The Year Ahead: CyberArk’s Top 2019 Cyber Security Predictions

save
Share and earn Cybytes
Facebook Twitter Google+ LinkedIn Email

Cyber security’s 2018 megatrends and myriad emerging threats have created the perfect storm for a tumultuous 2019. From never-before-seen attacks on newly engineered biometric markers and the broad embrace of blockchain, to expanded risks posed for “new” critical infrastructure and the transfer of trust, organizations must look to the threat horizon, and accelerate and collaborate to out-innovate and out-maneuver the attackers.

As we head into 2019, here are five security predictions to prepare for:

 1. Prediction: Emerging ‘Unique Human Identities’ Under Attack

We’ll see a new wave of attacks against emerging ‘unique human identities’ – or newly engineered biometric markers for digital and physical authentication. Biometric fingerprint, voice and face ID authentication controls have proven effective in consumer devices, and organizations will look to new authentication methods – like embedded human microchips, for example. Attackers will increasingly target these identities to gather massive amounts of biometric data for future modelling purposes and nefarious use. Genetic consumer-services, biometric stores within organizations and more will become key targets, further elevating privacy concerns.

 2. Prediction: Government Social Media Becomes Regulated as Critical Infrastructure

Governments will start counting government sanctioned social media accounts – both for elected officials and agencies – as critical infrastructure. Much like government text messages are regulated in numerous ways, social media will become regulated as well.

Social media has emerged as a critical tool for governments to communicate with citizens. Whether it’s individual politicians and elected officials, or the official accounts of government agencies and organizations, social media is quickly emerging as one of the top pathways for a government to communicate with citizens.

While social media allows for the rapid dissemination of critical information, it also has a dark side, illustrated in the past year by the false missile alerts that sent residents of Hawaii and Japan into a panic. This provides a glimpse of how attackers could use official social accounts to spread chaos.

 3. Prediction: Trade Wars Trigger Commercial Espionage

Government policies designed to create ‘trade wars’ will trigger a new round of nation-state attacks designed to steal intellectual property and other trade secrets to gain competitive market advantages. Nation-state attackers will combine existing, unsophisticated, yet proven, tactics with new techniques to exfiltrate IP, as opposed to just targeting PII or other sensitive data.

While these attacks will predominantly be carried out by malicious external attackers, we’ll also see an uptick of insider attacks, especially in cutting-edge industries like autonomous cars (much like occurred at Apple in June 2018). We’ll see attacker dwell times extend as nation-states spend more time conducting reconnaissance and carrying out these trade-driven attacks. We’ll also see the emergence of nation-state weapons commercialized on the black market. This same phenomenon happened after Stuxnet, Petya and NotPetya – where cyber criminals take pieces of code from massive nation-state attacks and incorporate them into their attacks.

 4. Prediction: Supply Chain Meets Blockchain

Blockchain will transform the supply chain in 2019. Following allegations of nation-states targeting the supply chain at the chip level to embed backdoors into both B2B and consumer technologies, organizations will embrace blockchain to secure their supply chains. The distributed nature of blockchain makes it well suited to validate every step in the supply chain – including the authenticity of hardware and software. We’ll continue to see increased attacks early on in the supply chain, and there will be greater need for this level of validation.

 5.  Prediction: Enterprises Transfer Trust and Risk…to Google and Facebook?
The embrace of Google’s BeyondCorp strategy – shifting access controls from the network perimeter to individual users and devices without the need for a traditional VPN – will expand the attack surface in 2019 if the necessary controls are not put in place. This ‘zero trust’ approach can open up several attack vectors. First, it transfers risk and trust to third parties, like Google or Facebook, with velocity. Identity providers are exposed to an expanding attack surface through the use of authentication protocols and short-lived tokens or temporary API keys that can be compromised. This transfer of trust, also opens up the very real possibility of attackers weaponizing identity provider assets or services to expose credentials or allow privileged access.

Second, the BeyondCorp approach requires an organization to expose some of its infrastructure in order to allow employees to use applications or access the network. Anytime organizations expose assets to the outside world, they also expose the mistakes they’ve made. Whether it’s ports that are open that shouldn’t be or misconfigured security settings, for example, attackers will look to exploit these visible weaknesses.

Editor’s note: To stay on top of emerging threats, read CyberArk’s Threat Research blog for original research – including new vulnerability discoveries – from CyberArk Labs and the CyberArk Red Team, which are constantly researching and assessing attack vectors.

The post The Year Ahead: CyberArk’s Top 2019 Cyber Security Predictions appeared first on CyberArk.

Share this post and earn Cybytes
Facebook Twitter Google+ LinkedIn Email
Follow
986 Followers
About CyberArk
CyberArk is the only security company that proactively stops the most advanced cyber threats – those that exploit insider privileges to attack the heart of the enterprise. The company has pioneered a new category of targeted security solutions to lock down privileged accounts and protect against cyber threats before attacks can escalate and do irreparable business damage. CyberArk is trusted by the world’s leading companies – including more than 40 of the Fortune 100 – to protect their highest value information assets, infrastructure and applications, while ensuring tight regulatory compliance and audit requirements.
Promoted Content
7 COMMON PRACTICES THAT MAKE YOUR ENTERPRISE VULNERABLE TO A CYBER ATTACK
Advanced cyber attacks involve compromised privileged accounts. Cyber attackers target them because they represent the keys to the IT kingdom. Effective enterprise security includes proactively protecting privileged accounts. Industry experts have identified practices that increase an organization’s vulnerability to a cyber attack. How many of these are common at your organization?

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel