With cyber security systems constantly shifting and cyber attackers shifting with them, threats come from new directions all the time – whether they’re variations on perennial cyber nuisances such as phishing, malware and ransomware, or plucked from a deep, dark corner of cyberspace. Here are a few of the major cyber threats we’re expecting to see in 2019.
Phishermen are increasingly realising that there’s little point casting out a huge net in the hope of catching anything and everything. Or in other words, sending the same email to hundreds of employees of all levels, for limited reward. So instead, they’re increasingly trying their hand at whaling: high-value phishing attacks targeting CEOs, CSOs, CFOs and anyone else with a company credit card. After all, it’s easy enough to find out a CEO’s contact details from Google – and the rewards are so much greater. Watch out for harpoons.
The smash and grab
By targeting websites with high-value, high-volume transactions, hackers will only need to pull off a handful of e-heists in order to make huge gains. Exploiting a loophole in an organisation’s web infrastructure, hackers inject a sneaky bit of code that allows them to snatch data while transactions are in progress. These attacks are the epitome of opportunism: silent, swift, on-the-fly. They’re the cyber equivalent of performing a train robbery between stops. In September 2018, hackers used such an attack to steal the credit card details of 380,000 BA customers.
Organisations don’t just need to think about protecting their web infrastructure, but also testing the security of their live transactions through transaction stack security.
The perilous plug-in
There’s talk of a rise in USB-based attacks, with hackers infiltrating organisations’ endpoints using USB mechanisms that bypass blocking and security systems. One of the more famously disruptive examples of recent years came in the form of Stuxnet. A malicious computer worm which targets SCADA systems, Stuxnet is believed to have harmed Iran’s nuclear programme after someone found a random USB lying suspiciously around the carpark...and made the mistake of plugging it in.
Abuse of privileged access
With a lack of privileged access management (PAM) in many organisations, particularly SMEs, there’s almost an open invitation for cyber criminals to target an entire market. If administrative rights in a firm have been configured so that the user can access the whole network, and the firm doesn’t have the security in place to prevent code executing itself at that level, hackers will have free reign to cause some serious damage.
The weakest link
Many organisations are affiliated to dozens or even hundreds of third party suppliers. That’s a lot of bases to cover. So cyber attackers will increasingly probe organisations’ networks, hoping to gain access to their data via a supplier who’s connected to their corporate systems.
Organisations need to ensure not only that they’re protected, but that their partners and supply chain are protected too – along with any information that passes between them. Automated testing can reveal what data’s available to the public and identify holes in the infrastructure, so organisations can see where their suppliers need to improve.
Too many organisations do not control who and what has access to the cloud service. It’s easy enough to set up a new user in a number of different cloud services, but it can become difficult to keep track of things when someone changes roles or leaves the company. Without the right restrictions or basic governance in place, users can often access sensitive data through their username and password. Organisations will need to keep a close eye on their users’ individual access and permissions to ensure the right user is accessing the right data with the right device.
The hidden door
Connection brings convenience. But it can also bring chaos. Hackers are increasingly getting into corporate networks by targeting unprotected “internet of things” devices such as air conditioning systems, CCTV and…fish tanks.
Nicola Eagan, CEO of cyber security firm Darktrace, recently revealed that hackers had stolen thousands of data entries from a casino’s high-roller database after gaining access to the network via the thermometer of a fish tank in the lobby. With this kind of access now a growing problem, there are calls for new laws outlining minimum security standards for internet of things devices. These days, you almost need eyes in the back of your head.
It’s all very well having the right security software in place. But as we move through 2019, the key for organisations will be to arm their users with effective cyber security training. As cyber criminals look for new angles, as cyber threats continue to come from every conceivable direction – and a few that aren’t so conceivable – an educated workforce will be far more equipped to meet the cyber security challenges of the future.
If you’re an employer looking for the right cyber security talent or you need advice on how to protect your business from cyber threats, we’d be happy to talk to you. If you’re a job seeker looking for your next great cyber security job, we’ve got access to the best opportunities on the market. Speak to one of our experts now.