Top Cyber Security Threats in 2019
A host of new and evolving cyber security threats has the information security industry on high alert. Ever-more sophisticated cyber attacks involving malware, phishing, machine learning and artificial intelligence, cryptocurrency and more have placed the data and assets of corporations, governments and individuals at constant risk.
The industry continues to suffer from a severe shortage of cyber security professionals and experts warn that the stakes are higher than ever, as the cyber crime epidemic even risks shaking public faith in such cherished ideals as democracy, capitalism and personal privacy.
One thing the experts agree on is that cyber crime is here to stay; in fact, as our dependence on technology continues to grow, it may even be getting worse.
The nonprofit Information Security Forum, which describes itself as “the world’s leading authority on cyber, information security and risk management,” warns in its annual study of the cyber security landscape (Threat Horizon 2019) of increased potential for:
- Disruption — Over-reliance on fragile connectivity creates the potential for premeditated internet outages capable of bringing trade to its knees and heightened risk that ransomware will be used to hijack the Internet of Things.
- Distortion — The intentional spread of misinformation, including by bots and automated sources, causes trust in the integrity of information to be compromised.
With damage related to cyber crime projected to hit $6 trillion annually by 2021 according to CyberSecurity Ventures, here is a closer look at the most significant cyber security threats for 2019.
Cyber Security Threats and Trends for 2019
Phishing Gets More Sophisticated — Phishing attacks, in which carefully targeted digital messages are transmitted to fool people into clicking on a link that can then install malware or expose sensitive data, are becoming more sophisticated.
Now that employees at most organizations are more aware of the dangers of email phishing or of clicking on suspicious-looking links, hackers are upping the ante — for example, using machine learning to much more quickly craft and distribute convincing fake messages in the hopes that recipients will unwittingly compromise their organization’s networks and systems. Such attacks enable hackers to steal user logins, credit card credentials and other types of personal financial information, as well as gain access to private databases.
Ransomware Strategies Evolve — Ransomware attacks are believed to cost victims billions of dollars every year, as hackers deploy technologies that enable them to literally kidnap an individual or organization’s databases and hold all of the information for ransom. The rise of cryptocurrencies like Bitcoin is credited with helping to fuel ransomware attacks by allowing ransom demands to be paid anonymously.
As companies continue to focus on building stronger defenses to guard against ransomware breaches, some experts believe hackers will increasingly target other potentially profitable ransomware victims such as high-net-worth individuals.
Cryptojacking — The cryptocurrency movement also affects cyber security in other ways. For example, cryptojacking is a trend that involves cyber criminals hijacking third-party home or work computers to “mine” for cryptocurrency. Because mining for cryptocurrency (like Bitcoin, for example) requires immense amounts of computer processing power, hackers can make money by secretly piggybacking on someone else’s systems. For businesses, cryptojacked systems can cause serious performance issues and costly down time as IT works to track down and resolve the issue.
Cyber-Physical Attacks — The same technology that has enabled us to modernize and computerize critical infrastructure also brings risk. The ongoing threat of hacks targeting electrical grids, transportation systems, water treatment facilities, etc., represent a major vulnerability going forward. According to a recent report in The New York Times, even America’s multibillion-dollar military systems are at risk of high-tech foul play.
State-Sponsored Attacks — Beyond hackers looking to make a profit through stealing individual and corporate data, entire nation states are now using their cyber skills to infiltrate other governments and perform attacks on critical infrastructure. Cyber crime today is a major threat not just for the private sector and for individuals but for the government and the nation as a whole. As we move into 2019, state-sponsored attacks are expected to increase, with attacks on critical infrastructure of particular concern.
Computer security giant McAfee has predicted that: “Nation-state cyberwarfare will become an equalizer, shifting the balance of power in many international relationships just as nuclear weapons did starting in the 1950s. Small countries will be able to build or buy a good cyber team to take on a larger country. In fact, cyberwarfare skills have already become part of the international political toolkit, with both offensive and defensive capabilities.”
IoT Attacks — The Internet of Things is becoming more ubiquitous by the day (according to Statista.com, the number of devices connected to the IoT is expected to reach almost 31 billion by 2020). It includes laptops and tablets, of course, but also routers, webcams, household appliances, smart watches, medical devices, manufacturing equipment, automobiles and even home security systems.
Connected devices are handy for consumers and many companies now use them to save money by gathering immense amounts of insightful data and streamlining businesses processes. However, more connected devices means greater risk, making IoT networks more vulnerable to cyber invasions and infections. Once controlled by hackers, IoT devices can be used to create havoc, overload networks or lock down essential equipment for financial gain.
Smart Medical Devices and Electronic Medical Records (EMRs) — The health care industry is still going through a major evolution as most patient medical records have now moved online, and medical professionals realize the benefits of advancements in smart medical devices. However, as the health care industry adapts to the digital age, there are a number of concerns around privacy, safety and cyber security threats.
According to the Software Engineering Institute of Carnegie Mellon University, “As more devices are connected to hospital and clinic networks, patient data and information will be increasingly vulnerable. Even more concerning is the risk of remote compromise of a device directly connected to a patient. An attacker could theoretically increase or decrease dosages, send electrical signals to a patient or disable vital sign monitoring.”
With hospitals and medical facilities still adapting to the digitalization of patient medical records, hackers are exploiting the many vulnerabilities in their security defenses. And now that patient medical records are almost entirely online, they are a prime target for hackers due to the sensitive information they contain.
Third Parties (Vendors, Contractors, Partners) — Third parties such as vendors and contractors pose a huge risk to corporations, the majority of which have no secure system or dedicated team in place to manage these third-party employees.
As cyber criminals become increasingly sophisticated and cyber security threats continue to rise, organizations are becoming more and more aware of the risk third parties pose. Several years ago, Wendy’s fell victim to a data breach that affected at least 1,000 of the fast-food chain’s locations and was caused by a third-party vendor that had been hacked.
Ethical hacker Jamie Woodruff said in a V3 article, “As more technology comes out, we’re ever more reliant on third-party vendors. Look at how APIs work, and how we feed them into third parties. That’s a potential way into the corporate network.”
Connected Cars and Semi-Autonomous Vehicles — While the driverless car is close, but not yet here, the connected car is. A connected car utilizes onboard sensors to optimize its own operation and the comfort of passengers. This is typically done through embedded, tethered or smartphone integration. As technology evolves, the connected car is becoming more and more prevalent; by 2020, an estimated 90 percent of new cars will be connected to the internet, according to a report titled “7 Connected Car Trends Fueling the Future.”
For hackers, this evolution in automobile manufacturing and design means yet another opportunity to exploit vulnerabilities in insecure systems and steal sensitive data and/or harm drivers. In addition to safety concerns, connected cars pose serious privacy concerns.
Source: McAfee Labs
As manufacturers rush to market with high-tech automobiles, 2019 will likely see an increase in not only the number of connected cars but in the number and severity of system vulnerabilities detected.
A Severe Shortage of Cyber Security Professionals — The cyber crime epidemic has escalated rapidly in recent years, while companies and governments have struggled to hire enough qualified professionals to safeguard against the growing threat. This trend is expected to continue into 2019 and beyond, with some estimates indicating that there are some 1 million unfilled positions worldwide (potentially rising to 3.5 million by 2021).
The severe shortage of skilled cyber security professionals continues to be cause for alarm since a strong, smart digital workforce is essential to combat the more frequent, more sophisticated cyber security threats emanating from around the globe.
That’s why the University of San Diego created two master’s degree programs focused specifically on the most critical issues facing cyber security professionals today — the innovative, online Master of Science in Cyber Security Operations and Leadership and the on-campus Master of Science in Cyber Security Engineering.