As with most things in information technology, the landscape of cyber security and threats is constantly evolving. New technologies bring new problems, so what is cyber security in 2019 really about and what do you need to look out for?
In recent years we’ve seen a surge in the numbers of Internet of Things devices appearing on both home and corporate networks. We’ve also seen greater use of artificial intelligence in many areas and all of these things have an impact on the security landscape.
Cyber warfare
Something that has become more prevalent over the last five years or so, is the presence of state-sponsored hacking. This ranges from snooping and malicious interference to full-on cyber warfare attacks against infrastructure, governments, and democratic processes.
This type of attack is becoming far more sophisticated and means that simple anti-virus protection is no longer adequate to guard organisations. It’s highly likely that 2019 will see an attack against a government or major corporation that shows their lack of preparedness for this kind of incident.
This could well follow the pattern of Russian cyber attacks on Ukraine’s infrastructure which occurred in 2015. These attacks succeeded in disrupting energy distribution, communication, transportation and more, effectively paralysing the country. Some of the attacks used targeted phishing (spearphishing ) techniques while others relied upon exploiting hardware vulnerabilities in areas such as HVAC systems.
Data protection
Since the introduction of GDPR, many people have become more aware of the fact that information about them is held by various organisations for a range of different purposes. The recent fining of British Airways following a data breach [1] shows that regulators are taking the security of information more seriously too.
But what is cyber security all about when it comes to our personal data? It’s not always easy to know how much information we are exposing. Many smartphone apps, for example, grant permissions that include functions such as location tracking, recording of audio, logging of calls and texts, access to the device’s camera, and more.
People need to become more alert to the fact that they could be sharing information via apps or social media without necessarily being aware that they are doing so. They also need to know that businesses can’t always be trusted to have their best interests at heart.
The rise of AI
Artificial intelligence and machine learning are seeping into more and more areas of our lives. It’s used by businesses to understand more about their customers and provide them with a better, more targeted service. It’s also increasingly used to provide ‘chatbots’ that can offer human-like interaction in customer service situations.
But this technology can have a darker side too. Chatbots could be used for social engineering, to trick consumers into making bad decisions. There’s also the rise of what are being called ‘deep fakes’ that can appear to be real, trusted individuals.
While AI may be somewhat overhyped in marketing terms, it is appearing in lots of different products. It’s important for businesses and consumers to remain alert to the risks and to understand that, like any technology, it needs careful management.
Internet of Things devices
The rapid rise in the number of internet-connected devices beyond the established realm of computing and mobile is likely to continue to provide a focus for cyber threats in 2019. Internet of Things devices have less inherent security than equipment with more computing power. They are also routinely introduced into company networks without the knowledge of the IT department.
Poorly secured IoT devices can be recruited into botnets to launch DDoS and other attacks, most notably in the Mirai attack of 2016 [2]. But despite the threat having been around for a number of years, the problem remains as the firmware embedded in devices can be lacking in security features and hard to update.
There needs to be increased awareness of the threat that IoT devices can present and a strict regime of ensuring that default security settings are changed and that updates to software are carried out regularly.
There’s also an issue with the data that IoT devices create. They can generate a huge amount of information which often is passed back to their makers, so it’s important to understand exactly where that data is being sent and how it might be used. IoT gadgets could be used to spy on your activities without your knowledge.
As businesses adapt to rapidly changing technology, so do hackers and cyber criminals. Your security arrangements, therefore, need to evolve too. Relying on the protection you have had in place for several years is no longer adequate. New technologies driven by AI, such as behavioral analysis, are likely to be key to securing systems in the future. These will allow unusual traffic patterns (which may be an early sign of a cyber attack) to be identified and addressed.
[1] https://www.standard.co.uk/news/uk/british-airways-fined-more-than-180m-for-customer-data-breach-a4184376.html [2] https://www.iotforall.com/5-worst-iot-hacking-vulnerabilities/