It’s that time of year again when we look back to look ahead. This has been quite a year for data breaches, a rise in hidden crypto mining malware, and lots of victims continuing to fall for ransomware and other botnet attacks. The 2019 security landscape holds new promise, threats, developments, and opportunities to collectively tackle the issues our industry faces. Here are the top 10 security trends that HarborTech Mobility would like to highlight and suggest ways to prepare for the coming year.
Trend 1: Crypto mining will continue to be a threat as long as attackers can make quick cash from infections. Hidden coin miners continue to proliferate, and malware authors are taking advantage of them to disrupt your business.
Recommendation- Be on the lookout and deploy tools designed to detect these exploits.
Trend 2: Expect to see more sophisticated artificial intelligence features in security tools in 2019. The time between when a vulnerability is discovered and when the malware authors have developed an exploit now can be measured in a matter of minutes.
Recommendation- Better automation will be essential for defenders, especially as networks and threats become more complex. Automated patching tools are critical to successfully deploying fixes across the large digital infrastructures that run many modern businesses.
Trend 3: Cloud security remains an issue, mainly due to user neglect and configuration errors. The most recent example was a batch of documents from the United Nations that were leaked because of an insecure Trello board. Checking a single box is all it would have taken to easily secure the data in such situations.
Recommendation- While new cloud security measures will come out in 2019, user error is still the weak link, as protections are often neglected, or workloads are often mistakenly misconfigured.
Trend 4: Sadly, you can’t fix stupid. Don’t be another city of Atlanta or Equifax, which both mistakenly thought their data was protected with backups.
Recommendation- The old chestnut of having better backup verification still holds true. Examine the backups or practice recovery drills to learn how to respond to incidents.
Trend 5: Expect to see more drills and exercises conducted in 2019. Activities such as red team and tabletop exercises will become more important in efforts to find holes in your security infrastructure and hone breach responses.
Recommendation– Develop the offensive side of your house. Try putting more efforts to find holes in your security infrastructure and hone breach responses.
Trend 6: FIDO2 will continue to gain adherents, and smartphone authenticator apps will improve and become better integrated into numerous mobile products.
Recommendation- Get serious about multifactor authentication. This can help improve security using hardware keys.
Trend 7: Unfortunately, we can expect to see additional exploits based on the older PC versions, with “older” being defined as anything before Windows 10
Recommendation- Those ancient machines are just asking for trouble, no matter how well they are segmented and protected. Try to rid yourself of Windows 2000 and XP once and for all.
Trend 8: Attackers are getting more sophisticated, but they’re still lazy. We continue to see new exploits, but often they just leverage existing methods with a twist. Many attacks try brute-force password attacks, such as the one experienced by AdGuard recently.
Recommendation– Make sure your intrusion detection defenses are set up properly to warn you of these kinds of efforts.
Trend 9: Fileless malware attacks that leverage PowerShell and other OS-native commands and code will continue. These techniques leave very little evidence of their work or use misleading actions that appear to be normal OS tasks
Recommendation- Security staffs will have to improve their detection prowess to track down these infections in 2019. It is a cat-and-mouse game—as defenders get better at their skills, the attackers improve their obfuscation techniques.
Trend 10: 2018 has seen the acquisition of numerous vendors in this market segment, including Wombat (bought by Proofpoint), PhishLine (by Barracuda), Securecast (by Webroot), and Popcorn Training (by KnowBe4). We’ll see additional consolidation in this space in 2019.
Recommendation- More security awareness training will need to happen and do so on a continuous basis.
These discussions will continue into next year and beyond, and there are a number of other big trends that are likely to dominate the security industry in 2019. Hopefully, by following some of the above suggestions, you won’t be a party to as many of them in 2019.
For more information on how you can take precautions and save yourself from attacks and breaches contact HarborTech Mobility today!