Five Ways the State of Security Will Evolve in 2019
A few months back, my colleagues made several predictions for technologies in 2019—everything from artificial intelligence (AI) and machine learning (ML) to hybrid cloud, blockchain and the Internet of Things (IoT). Through those discussions, as well as insight from our own internal experts, they compiled predictions for the new year across a range of topics. They briefly touched upon security with breaches tied to IoT devices so I thought I would drill down further and provide 5 ways the state of security will evolve as we continue into 2019.
1. Infrastructure attacks on rise
We will see at least one major infrastructure hack in 2019—but we won’t necessarily know it is a hack. Electric grids, traffic control, chemical plants, bridges, railways, etc. have increasingly taken advantage of computerized control. These systems connect a network of telemetry and actuators to a central control system that allows fewer and fewer operators to manage increasingly complex systems. But as it goes with most software, layers are built on top of layers, and some of these layers are starting to show their age.
In fact, the hardware that underlies these ‘SCADA/PCS’ systems is often designed to function for decades, rarely receiving updates or improvements to bring them in line with modern encryption and authentication practices. Although most of these systems are harder to hack because they use proprietary protocols, we are seeing more and more used devices hit the market, making them readily accessible for hackers to study and break into.
Several sophisticated attacks against infrastructure control systems have already been observed, but so far none of them have had a significant negative impact on our lives. In 2019 we are likely see the first major failure of a widely used infrastructure due to a cyber attack. The flip side of the coin is that we might not realize for a long time that the failure is a result of an intrusion, as our ability to monitor and investigate these systems is still in its infancy.
2. More companies playing proactive defense
Security operations will migrate from “detect and cleanup” to “proactive defense.” Nowadays there are very few business functions that do not rely on the IT infrastructure. And there is not a week that goes by without a security compromise announced by a major enterprise. Data leakage is a major problem that has a profound impact on businesses in terms of customer trust, investor confidence, as well as internal daily operations—and not to mention putting the jobs of CEOs and CTOs on the chopping block. But most of all: the cleanup is expensive!
For decades, enterprises have been eagerly deploying preventative mechanisms, but these are fairly static in nature. From password policies to next-gen firewalls, a crafty attacker will eventually find a way around them. So they are necessary but insufficient for dealing with an evolving and intelligent threat. More and more enterprises are therefore starting to understand that a more pro-active approach to security needs to accompany their existing preventative mechanisms.
In 2019 we will see a record number of businesses deploying cyber threat hunting capabilities. Cyber threat hunters actively search the IT infrastructure for malicious activity. Instead of waiting for an alarm to be raised, they start with the unproven assumption that the hackers already got in, and search for evidence. By deploying human cyber threat hunters, and giving them access to logs, packets, flow, and endpoint data across the enterprise, these businesses will be taking a proactive approach to defending their network, before their most sensitive data is stolen.
3. Stranger danger
Individual components will increasingly be used as an attack vector. This one might appear obscure, but: the components from which your laptop computer and IoT devices are built have become increasingly powerful. For example, the controller on a hard disk drive is in itself a small computer running a computer program. The mainboard of an average server contains dozens of individual processing elements, all of which are vulnerable to compromise or subversion. What is worse, is that recently it has been suggested that manufacturers of these components may be untrustworthy, leading to the question: Even if our software is secure, can we trust the underlying computing system? And how can we be sure that our cloud providers are trustworthy?
As uncomfortable as this is, we will see this trend continue in 2019. Computers are complex and no supplier can ever completely remove the doubt that their components have not been subverted somewhere down the supply chain. What we can do, however, is simply assume that at some point a system or component will be compromised, and carefully watch the network traffic in and out of our devices. Security must always follow an in-depth strategy, where we recognize that no individual piece can ever be perfectly secure. But by carefully allocating our resources, we may reach a point where we catch the majority of the problems early.
4. Hackers up their game
Security attacks will become more confusing. Ultimately, security is a human problem. Although we still see many poor password choices, vulnerable applications and badly designed network defenses, more and more cyber attacks rely on tricking the user to let the hacker in. Through phishing emails, malicious phone apps, crafty links on fake websites, even scam phone calls, the user is unintentionally inviting the bad guys in. Many businesses have responded by instituting cyber security awareness training, teaching their teams to be wary of this treachery.
In response, hackers have become much more crafty in tricking the user. In 2019 we will see this trend continue, and the ways in which compromises happen will become more confusing. Techniques such as spear-fishing will become more targeted. Spear-fishing uses key pieces of knowledge about an individual that tricks them into believing that they are communicating with someone they know and trust. Unfortunately, as we continue to place so many of our personal details on the internet for all to see, hackers can mine our Facebook, LinkedIn, and Instagram to craft compelling spear-fishing messages that appear to come from close friends. This in turn, tricks the user into clicking, downloading or otherwise letting the bad guys in.
Besides education, our best line of defense is an in-depth defense, where we proactively monitor endpoints as well as the traffic traversing the network and try to discover subverted user accounts through analysis of host and user behavior.
5. Laws closing in on cybercriminals
More hackers than ever will go behind bars. As things go: technology outpaces legislation. But we have recently seen a solid amount of legislation in many countries that enable authorities to prosecute cybercrimes. In 2018 several hackers received hefty decade-long jail sentences for various cybercrimes, including DDoS attacks. And many more high-profile cases are currently ongoing, ultimately resulting in more jail time for the offenders.
Considering how crippling a cyber attack, data leak or identity theft can be, it is understandable that these crimes are punished. Hacking computing systems can be fun and educational, but deliberately doing damage is a personal choice made by an individual—much like choosing to rob a bank. In 2019 we will see a further rise in jail time for those choosing to use their skills for ill gain.