand data breach notification rules and penalties to mirror those of GDPR. Organizations need to continuously assess the viability of their security controls the same way adversaries do in order to protect against future events.
Gilad Peleg, CEO, SecBI
AI will power cyberattacks more and more. In fact, it is reasonable to assume that armies of AI hackers will have greater, faster penetration with more automation, allowing hackers to achieve greater success executing cyberattacks. Cyber defense must look to AI for the faster analytics needed to find malicious activities. With machine learning and AI-driven response, security teams can automate triage and prioritization while reducing false positives by up to 91%. Enterprises will seek innovative solutions that enable them to stay ahead of the next unknown threat. They can’t simply look at what they have and just upgrade. Nor can they rely on homegrown solutions. They require out-of-the box, automated solutions based on AI.
Nir Gaist, CTO and Co-Founder, Nyotron
AI and Machine Learning (ML) have been the “silver bullets” of the security industry for the past few years. Malicious actors are taking note. For instance, just like security vendors can train their ML models on malware samples to detect them, malware writers can “train” or tune their malware to avoid detection using the same exact algorithms. Attackers can also poison the data that ML models use in training. Because algorithms need massive amounts of data to work, it can be difficult to weed out efforts to poison your learning set with false information. This type of AI weaponization was demonstrated by IBM scientists in a proof-of-concept of a highly targeted and evasive attack tool powered by AI earlier this year. We believe a significant attack or strain of malware will leverage AI in 2019.
Gaurav Banga, Founder and CEO, Balbix
“In 2018, Gartner released a report on risk-based vulnerability management, which stresses the need for vulnerability management (VM) tools to incorporate risk based on business context. Traditional tools identify thousands of vulnerabilities at any given time for a large enterprise, making it near impossible for security teams to know which vulnerabilities to prioritize and address. As Gartner pointed out, advanced risk-based VM tools take into consideration the impact to the business of each vulnerability if exploited and produce a clear, prioritized list of actions for the security team to take. As devastating breaches at large and small, public and private organizations continue to make headlines, companies will gravitate toward risk-based tools to more effectively and efficiently avoid getting breached.”
Rich Campagna, CMO, Bitglass
“In 2018, cloud cryptojacking took the world by storm, much to the dismay of businesses and security experts. Expect to see a lot more of this in 2019 and beyond. This technique combines two commonly used types of attacks: cryptojacking, when malicious individuals appropriate devices’ compute power in order to mine for cryptocurrency, and cloudjacking, when illegitimate third-parties hijack enterprise cloud resources. Together, the two hacking methods can be used to mine cryptocurrency at a highly-accelerated rate.
Infrastructure-as-a-service platforms like Amazon Web Services are becoming increasingly popular targets for hackers – unsecured IaaS platforms offer a massive amount of processing power and an environment where attackers can go undetected. As the market for this cloud-based infrastructure continues to grow, we will see more instances of cloud cryptojacking.”
If your enterprise is concerned about the digital threats of 2019, be sure to check out our resources on Endpoint Security, Identity Management, and SIEM.