Seven cyber threats to watch out for in 2019

  • January 07, 2019

With cyber security systems constantly shifting and cyber attackers shifting with them, threats come from new directions all the time – whether they’re variations on perennial cyber nuisances such as phishing, malware and ransomware, or plucked from a deep, dark corner of cyberspace. Here are a few of the major cyber threats we’re expecting to see in 2019.


Phishermen are increasingly realising that there’s little point casting out a huge net in the hope of catching anything and everything. Or in other words, sending the same email to hundreds of employees of all levels, for limited reward. So instead, they’re increasingly trying their hand at whaling: high-value phishing attacks targeting CEOs, CSOs, CFOs and anyone else with a company credit card. After all, it’s easy enough to find out a CEO’s contact details from Google – and the rewards are so much greater. Watch out for harpoons.

The smash and grab

By targeting websites with high-value, high-volume transactions, hackers will only need to pull off a handful of e-heists in order to make huge gains. Exploiting a loophole in an organisation’s web infrastructure, hackers inject a sneaky bit of code that allows them to snatch data while transactions are in progress. These attacks are the epitome of opportunism: silent, swift, on-the-fly. They’re the cyber equivalent of performing a train robbery between stops. In September 2018, hackers used such an attack to steal the credit card details of 380,000 BA customers.

Organisations don’t just need to think about protecting their web infrastructure, but also testing the security of their live transactions through transaction stack security.

The perilous plug-in

There’s talk of a rise in USB-based attacks, with hackers infiltrating organisations’ endpoints using USB mechanisms that bypass blocking and security systems. One of the more famously disruptive examples of recent years came in the form of Stuxnet. A malicious computer worm which targets SCADA systems, Stuxnet is believed to have harmed Iran’s nuclear programme after someone found a random USB lying suspiciously around the carpark...and made the mistake of plugging it in.

Abuse of privileged access

With a lack of privileged access management (PAM) in many organisations, particularly SMEs, there’s almost an open invitation for cyber criminals to target an entire market. If administrative rights in a firm have been configured so that the user can access the whole network, and the firm doesn’t have the security in place to prevent code executing itself at that level, hackers will have free reign to cause some serious damage.

The weakest link

Many organisations are affiliated to dozens or even hundreds of third party suppliers. That’s a lot of bases to cover. So cyber attackers will increasingly probe organisations’ networks, hoping to gain access to their data via a supplier who’s connected to their corporate systems.

Organisations need to ensure not only that they’re protected, but that their partners and supply chain are protected too – along with any information that passes between them. Automated testing can reveal what data’s available to the public and identify holes in the infrastructure, so organisations can see where their suppliers need to improve.

Cloudy permissions

Too many organisations do not control who and what has access to the cloud service. It’s easy enough to set up a new user in a number of different cloud services, but it can become difficult to keep track of things when someone changes roles or leaves the company. Without the right restrictions or basic governance in place, users can often access sensitive data through their username and password. Organisations will need to keep a close eye on their users’ individual access and permissions to ensure the right user is accessing the right data with the right device.

The hidden door

Connection brings convenience. But it can also bring chaos. Hackers are increasingly getting into corporate networks by targeting unprotected “internet of things” devices such as air conditioning systems, CCTV and…fish tanks.

Nicola Eagan, CEO of cyber security firm Darktrace, recently revealed that hackers had stolen thousands of data entries from a casino’s high-roller database after gaining access to the network via the thermometer of a fish tank in the lobby. With this kind of access now a growing problem, there are calls for new laws outlining minimum security standards for internet of things devices. These days, you almost need eyes in the back of your head.

It’s all very well having the right security software in place. But as we move through 2019, the key for organisations will be to arm their users with effective cyber security training. As cyber criminals look for new angles, as cyber threats continue to come from every conceivable direction – and a few that aren’t so conceivable – an educated workforce will be far more equipped to meet the cyber security challenges of the future.

If you’re an employer looking for the right cyber security talent or you need advice on how to protect your business from cyber threats, we’d be happy to talk to you. If you’re a job seeker looking for your next great cyber security job, we’ve got access to the best opportunities on the market. Speak to one of our experts now.




Information Security Practitioner

Blackthorn Trace are working with a regulatory body within the Energy market, we're looking for an experienced manager to oversee the maintenance of their ISO Accreditations, managing internal and external audits in line with company policy.

Key skills:

  • Experience of proactively managing the internal and external assurance processes to ensure ongoing Accreditation of ISO9000, ISO27001 and ISO14001 with an external audit (BSI).
  • Maintenance of corporate customer-facing processes to ITIL standards
  • Fully conversant with GDPR and related risks
  • Implementing and managing processes and improvements in a multi-vendor environment
  • Ability to research and maintain best practice in quality management
  • Experience of carrying out external audits of customer's alignment with agreed process
  • Influencer with gravitas to gain senior management buy-in
  • Experience with developing processes to be used with technical services, including data services using personal and sensitive data
  • Analytical and problem-solving skills
  • The ability to facilitate change
  • Persistence and the ability to influence others
  • A strategic approach to work

Desirable Knowledge and Experience:

  • Understanding of the Energy market in the UK
  • Working with external service providers and vendors
  • Experience in managing IT Projects
  • Energetic self-starter who commands respect of colleagues

Blackthorn Trace, trading name of Huntress Search Ltd, acts as a Recruitment Agency in relation to all Permanent roles and as a Recruitment Business in relation to all Temporary roles.

PLEASE NOTE: We can only consider applications from candidates who have the right to work in the UK.

Cyber Security Manager

Location: London | Division: Defensive | Work Type: Perm | Reports to: Director

We are working with global software and cloud hosting solutions provider, supporting them to build a brand-new, best in class Cyber Security function that sits within a tech team of over 50 people.

As a Cyber Security Manager, you will report to the Director. Your primary responsibilities will include the creation and implementation of the Security RoadMap, Incident Response, mitigating threats, implementing security controls and working with the cloud team to maintain a 24/7 x security program.

As this is a brand-new position within the company, you'll have the flexibility to shape what Cyber Security looks like.

Duties and responsibilities include:

  • Creation, implementation and improvement of security toolings
  • Monitor the security infrastructure for potential threats, escalation and remediation
  • Assist with ticket logging and report writing
  • Incident Response and threat hunting (L3 or P1 Issues)
  • Work alongside 3rd party penetration testers
  • Documentation creation IAW policies and standards
  • OS Hardening (Windows and Linux)
  • Working with and creating GPO's (Group Policy Objects).
  • Dealing with Key Stakeholders in the business.

Additional skill sets:

  • Knowledge of scripting languages
  • Knowledge of cloud-based solutions
  • ISO27001 knowledge
  • The ability to help create company road maps
  • Penetration testing and vulnerability scanning using Nessus and other tools
  • Windows and Linux knowledge

This is a unique position for a Cyber Security Lead to come in and head up the creation of a next-generation security function.

Blackthorn Trace, trading name of Huntress Search Ltd, acts as a Recruitment Agency in relation to all Permanent roles and as a Recruitment Business in relation to all Temporary roles.

PLEASE NOTE: We can only consider applications from candidates who have the right to work in the UK.