Just before the Thanksgiving holiday, I posted a few predictions on what 2019 will bring for the security industry. Now that year-end is quickly approaching and with it, more chances to eat, drink and be hacked, I’d like to share what I think we will see more of next year across our ever-expanding threat landscape.
1. More social engineering will make social media increasingly anti-social
The hodgepodge of social media accounts has diminished individual persons into particles of data we call ‘personal information.’ State-based cyber warfare will likely continue their focus on direct heist and disabling services, while your run-of-the-mill organized crime will increase their activities, all while using social media.
After page scraping, account hacking, brute force attacks and exfiltrations, cybercriminals will develop composite profiles that will fool the account authentication mechanisms of social media platforms into thinking they’re real people. This will level-up the tactic of social engineering and, initially, there will not be an answer to prevent it.
2. Cybercriminals’ focus will start to shift from stealing data to manipulating data
For most of its history, the discipline of cybersecurity has had an outsized focus on the ‘C’ of the data CIA triad—confidentiality, integrity, availability. But as insights-driven organizations continue to depend on data for decisions and progress, that data’s integrity will take center stage in 2019.
Approximately 85% of cyberattacks are detected when the invader attempts to lift valuable information from the victim’s coffers.
The economic incentives for thievery are significant, paired with a simple business model: steal data, sell it on the Dark Web. But goals are extraneous to tactics. If the goal is financial reward, selling stolen data has become a commoditized market. Cybercriminals will start to shift to manipulating data, to change decisions, to get a desired outcome, to leverage and call options on a company’s stock.
Corrupt the data, corrupt corporate performance, deceive shareholders and institutional investors, rake in the cash.
3. Expect more insider threats as individuals’ technical capabilities rise
During the past 10-15 years, technical progress outpaced the average person’s ability to master it all. But our generational turnover has changed how the general population thinks about technology.
University Liberal Arts programs are collapsing, funding for humanities research is constricted, and the next cohort of would-be scholars are steering their futures toward the technical (with STEM-related degrees or training).
This shift has created a meteoric rise in people’s ability to work with technical material. But a threat? You bet. If in 2010, 5% of your insiders were capable of a successful attack, what happens when that proportion goes to 10-15%?
By simply adding more capable people to the attack surface, you’ve increased the likelihood that one insider threat will be successful. Reverend Bayes and his pesky compounding probabilities. Once enough successful attacks are widely circulated, organizations will being to look inward to this near limitless threat.
4. Like a rock: an ounce of prevention will be worth a pound of cure
We will continue to see the pendulum swing back to prevention as the most impactful thing a security and IT team can do to protect their organization from a breach. While strolling through a security operations center (SOC) may feel like you’re an extra in a sci-fi movie, this will be increasingly less poignant than the ‘carry water, chop wood’ discipline of doing the small things right every time to have a robust security posture.
Hardening, purity and cyber hygiene will continue to increase and budget dollars will flow in that direction. Along with this mindset will be the increased adoption of frameworks such as the NIST Cybersecurity Framework, compliance with controls, and the self-imposed privacy protections notwithstanding an Act of Congress to impose it for you.
Of course each of these predictions aren’t fact, rather they are my thoughts on what 2019 will bring based on my evaluation of our threat landscape today. Unfortunately, the only real constant in cybersecurity is change.
If you’d like to make some early progress on improving your security posture in 2019, try this Dark Endpoint Assessment. You can identify and eliminate your endpoint vulnerabilities and increase your visibility and control.