Some Cybersecurity Predictions: 2019

Some Cybersecurity Predictions: 2019

So, 2018 has come to a close and now it’s time for all the Cybersecurity experts (like Rudy Giuliani) to share their predictions for the coming year. Not to be outdone, I am sharing mine as well but I have two categories of predictions.

The first is the “No Brainer” in which you’ll find the predictions a blind squirrel could make and be right 100% of the time. The second category is the “On A Limb” branch, where you will find predictions with which almost no one else in the community would publicly agree.

So, first – here’s the no-brainers:

We will see more reported breaches than we saw last year, while the value of the stolen data will be higher than ever.

Financial Services, Legal and Healthcare will lead the breach parade.

GDPR will get very real and assess much higher and many more penalties and fines than last year.

More U.S. states will pass and implement GDPR/NYDFS-look-alike cybersecurity legislation, yet they will provide an inordinate amount of time for businesses to come into compliance.

Undetectable lurking e-mail system spear-phishers will become the norm, increasing the difficulty to depend on trusted relationships, which will in turn critically impact global financial transactions.

Facebook will continue to abuse data privacy laws and fully embrace its role as the most evil social media platform ever, while continuing on its downward spiral toward its final cessation as a business by 2020.

Citizen surveillance in the U.S. will increase dramatically providing Facebook some temporary cover.

Google will avoid social prosecution for similar crimes because, well, we can’t live without it, can we?

We will spend more money here in the U.S. and globally than ever before on cybersecurity defense.

Windows 10 may finally become “secure” as the result of the long-awaited ATP causing enterprises to make a MS decision over RedHat.

Our electrical, transportation, water, or communication infrastructure will experience several probative cyber-attacks.

Researchers will continue to demonstrate that autonomous vehicles can be hacked and explain how operational control can be taken over by attackers.

Autonomous vehicle development will continue, but at a faster pace than last year.  

Experts will warn about the risks inherent in our IoT fabric and publish details about specific threats to the industrial manufacturing and energy sectors.

The industrial manufacturing and energy sectors will continue to ignore the warnings.

The RSA Cybersecurity conference will set records in attendance, exhibitors, speakers and keynotes.

Rudy Giuliani will tell us again that he “is this close” to solving the cybersecurity problem.

The U.S. will still not appoint a Cybersecurity Czar.

Congress will continue to misunderstand even the simplest technological issues and legislation will continue to ignore cybersecurity as a National Security Threat.

There will be more cybersecurity technology solutions based in AI and ML than ever before and each one will be the end-all for protecting information assets against cyber-threats.

Voter fraud will continue, and we will not replace our voting system infrastructure.

The economic gap between attacker and defender will widen as exploit kits and hacking-services become more readily available and even cheaper on the dark-web, while companies will spend more on cyber-defense than last year.

The educational dynamic will be underscored as Iran, North Korea, Russia, and China continue to invest in cybersecurity education and training at the high school level while cybersecurity programs in the U.S. University system crawl along at a snail’s pace.

The information chasm will become broader as global attackers become more sophisticated at masquerading their origins while U.S. government agencies continue to hoard intelligence that would make businesses less vulnerable to attack.

The technology differential will continue to widen as the U.S. falls further behind China in the development of Quantum computing and Applied Artificial Intelligence.

The cybersecurity “skills gap” will continue to increase and will continue to be used as excuse number one (right ahead of budget) when breaches occur.

The job descriptions for cybersecurity professionals will continue to exceed anyone’s ability to satisfy the requirements, contributing to the expansion of the “skills gap”.

In spite of toothy regulatory requirements, company boards will continue to ignore their personal and professional liability as well as their fiduciary responsibilities to understand what’s going on from a cybersecurity point of view inside their businesses.

Only the very best CISOs will invest in the necessary communication education and training to prepare them for effective presentations to non-technical audiences, like their corporate boards of directors.

A greater percentage of businesses will fail to implement consistent and repetitive cybersecurity education and awareness training for their employees.

Human error will lead the list of causation for cybersecurity attacks.

The SIEM/SOC market will grow at less than 5% and the vast majority of small and medium sized businesses who are now the most vulnerable to cyber-attacks will implement neither a SIEM nor a SOC in 2019.

Open-source will increasingly expand as an attack target for bad-guys looking to penetrate the software supply-chain as well as legacy applications, causing appsec to finally develop as a “thing”.

Machine Learning will become embedded in SOC tools and finally be available for useful threat hunting, but with a slow growth SOC market, we will be no closer to effective threat hunting than we were last year.

Cryptojacking will replace Ransomware as the hottest attack vector.

Data manipulation will replace data privacy as the leading threat category that concerns most consumers as we will begin to see the results of historic account manipulation at commercial banks and the increased distrust of traditional banking institutions that follows.

Now, let’s go out on that limb.

There will be an increase in cyberattacks on ultra-vulnerable home networks and IoT devices targeting sensitive data in transit which will lead to the largest theft of personal credit card and banking information in history.

The impact of the (alleged) supply chain attack by U.S. agents of the Chinese government (Supermicro) will continue to expand as new revelations are discovered and hard evidence surfaces of the intentional seeding of modifications into the core processors of almost every U.S. computer and server in use at the U.S. Federal government operational level.

U.S. businesses will continue to ignore third-party, supply-chain and basic cybersecurity hygiene threats resulting in a historic level of preventable cybersecurity attacks and corporate data breaches.

Continued “trade negotiations” with China will result in an unattributable demonstration of China’s technological superiority through a minor but serious attack on one of our critical infrastructure sectors.

Russia and Iran will join in separate demonstrations and the U.S. response will result in massive global destabilization and a recessionary and rapid decline of global financial markets amplified by algorithmic trading.

International equity markets will not re-open for historically significant extended periods.

Twice as many of the biggest and most trusted brands will fall victim to cyber-attacks in 2019 increasing the number of - Amazon and Facebook (and Facebook, and Facebook, and Facebook), Macy’s and Kmart, Delta Airlines and Cathay Pacific, Adidas and Under-Armour - celebrity casualties of 2018 to 16 brands next year.

An attack on our commercial air transportation system will expose the coordination vulnerabilities in our current resiliency planning. This cyber-attack will target pilot flight planning software or baggage handling systems and prevent the resumption of normal airport operations resulting in a week’s long disruption of commercial jet travel internationally.

The expanding 5G network will increase the threat landscape in 2019 by providing the ability to back-up and transmit massive volumes of data easily to cloud-based storage, presenting attackers with rich new targets.

I could go on, but this is depressing enough.

Maybe I’m wrong. There is always a chance that business, government and infrastructure providers will accept the reality that data breaches and cyber-attacks are both probable and expensive and that we aren’t doing a very good job of preventing them, detecting them or protecting our assets against them.

There is always that chance.

Then there is always a chance that once having accepted the reality, they will do something rational toward addressing the problem.

There is always that chance as well.

Regardless, let’s all go out and have a great and happy 2019 anyway. I mean, what the hell, right?


 


Darren Chapman

Experienced and accomplished Cyber & Information Security Consultant, trainer, fractional CISO and business owner.

5y

Nice article, if, as you say, a little depressing! Nothing in there that seems unreasonable in terms of prediction IMHO.

Like
Reply

To view or add a comment, sign in

More articles by Steve King, CISM, CISSP

  • Connected Device Security: A Growing Threat

    Connected Device Security: A Growing Threat

    Many cybersecurity analysts have warned of the rapidly emerging threat from an expanded IoT space. And as you have…

    3 Comments
  • China’s Ticking Time-Bomb.

    China’s Ticking Time-Bomb.

    It should now be clear to even the casual observer that China has been spying on us for years and stealing reams of…

    7 Comments
  • Comparing Major Crises To COVID-19: A Teachable Moment

    Comparing Major Crises To COVID-19: A Teachable Moment

    Lessons from past financial crises might prepare us for the long and short-term effects of COVID-19 on the economy and…

  • The Escalating Cyber-Threat From China

    The Escalating Cyber-Threat From China

    A Modern-day Munich Agreement In an article penned back in May of 2015 in a policy brief published by the Harvard…

    1 Comment
  • Cybersecurity: Past, present, future.

    Cybersecurity: Past, present, future.

    We have made a flawed assumption about cybersecurity and based on that assumption we have been investing heavily on…

    15 Comments
  • Three Marketing Tips for Improved Conversion Rates

    Three Marketing Tips for Improved Conversion Rates

    While we are all devastated to one degree or another by this outbreak and with the knowledge that it will likely change…

  • Coronavirus in the Dark.

    Coronavirus in the Dark.

    So, yes. It is now very clear that the outbreak of the COVID-19 virus and the concomitant investor panic leading to a…

    13 Comments
  • Panicky Investors Issue Dire Warning On Coronavirus

    Panicky Investors Issue Dire Warning On Coronavirus

    Sequoia Capital just issued a dire warning to its portfolio companies. “Coronavirus is the black swan of 2020.

    5 Comments
  • AI in Cybersecurity? Closing In.

    AI in Cybersecurity? Closing In.

    "AI Needs to Understand How the World Actually Works" On Wednesday, February 26th, Clearview AI, a startup that…

    8 Comments
  • Do CapitalOne Shareholders Have a Case Against AWS?

    Do CapitalOne Shareholders Have a Case Against AWS?

    An adhesion contract (also called a "standard form contract" or a "boilerplate contract") is a contract drafted by one…

    1 Comment

Insights from the community

Others also viewed

Explore topics