2019 Cybersecurity Predictions – From an IT Support Company’s perspective

StuartIT News, IT Security

You’ll have probably read the Forbes 2019 predictions, or the Symantec predictions, or the Malwarebytes, or Webroot, or FireEye… but which ones are the most likely? Which ones are going to cause you and your business the most pain and downtime? We’ve published below a list of what we believe to be the most likely issues a business will face in terms of Cyber Security in 2019.

Remember: there’s no magic mirror or crystal ball we can use to determine what’s going to happen. The best course of action you can take is still preventative. Maintain a secure and regularly patched network, protect your endpoints as well as your perimeter, and make sure you put in some time to train your staff on best practices. Lastly, back your sh*t up. Don’t just save it to “the cloud”. Put a comprehensive Disaster Recovery Plan into action.

Your Disaster Recovery plan should include what you do to replicate your business data, how you recover your business data, how long it takes, and where you’re recovering to. You should test it at least once every few months (if not more). Understand the cost of downtime to your business. If your online backup platform is going to take you 7 days to download the business data and rebuild your server, is that acceptable to you? You already know the answer to that one.

Anyway, we digress! On to our predictions!

High-profile businesses are going to be compromised more regularly

The most recent high-profile company to fall to its knees on their Cyber cleanliness is Marriott and Starwood. But it didn’t stop there. Saks, Lord & Taylor had 5 million records breached. PumpUp lost 6 million records. Sacramento Bee lost 19.5 million. Ticketfly, 27 million. Facebook lost over 87 million (and probably a hell of a lot more) records. 92 million records disappeared out of MyHeritage’s systems, followed by Under Armour losing 150 million records.

Notice a trend? It’s not that there are more records being lost (although, that’s the case and if we were playing Only Connect, I’d have to give a point). It’s that these breaches are happening more and more regularly to business that should be doing a better job at keeping their network secure.

Disaster Recovery is going to become a necessity, not a differentiator

British Airways learned the hard way when its systems fell flat on its arse when a technician allegedly disconnected a power supply at one of their data centres and when reconnected caused a power surge that wiped out their critical infrastructure for over 75,000 passengers.

So keeping in mind human error being at play, what lessons were learned?

  • Human error happens regularly
  • It can cause widespread issues
  • It’s not the only factor that could bring your business down
  • You must have a plan of action that lets you recover quickly to avoid your clients walking to your competitor

Some of our clients have already noticed the Disaster Recovery questions working their way into their Client “Supplier Approval Questionnaire” sheets. They’re being made to prove they have DR facilities in place. Not just data backups, but a full blown documented procedure for what to do (and in some cases where to go!).

IoT botnets are coming to an incident near you

We saw a massive increase in MicroTik routers being hacked to work at the behest of coin miners. Without their owners knowledge or permission these miners were able to passively use the resources of the routers to mine coins. Don’t think for a second these hackers are manually looking for devices to compromise. They’re automating it. They’re running a scan on the internet and with minimal effort on their side taking over these devices and using them for their own desires.

The above is simply one example of an Internet of Things device being compromised, and it’s just a slither of what’s to come in the new year. As more hardware goes online, more hardware is left un-patched, and more automated attacks will compromise them.

Hackers have seen the value in avoiding detection

WannaCry and the likes of similar ransomware attacks took advantage of letting the user know they’d been hit, and demanded action from them. The new wave of attacks are going to stay hidden, like that pen at the bottom of your handbag you just know is there.

Crypto-miners can be deployed, data can be sold easily, and hackers know that by lying low on your network over a long time, they’ll get much higher Return on Investment (so to speak).

And don’t get us started on hackers gaining access to your Amazon Alexa or your Google audio devices.

2-Factor-Authentication will finally be deployed ‘as standard’

For the love of all that is IT, please deploy 2FA. Are you running Google Apps? Office 365? Xero? Or any other online service that supports 2FA? Please go and deploy it now. If your IT Support company hasn’t already suggested a plan to deploy it, go and chase them up.

2FA is the easiest way to secure your systems with the most minimal effort but maximum gain. Lost your password? Using your password elsewhere? Yeah, it’s not great, but at least 2FA stops that immediate breach and should hopefully alert you (or you’ll have someone auditing your logs for that kind of thing, right?).