The end of the password, more regulation and more IoT risks - Cybersecurity predictions for 2019
by admin@serverstalk.net in security on Sat December 22, 2018, 23:36 (#14)
When we looked at security predictions at this time last year some experts were predicting that we'd see attacks on cryptocurrencies and that we'd continue to see a rise in the scale and profile of attacks.
They've been proved right on both counts over the course of 2018, so what is next year going to have in store? We've canvassed the views of a number of industry figures to find out what they see as the key security issues for 2019.
The end of the password as a prime security measure is something people have talked about for a long time. But are we now reaching a tipping point? After a number of high profile breaches people are finally going to be fed up thinks Adam Kujawa of Malwarebytes Labs "I'm really hoping that we’ll start to see a bigger adoption by large organizations of multi-factor authentication, to make it so that whatever information is stolen it won’t really matter as it will be impossible to log in. Will we see the end of passwords in 2019? No. it's going to take years to roll out across the board, but I am excited to see what companies start doing to address the problem."
The fact that relying on passwords alone is inadvisable is echoed by Jarrod Overson , director of engineering at Shape Security, "Breach disclosures due to credential stuffing attacks have seen a sharp ramp up in 2018 with Macy's, Uber, Dunkin Donuts and HSBC all falling victim. I imagine this is going to be a trend that continues to increase in 2019 because of regulatory requirements, heightened sensitivity, and increasing attacker sophistication."
2018 saw the introduction of GDPR in Europe and the trend towards more regulation is expected to continue. "The enforcement ramifications as a result of General Data Protection Regulation (GDPR) compliance are yet to be seen," says Rod Oancea, director, governance and compliance services at InterVision. "Many businesses are still attempting to cope with how to meet the regulation’s extensive reach and requirements. Expect some fairly large penalties and fines in 2019 to show up in national and international news headlines from GDPR; and while US regulation around privacy has lagged behind historically, high-profile incidents and the resulting public interest has brought the stigma of data breaches to the (very costly) forefront.
In turn, anticipate increased focus on what could have been done to prevent breaches, scrutiny on the effectiveness of data protection and security, and a higher bar for compliance with an ever-evolving number of requirements. As the outright and pervasive costs of non-compliance and breaches continue to grow, many organizations will need to invest in their security and data privacy practices, especially proactively in solution design."
The rise in numbers of IoT devices presents risk too. Raj Samani, chief scientist and fellow at McAfee says, "When you bring connected devices into the home, you need to make sure you enjoy using it in a safe and risk-free way. While these threats can seem scary, people can do a number of things to easily protect their smartphones, and therefore their smart homes, from malware. There's mobile security that warns you about risky apps before you download or use them and it often comes down to simple things such as being savvy with your passwords. If you have the right security in place, there’s no reason to be scared of smartphones or smart homes."
"Hackers are exploiting the woefully inadequate security on smart home devices to build powerful botnets, capable of delivering devastating DDoS attacks. Again, this is something we’re only likely to see more of. As use of the Internet continues to balloon at an exponential rate, we will see both the number of attacks and the fallout caused by them grow in severity," says Sean McGrath, privacy expert and cybersecurity advocate at BestVPN.com.
Panda Labs echoes this view in its annual report, "In 2019 we are likely to see an increase in attacks not just on routers, but on IoT devices in general. There are two main reasons for this: one the one hand, these devices’ default security leaves much to be desired, with default passwords or simply no passwords at all. On the other hand, these devices are more difficult to update, and many users don’t even know how to do so."
Jason Haddix , VP of researcher growth at Bugcrowd sees crowd sourcing as a way of addressing the security skills shortage, "Moving to new technology environments is going to require more skill and education to combat the new vulnerabilities that may appear, as well as increased crowdsourcing to keep pace with the growing attack vectors. We’re also going to see new inroads into different crowdsourced security applications like forensics, threat hunting, and more. The skill shortage is growing at alarming rates so the industry will need to double down on recruitment and education to continue to build out the security community.
Diversity was a big and important topic in 2018 and we'll no doubt see a strong emphasis on and encouraging and building diversity into the security community in 2019. Next year it's going to be about the individual contributors and tracking skill sets. We will eventually get to a point where a security professional can work from anywhere. It's already beginning with many supplementing income or working part time in the crowdsourced security space. We’re already seeing the shift occur -- the train has left the station."
( https://betanews.com/2018/12/17/2019-security-predictions/)
They've been proved right on both counts over the course of 2018, so what is next year going to have in store? We've canvassed the views of a number of industry figures to find out what they see as the key security issues for 2019.
The end of the password as a prime security measure is something people have talked about for a long time. But are we now reaching a tipping point? After a number of high profile breaches people are finally going to be fed up thinks Adam Kujawa of Malwarebytes Labs "I'm really hoping that we’ll start to see a bigger adoption by large organizations of multi-factor authentication, to make it so that whatever information is stolen it won’t really matter as it will be impossible to log in. Will we see the end of passwords in 2019? No. it's going to take years to roll out across the board, but I am excited to see what companies start doing to address the problem."
The fact that relying on passwords alone is inadvisable is echoed by Jarrod Overson , director of engineering at Shape Security, "Breach disclosures due to credential stuffing attacks have seen a sharp ramp up in 2018 with Macy's, Uber, Dunkin Donuts and HSBC all falling victim. I imagine this is going to be a trend that continues to increase in 2019 because of regulatory requirements, heightened sensitivity, and increasing attacker sophistication."
2018 saw the introduction of GDPR in Europe and the trend towards more regulation is expected to continue. "The enforcement ramifications as a result of General Data Protection Regulation (GDPR) compliance are yet to be seen," says Rod Oancea, director, governance and compliance services at InterVision. "Many businesses are still attempting to cope with how to meet the regulation’s extensive reach and requirements. Expect some fairly large penalties and fines in 2019 to show up in national and international news headlines from GDPR; and while US regulation around privacy has lagged behind historically, high-profile incidents and the resulting public interest has brought the stigma of data breaches to the (very costly) forefront.
In turn, anticipate increased focus on what could have been done to prevent breaches, scrutiny on the effectiveness of data protection and security, and a higher bar for compliance with an ever-evolving number of requirements. As the outright and pervasive costs of non-compliance and breaches continue to grow, many organizations will need to invest in their security and data privacy practices, especially proactively in solution design."
The rise in numbers of IoT devices presents risk too. Raj Samani, chief scientist and fellow at McAfee says, "When you bring connected devices into the home, you need to make sure you enjoy using it in a safe and risk-free way. While these threats can seem scary, people can do a number of things to easily protect their smartphones, and therefore their smart homes, from malware. There's mobile security that warns you about risky apps before you download or use them and it often comes down to simple things such as being savvy with your passwords. If you have the right security in place, there’s no reason to be scared of smartphones or smart homes."
"Hackers are exploiting the woefully inadequate security on smart home devices to build powerful botnets, capable of delivering devastating DDoS attacks. Again, this is something we’re only likely to see more of. As use of the Internet continues to balloon at an exponential rate, we will see both the number of attacks and the fallout caused by them grow in severity," says Sean McGrath, privacy expert and cybersecurity advocate at BestVPN.com.
Panda Labs echoes this view in its annual report, "In 2019 we are likely to see an increase in attacks not just on routers, but on IoT devices in general. There are two main reasons for this: one the one hand, these devices’ default security leaves much to be desired, with default passwords or simply no passwords at all. On the other hand, these devices are more difficult to update, and many users don’t even know how to do so."
Jason Haddix , VP of researcher growth at Bugcrowd sees crowd sourcing as a way of addressing the security skills shortage, "Moving to new technology environments is going to require more skill and education to combat the new vulnerabilities that may appear, as well as increased crowdsourcing to keep pace with the growing attack vectors. We’re also going to see new inroads into different crowdsourced security applications like forensics, threat hunting, and more. The skill shortage is growing at alarming rates so the industry will need to double down on recruitment and education to continue to build out the security community.
Diversity was a big and important topic in 2018 and we'll no doubt see a strong emphasis on and encouraging and building diversity into the security community in 2019. Next year it's going to be about the individual contributors and tracking skill sets. We will eventually get to a point where a security professional can work from anywhere. It's already beginning with many supplementing income or working part time in the crowdsourced security space. We’re already seeing the shift occur -- the train has left the station."
( https://betanews.com/2018/12/17/2019-security-predictions/)