First of all, Happy New Year!! This article serves as insight of what to look for in cyber world during 2019.
2018 has had its run. Just as people determine to learn from the past, make the required changes, and implement them as new year’s resolution, companies do the same. It is no different in cybersecurity. Let us review cyber attacks in 2018 (and recent years) as a guide for preparation this year.
Microprocessor Vulnerability Exploits
In early 2018, security researchers disclosed that computer chips manufactured in the last 20 years have flaws that can be exploited. Exploits of these vulnerabilities may be grouped as either Meltdown or Spectre attacks1. Meltdown attacks allow programs to access the memory of other programs in the operating system; Spectre attacks trick programs to unveil information, and secrets, through the safety check process2.
IoT (Internet of Things) Attacks
For consumer convenience and excitement, technological advancements are implemented on vehicles, devices, appliances, and other such objects. The problem here is that it increases possibility for malicious exploits and breach. Since the Mirai Botnet attack in 2016, more IoT devices are being used to launch malicious attacks and this is expected to continue in 2019.
Interference in Operational Technology
Industrial environments are becoming more connected and smarter for operation. Today, operational technology and information technology are combined for the primary purpose of monitoring and information gathering on the manufacturing plant, grid or any other physical system. In 2017, security researchers announced Russian hacking activity in US power grids. It was not until 2018 that the United States publicly acknowledged these actions were from Russia. There is potential for similar attacks in 2019.
Ransomware
Ransomware is not new in cybersecurity and has occurred pretty frequently in recent years. What happens is the attacker unleashes malware that holds victim’s data that released only after the ransom is paid. It is expected that this threat is likely to happen in 2019 because of its lucrative nature.
Conclusion
There is no clear cut pattern for excellent predictions which is understandable for attacks to be successful. However, we can conclude that attacks are increasingly sophisticated in the approach.
The major challenge in combating this is that companies find it hard stay on top of emerging threats while securing previous attacks and achieving company goals simultaneously; attackers are aware of this. This fact makes it hard to effectively defend the fort due to financial challenges, insufficient resources etc. It is like stretching a rubber band beyond its limit.
There is no 100% fix to prevent breaches and attacks from ever happening, however, companies should secure their most valuable assets and come up with strategic solutions that will yield highly satisfactory results. In 2019, companies should invest in technologies for securing IoT and other operational devices. The mentality to combat this is the mindset that any digital object, no matter how small, can be hacked if vulnerabilities (flaw or weakness) are present. Therefore, companies should collaborate with vendors for faster vulnerability patching (or fix).
_____________________________________________________________________________________________
Outlook 