The 2019 Cybersecurity Rallying Cry

“Has anyone seen Gary?” the CEO asks, looking around the expanse of the conference table.

It’s the first meeting back after the winter holidays. The seasonal cheer now replaced with the practical realities of the new year. On the meeting agenda, company priority setting departmental overview for 2019. Next up, a report from the IT executives.

“Gary? Anyone?” Heads shake. Eyebrows are raised.

A streak of plaid whooshes down the corridor dividing the conference room from the cubicles. Gary, white dress shirt sleeves cuffed to the elbows meaning business, tie flipped over his shoulder, and rocking a kilt no one knew he owned, barges into the conference room. His face masked with blue war paint under his bi-focal glasses. With some difficulty, Gary maneuvers himself to standing on the conference table. He knocks over Kathy-in-HR’s green, healthy resolution smoothie in his haste.

He thrusts his laptop into the air above his head shouting, “They may take our lives, but they’ll never take our information!” 

The CEO looks up from her laptop. “Seriously, Gary? Maybe you’re taking this cybersecurity resolution thing a little too far.”

Maybe Gary is, or maybe Gary has the right idea invoking the spirit of William Wallace. 

Last year cybersecurity breaches hurt Gary and the company he’s employed to protect. They weren’t alone. Canadian organizations were attacked, on average, 455 times last year (yes, more than once daily). With an average expenditure of $3.7 million incurred per institution in direct and indirect recovery costs from breaches, protecting against cyber threats is serious business.

Gary’s got the right idea for 2019.

It’s time to rally the troops, fortify your fortress and arm your company against cyber threats. As Benjamin Franklin said, “By failing to prepare, you prepare to fail.”

The best preparation to outsmart cyber adversaries is to know the enemy. Or, even better, to hire a security solutions provider who knows the enemy and how to protect you from them. What are some of the biggest cybersecurity threats that Canadian organizations are facing in 2019? While the cyber threat landscape continually evolves and adversaries discover new means of attacking, here are some predictions:

Ransomware continues to wreak havoc

By now ransomware is a known enemy. For many years, it has infected and blocked files, holding data and network access for ransom. The good news is that the recent trend of ransomware tapering off will continue as attackers find new ways to make money. Kaspersky states that the number of users who experienced ransomware attacks in 2017-2018 fell almost 30 percent from 2016-2017. That doesn’t mean ransomware goes away. Instead, the attacks will be larger-scale and targeted, like the SamSam attacks occurring in the US. It also leaves room for new cyber-scams to keep IT security on its toes.

Cryptojacking the infectious criminal money-maker

The decrease of ransomware means the increase of cryptojacking and related schemes. Kaspersky listed a 44.5 percent increase in the number of users cryptomined in the last year. The criminal element sees cryptojacking as a get-rich-quick opportunity. An outpouring of handy cryptomining malware tools suggests that attacks will be plentiful and that cyber-delinquents don’t need to be overly skilled in the technical department to be successful.

Spear phishing in personal data waters

Almost every fruitful cyber-attack starts with a phishing scheme. Spear phishing is growing more specific and therefore more effective, and in many ways, far creepier. The more the phishermen know, the more they can target you, making you the proverbial fish in a barrel. One of the trends in spear phishing is for the attacker to access an email system, then they sit back lurking and learning. The attacker then uses the information they’ve obtained, and the established trust between you and those you communicate with as leverage for their attack.

CSO contributor, Roger Grimes illustrates a terrifying real-estate phishing scheme. Grimes says, “The hacker breaks into the mortgage lender’s (or title agent’s) computer and takes note of all the upcoming pending deals and their closing dates. Then the day before the mortgage agent would normally send out an email telling the client where to send the closing money, the phisher uses the mortgage agent’s computer to beat them to the punch. The unsuspecting client wires the money, which is rarely recovered, and ends up losing the house (unless they can come up with another substantial closing payment, which most can’t do).”

Spear phishing will continue evolving beyond email in 2019, with hackers using text messaging, phone calls and social media to ensnare their prey.

The sky is the limit when threatening the Cloud

Cloud computing, with its recovery ability, agility, and economic value, offers many advantages from on-premises computation and storage. The Cloud has revolutionized how we conduct business, allowing for more tailored applications and storage solutions and remote computational abilities. The downside, hackers see that the sky is the limit. The Cloud means new cyber-security threats that must be addressed differently from on-premises security. Protecting your cloud starts with secure migration. But the secured movement of data is challenging to achieve as cloud migration is vulnerable on so many fronts. As cloud technologies continue to revolutionize both business and personal spheres in 2019, there will be a correlating increase in attacks against it.

Cyber threats are hiding in the Shadow IT

Everyone does it. Well, almost everyone. In a survey conducted by McAfee, 80 percent of respondents admitted to using unsanctioned SaaS applications on the down-low at work. In some cases, a whole department or team reported using the same app. Most organizations are oblivious to the actual range of shadow IT usage amongst employees. A Cisco survey of CIOs showed that respondents estimated that employees in their organization were using an average of 51 cloud services. In reality, the average was 730.

That’s a lot of unmonitored, unprotected technology being introduced inside a company’s technological infrastructure. Employees, for the most part, are using shadow IT apps to better their work performance or to collaborate better. In this case, their good intentions are unwittingly putting out the welcome mat for cyber-attacks.

In defense of behind-the-scenes OT systems

Often the operational technologies systems that hide behind the industrial curtain are left out of the cyber-security conversation. But the equipment and systems that are keeping factories, critical infrastructure and mining operations powered are increasingly targeted by cyber threats. When these systems are attacked, it incapacitates business operations and potentially threatens the health and safety of employees and the general public.

The prediction for 2019 is that with the widespread availability of hacking tools online, inexperienced attackers will improve at hacking into OT networks. Also, increasing cyber-dependence means that critical infrastructure attacks will be more difficult to prevent.

Nationwide cyber threats are predicted to significantly increase in 2019, especially those that target essential infrastructure. Mike McKee, ObserveIT CEO, says that “State-sponsored threats and high-level hackers are constantly looking to gain access to the critical infrastructure of nations worldwide, with the intent of hitting some of our most valuable systems (national security, public health, emergency communications, and more).”

Expect attacks.

Prepare for breaches.

Instead of painting your face and slipping into a kilt like Gary, talk to an ISA Security Advisor about security solutions specific to Canadian businesses to fortify your fortress before it’s too late.

NEWSLETTER

Get exclusively curated cyber insights and news in your inbox

Related Posts

Contact Us Today

SUBSCRIBE

Get monthly proprietary, curated updates on the latest cyber news.