Gartner forecasts that worldwide information security spending will exceed $124 billion in 2019. Understanding the state of cyber security is important to successfully protect your business from the continued expansion of advanced cyber attacks.
So we asked our cyber security experts: What do you expect the top cyber threats of 2019 to be?
1. Software update supply chain attacks
Many industries saw a surge in incidents of supply chain attacks during 2017 and 2018. In 2017, Symantec observed an increase of 200 per cent compared to the previous year. On average there was a supply chain attack during every month of 2017, compared to four attacks annually in the previous years.
Software update supply chain attacks are an up and coming cyber threat. One of the reasons for this is that the number of infections, injected when updating software, can grow quickly and unnoticed. Attackers often target specific regions or sectors, which is what happened with the Petya/NotPetya attacks, for example.
What is a software update supply chain attack?
This type of attack implants a piece of malware into an otherwise legitimate software package at its usual distribution location. This occurs during production at the software vendor, at a third party storage location or through redirection.
For years the ISF has been raising the issue of the vulnerability of the supply chain. A range of valuable and sensitive information is often shared with suppliers. When that information is shared, direct control is lost. That leads to an increased risk of compromise of that information's confidentiality, integrity or availability.
In 2019, organisations will need to focus on the weakest spots in their software update supply chains. Not every security compromise can be prevented ahead of time, but your suppliers and on-site cyber security experts need to be proactive nonetheless. Adopt strong, scalable and repeatable processes with assurances that are proportional to the risks you face. Organisations must embed supply chain information risk management within existing procurement and vendor management processes.
Guarding yourself against software update supply chain attacks is difficult. However taking the following steps helps:
- Test new updates, even the legitimate ones, in small test environments or sandboxes primarily, to detect any suspicious behavior.
- Monitoring behaviour and activities on a system helps to identify any unwanted patterns and allows you to block a suspicious application before any damage can be done
- Detect unwanted changes in the software update process by always looking at the website of software package producers. They should ensure that their web pages are always up-to-date.
2. Phishing attacks
Kaspersky’s Anti-Phishing system was triggered 246,231,645 times in 2017. The security company states that over 91 million more phishing system triggers were set off in 2017 compared with 2016. With 76% of businesses reporting being a victim of a phishing attack in the last year, it should come as no surprise that many IT decision makers mark phishing attacks as their biggest current cyber security threat.
A phishing attack is a type of social engineering attack designed to steal user logins, credit card credentials, and other types of personal, business or financial information. Coming from a perceived trusted source, for example by impersonating well-known and trusted websites, banking institutions or personal contacts, these attacks are becoming more advanced and unfortunately more effective.
By entering or using credentials, clicking links or replying to phishing emails with financial details, information is sent directly to the malicious source.
Avoiding these attempted attacks is a big challenge. Raising awareness by running cyber awareness programmes is one way of reducing the risk of becoming a victim of phishing attacks. Besides that running awareness or cyber threat assessments can be a good starting point, to see how familiar the users within your organisation are with phishing attack tactics.
With around 4,000 ransomware attacks occurring every day, and estimates claiming that there will be a ransomware attack on businesses every 14 seconds by the end of 2019, building defenses against ransomware is a top priority. Ransomware has the potential to cause the permanent loss of company data, because it infects encrypted data and secure database systems and threatens to delete or corrupt files unless a ransom is paid.
Defending against this type of malware, or ‘Endpoint Epidemic’ as some call it, can be successfully done by training employees in combination with using innovative endpoint security solutions. Instead of using traditional anti-virus systems, cloud-delivered endpoint protection can be used to stop this type of online extortion. Also in 2019, we expect to see more organisations coming up with ransomware recovery strategies and keeping data in multiple, replicated locations.
4. Advanced Persistent Threats need Advanced Threat Protection
When an unauthorised attacker code is allowed to enter a system network and quietly steal information while evading detection, this is known as an Advanced Persistent Threat (APT). The code remains inside the network for a significant period of time, stealing information varying from financial information, to login credentials, patents and other critical business or security information.
An APT gains entry through a file, email, network or application vulnerability and then inserts malware into the organisation's network. The network is considered compromised, but not breached for it has not been detected.
By obtaining login credentials, APTs have the ability to infect deeper parts of the network or system, compromising data and making it possible to navigate between connected networks. Evidence of an APT attack can be removed by the controller, while the network remains compromised. A cyber criminal using an APT could return at any time to continue the data breach.
While being very difficult to detect, intelligent Advanced Persistent Threat protection systems and segmenting the network can help to discover unusual behaviour or pattern activity within a network. Traditional cyber security measures such as defense-in-depth, firewalls and anti-virus, cannot protect against an APT attack, leaving organisations vulnerable to data breaches.
FireEye's Adaptive Defense approach, for example, is a strategy gaining more traction, because it helps to intercept possible APTs at any point in a network, analysing them by using the latest available information on threat actors and methodology. Safeguarding your financial, intellectual and personal data requires an integrated, intelligence-based security fabric to provide end-to-end protection across the organisation. Ensuring that you have a holistic security strategy - combining people, process and advanced technology - will dramatically reduce your exposure to current and future attacks.
5. IoT botnet DDoS attacks
Networks of compromised IoT devices that can be remotely controlled and used to launch attacks on a massive scale, sometimes including millions of machines and computers, create powerful botnets. This type of cyber threat became well-known during the Mirai attack.
Botnets are controlled by Command and Control (C&C) networks. The hacker runs these C&C networks, which can be used to launch Distributed Denial of Service (DDoS) attacks.
With IoT device usage rapidly increasing in today's’ connected world, so does the threat of botnet DDoS attacks. Because many IoT devices lack built-in security measures, they are being 'recruited' into botnets and used to initiate DDoS attacks. With the Mirai botnet still relatively fresh, it is worth mentioning that several spin-offs are already active. Cyber criminals are initiating similar botnet DDoS attacks, using poorly secured IoT devices.
With more and more IoT devices out there, this new generation of botnet DDoS attacks means that the number of threats and their devastating potential will grow in 2019. That’s why mitigating massive traffic volumes using DDoS protection solutions is considered a major cyber security priority for the years to come.
Cyber security challenges in 2019
Preventing the growing number of attacks and threats from hitting you in 2019 starts with educating employees, using scalable next-generation cyber security solutions and gaining insight into the threats targeting your business or industry. These priorities are a big challenge for cyber security managers.
Over the past couple of years we’ve seen some of the most frequent and severe cyber security attacks ever recorded. As security professionals prepare for another potentially record-breaking year of network breaches and data security risks, it is imperative that you make yourself aware of the latest cyber security solutions and technologies to stay ahead of the perpetrators and protect your most critical assets.
October 24 2018