It's hard to believe, but the New Year is nearly upon us. 2018 was a busy year for cybersecurity, between regulatory changes and massive data breaches. Security teams were faced with obstacles that had never before been encountered and were forced to adapt. And while the year is coming to a close, the challenges are far from over. With new vulnerabilities arising from IoT-enabled innovations, an increase in sophisticated attacks due to bots leveraging AI, and the potential for a catastrophic breach in an established sector like utilities, 2019 is shaping up to be a challenging year on the cybersecurity front.
ThreatX’s 2019 predictions are focused on five key areas:
Cyberwarfare: The Battle Lines are Drawn
Because security has not been built into established industries like utilities, these sectors are an easy target across the globe and a prime mark for attackers looking to engage in cyber warfare. While their vulnerability has been well-documented, ThreatX believes the industry won’t take the threat seriously until something significant occurs—but by then, it will be too late. As we head into 2019, expect this threat to intensify until it finally boils over and results in action. By 2023, ThreatX predicts there will be a major attack on a US utility that will finally force the industry to address these vulnerabilities.
Artificial Intelligence: Don’t Believe the Hype
AI will bring new cybersecurity challenges in 2019 in the form of bots implementing supervised learning techniques to better mimic human behavior in attacks, such as credential stuffing. Hackers aren’t the only group that will be causing companies AI headaches—security vendors will increasingly be part of the problem. ThreatX predicts there will be more false claims by security providers that their product uses AI, forcing organizations to be diligent in the procurement process to separate fact from fiction.
IoT: Internet of Threats
The threat attack surface will continue to expand as the portals to configure and control the plethora of connected devices are exposed. Hackers will increasingly be less interested in the device itself and more in what can be obtained and/or accomplished by infiltrating the control portal. One industry that showcases this vulnerability is the automotive sector—as more cities allow self-driving cars, ThreatX predicts there will be a major accident as a result of a hacker taking over the controls.
Threat Landscape: Flexibility is King
As more companies adopt cloud-based apps and move past the edge, security approaches will need to evolve to keep pace as companies can no longer rely on solutions built into the cloud environment. Flexibility is essential in this landscape, as many legacy solutions can’t provide visibility into hybrid environments. In addition to this need for adaptability, ThreatX predicts that the threat landscape will continue to struggle with DDoS attacks, which it expects to increase in both size and scope. That said, the company believes passwords will remain the dominant threat vector in 2019, although by 2025, ThreatX predicts passwords will be rendered obsolete and replaced by a new security standard.
Security Skills: No More Back Office
The days when security teams were relegated to the back office are long gone. The trends examined above are bringing security into all facets of operations and giving rise to a new set of essential skills for security pros. The ability to communicate is one area in which ThreatX expects to see greater demand in 2019, as security leaders will be required to translate complex cybersecurity threats into non-technical terms. In addition, the company predicts that security leaders will increasingly need to advocate for new tools and technologies by educating CEOs and the board on the evolving threat landscape—and why companies can’t afford to let anything other than security drive procurement.
“If I could offer two words of advice to others in the security industry as we head into 2019, it would be ‘stay vigilant.’ It’s not only that our current security challenges show no sign of abating—we’re seeing a number of new trends on the horizon that are combining to create a truly unique and complicated environment. Within the year, for example, I predict we’ll see name-brand retailers and a major service used by the general public get DDoS’d. It promises to be a difficult time for companies, vendors, and consumers alike, and our best chance of getting through it unscathed is by being as security-conscious as possible. Everyone has a role to play in security, and in the 2019 threat landscape it’s more important than ever that this part be played to perfection.” - Bret Settle, co-founder and CEO, ThreatX