2019 Cyber Security Predictions: The Journey Continues
By the time the end of the year comes around, the security industry takes a moment to look at what’s happened and compares it to years prior to that. Each time, the number of data breaches increase, and the depth and level of attacks become more sophisticated. As readers, onlookers and security practitioners, we have nearly become desensitized to this type of news. Annual security reports from industry leaders in the network and perimeter space, to application security, warn and remind us all, that 2018 has been brutal. And as each year shows us, the pattern is likely to continue.
Before midnight on December 31st, let’s look at what some of our experts see as most likely to happen in 2019 and beyond.
New Zero Trust Models
“As companies become more astute with data-centric security as the norm, we will see a shift of focus from perimeter-based approaches to security, to an even greater focus on user entitlements and access. The perimeter as we know it is dead and the rise of access entitlements and defensible auditing will become the new norm, to ensure data integrity.”
– Bert Grantges, VP of Solutions Engineering, VERA Security
Artificial Intelligence Will Be Used for More Sophisticated Attacks
“We often hear that artificial intelligence (AI) will increase the effectiveness of security solutions, however, the opposite is also true. Hackers can and have already started using AI to automate their efforts, poisoning machine learning algorithms, and using it in the creation of malicious executables.”
– Adnan Dakhwe, Head of Security and Compliance, VERA Security
More DevOps Data Breaches
“Both 2017 and 2018 gave us two massive breaches that brought DevOps even more into the spotlight – the Equifax breach and most recently, Kubernetes. The Equifax breach, which exploited the Apache Struts vulnerability, exposed the personal identifiable information (PII) of hundreds of millions of people. And just a few weeks ago, the first major security vulnerability in Kubernetes (CVE-2018-10022015) was announced. The flaw could allow a hacker to remotely steal data, crash applications and even bring down entire production infrastructure stacks. DevOps is great for speed, automation, and scale, but along with it all comes a vastly increased attack surface hackers are eager to exploit. Unfortunately, the DevOps hacks we’ve seen to date are just prologue to the much larger tsunami to come.”
– Ajay Arora, Co-Founder and Chief Strategy Officer, VERA Security
Data Breach in the Cloud
“Many companies are taking advantage of everything that the Cloud has to offer. More storage (sometimes, unlimited), less cost, not having to build and maintain massive, onsite datacenters to house information. But the Cloud has some risks—compliance violations, loss or theft of intellectual property, and loss of control over end-user actions. Consider just how much private data potentially resides in Amazon Web Services (AWS) alone. According to Kaspersky, ‘Two out of three of the most expensive cybersecurity incidents affecting SMBs are related to the cloud, where third-party hosted IT infrastructure failures bring an average $179K loss.’ The problem is, deploying something like a CASB as another perimeter or extended security arm to put yet another layer on the cloud, might not be the best approach. You still need to protect the data. And after witnessing large breaches in the DevOps space (which uses Cloud much of the time), I think we’ll see more hackers try to break these perimeters as well.”
– Chuck Holland, Director of Product Management, VERA Security
Car Hacking Might Kill People
“My Audi has “lane assist”. It’s essentially a feature that allows you to sit back and let the car drive. I tried it one day driving up highway 680 toward Pleasanton. It literally just took the wheel, sensed where the lanes were on the freeway and drove unassisted for about 10 miles. Of course, I watched it like a hawk, and after I reached my destination and thought about it, I was a little freaked out. After all, hacking cars has been proven. Tesla has been hacked from miles away, interfering with their electronic features. I say, prepare to see more car hacking, and potentially some bad consequences.”
– Jessica Marie, Director of Product Marketing, VERA Security
As we come into the new year, it will be interesting to see what new attacks surface, and how the industry responds. My bet is that the experts at VERA nailed it.