2019 Cyber Threat Predictions

With the continual exponential growth in Big Data and Cloud adoption, we saw many attacks targeting personal data from all angles, both internal and external. With the increased regulations on the use of personal data from legitimate sources, attackers are even finding such data even more lucrative and the ability for organisations to be able to protect such sensitive data needs to be constantly beefed up.

It has been a cat and mouse game for a good part of 2018, but sadly it almost always seems that attackers are playing the role of the mouse, while companies are having a hard time taking up the role of a cat, much like the evergreen series of Tom and Jerry.

Looking at these for the whole of 2018, here is my take on what to expect in 2019.

1. Artificial Intelligence: – Two sides of the same coin

With the growing adoption of AI to handle Big Data, attackers will be the flip side of the coin using AI to deliver attacks. The very intelligence that is used to manage and manipulate data could also be able to be tweaked to carry out malicious attacks on the ocean of data out there.  Yes many cybersecurity vendors too have identified this and many too have claim to have adopted AI to automate the prevention, detection and radiation from malicious AI activity. But the question is who can make a more intelligent AI?

2. Cloud: – White fluff be brewing a storm!

Cloud adoption is seeing a constant and upstream growth. With many new players joining the fray, it seems that there are no stopping organisations of all sizes, from all verticals, to move rapidly in transforming the old school on premise infra to a hybridised version leveraging on the scalability, flexibility and “less hassle to maintain hardware ideology” of the cloud.

With the increasing amount of data deployed in the Cloud, it is alarming to observe that majority of the organisations still do not have good housekeeping and measures made to their data estate in the cloud.

3. Malware: –

After the highly publicised “WannaCry”, “NotPetya” and “BadRabbit” attacks in 2017, many organisations thought that when they manage to survive it with no 2018 malware seeming to receive the same amount of spotlight.

The hard truth of the matter is ransomware, cryptojacking, trojans and VPN filters are still rampant and active. Many threat intelligence and monitoring from major vendors are still seeing a relentless wave after wave of attacks happening on a continual basis. Just as zero day detection had seen vast improvements, but many organisation still rather not use such solutions often citing the high level of false-positives and high costs.

Yes there are improvements made in Zero-Day attack detection, but did you know that the sophistication of such Zero-day attacks are also seeing improvements with the assistance of AI?

4. DDoS: – Its still there even when you don’t see them much!

Psst…..Do you know that DDoS is still prevalent and is increasing in volume? Yes, you may not see as much buzz about DDoS in the press, but it is known to some that many of these very persistent attacks still haunt many big organisations who rather keep it under wraps. Many organisations rather quietly try to mitigate and remediate these attacks, as having to publicly fall victim to such attacks would only publicise their shortcomings but to participate in firefighting protocols to seek immediate assistance only to realise that as these attacks often affects their online presence, and even when such attacks may be purely be an act of mischief, a website that cannot be reach, may often result in loss of revenue in a world where online transactions are starting to be a norm for consumers to make purchases online.

5. Cyber Hygiene: – Everyone is involved.

Attack vectors continue to shift and evolve with speed. Users from all levels are seeing the need to include cyber hygiene practices in their work flow. With the advent of GDPR, many organisational leaders are starting to be aware that when it comes to protecting their data estate, the users within the organisation would probably be their weakest link. From insider threats from current and ex-staff, to lack of cyber awareness from lack of training, these problems many IT managers argued to have more inclination towards being a HR problem is undisputedly also an IT problem when looking from another perspective. It only shows that how technology had been infused into our working society that a holistic approach across all working levels in an organisation and proper awareness training and cyber hygiene should be enforced and practiced by every single human asset across the entire organisation.

Original Article Can Be Found HERE!!!