With an estimated $1 trillion in global damages in 2018, cyber crime is becoming a bigger issue every year. Business growth, an increasing reliance on the cloud and the expansion of Internet of Things (IoT) technology, all create new areas of vulnerability and contribute to the need for flexible, adaptable security measures.
To know the best ways to protect your business in 2019, it helps to take a look back at the biggest challenges of 2018 and assess the changes expected for the coming year.
2018 Year in Review
In 2018, Distributed Denial of Service (DDoS) attacks were one of the most pervasive cyber crime threats to network security for businesses. Instances of DDoS increased fivefold compared to 2017, putting many networks at risk of overload or complete shutdown. In a DDoS attack, hackers use multiple sources to deliberately send a flood of requests to a server over a short period of time with the intent of preventing targets from accessing essential services. This can put businesses at a standstill, halting productivity and causing both loss of profits and damage to reputations.
Ransomware, in which data is stolen and held for ransom, experienced a decline in popularity. The number of ransomware attacks in 2018 decreased by almost 30 percent, but the attacks hackers did carry out were more sophisticated. Throughout the year,
75 percent of businesses falling victim to ransomware attacks were already using the latest security solutions.
As hackers become more focused in their attacks, ransomware is likely to continue to evolve to fly under the radar of modern protections and require better security measures for detection and eradication.
Cyber Crime 2018: The Biggest Breaches
Cyber crime in 2018 was a year of big and sometimes surprising data breaches, the most notable being the data scraping incident experienced by Facebook in March. Cambridge Analytica, a British political consulting firm, used an app to collect the personal data of over 87 million users, and it’s suspected other apps may be able to exploit the same vulnerability to compromise even more information.
Two large breaches occurred in April, one involving Panera, and the other affecting customers of both Saks Fifth Avenue and Lord & Taylor. In the Panera breach, as many as 37 million records may have been affected by a leak on the website during a period of time beginning in August of 2017. Customers of the New York City retail giants got a nastier surprise when hackers put 5 million credit and debit card numbers of those who shopped at the stores up for sale.
Subscribers to California’s Sacramento Bee newspaper and voters throughout the state were affected by a breach in June. Information on roughly 53,000 subscribers and 19.4 million voters was exposed when the system was compromised.
One of the largest breaches of 2018 occurred when a user gained unauthorized access to MyFitnessPal, a popular fitness and nutrition tracking app. Over 150 million usernames, email addresses and passwords of those using the app may have been exposed, and the parent company, Under Armour, urged users to change their passwords to prevent further problems.
2018 Security Trends
Because of these and other extensive breaches, security and privacy were both major concerns in 2018. Regulators, businesses and IT professionals focused on:
- Using artificial intelligence (AI) and machine learning (ML) to monitor user behaviors in real time and detect threats before breaches could occur
- Developing secure methods for device authentication to protect networks from unauthorized access
- Responding to the growth of IoT technology with new and stronger security measures
- Incorporating IoT to automate administrative tasks and streamline workflows
- Switching to new forms of authentication, including biometrics, SSO and passwordless logins, to increase security
- Changing policies to comply with new regulations, including GDPR
- Switching to more cloud-based services, such as software, platforms, identity and authentication, for greater flexibility in and control over internal systems
Many of these trends are expected to continue in 2019, while others are likely to become more complex as new security challenges arise.
Cybersecurity Predictions for 2019
As your business prepares for the new year, make sure you’re ready to handle what experts predict to be some of the biggest concerns for cybersecurity.
1. Malware Challenges
Simple antivirus protection won’t be enough to block the more sophisticated forms of ransomware and crypto-mining that hackers will employ in the coming year. To protect your systems from these new threats, you’ll need a more robust form of security with the ability to be flexible and responsive as hackers come up with new ways to infiltrate systems.
2. Increasing IoT Risks
Connected technology is growing so fast, many businesses have difficulty keeping track of the diverse devices operating on their networks. In 2019, it will be essential to have a clear map of every endpoint and understand the potential risks posed by all connected devices. Concerns regarding physical IoT applications, such as self-driving cars and critical system components, will also become more prevalent.
3. Hijacking AI
Hackers are discovering the benefits of hijacking existing AI systems and of incorporating the technology into their own attacks. If your business uses AI to control any aspect of your network, you’ll need to employ sophisticated measures to detect potential system takeovers and pinpoint hackers using automated attacks to infiltrate the network.
4. 5G Vulnerabilities
New 5G network technology hasn’t been fully rolled out yet, but use of 5G will continue to grow in the coming year, including an increase in the number of 5G IoT devices. Experts predict revenue infrastructure will increase to $26 billion by 2022. Faster networks expand technological capabilities, but this creates new vulnerabilities of which businesses and consumers need to be mindful.
5. Stringent Regulations
Government is likely to become more involved in cybersecurity in 2019, creating new laws and regulations in the interest of protecting consumers’ information. Expect tougher enforcement of existing regulations, especially GDPR, and more federal rulings on how information can be collected, transmitted and stored.
How You Can Protect Your Customers in 2019
Although 2019 is likely to bring a host of new security challenges to your business, there are steps you can take to minimize risk and ready yourself and your employees to manage potential threats. Try these ten best practices for better cybersecurity:
- Research security threats and risks, assess available options and invest in the best solutions to protect your business
- Develop a plan for handling security breaches
- Conduct routine audits of security, access control and compliance measures
- Use end-to-end encryption measures to secure sensitive data
- Replace passwords with robust multi-factor authentication options, such as biometrics and access keys
- Update all software and systems on a regular basis
- Use sophisticated AI and ML solutions to conduct continuous monitoring of all user activity on your network
- Automate threat responses to block access when malicious activity is detected and prevent breaches resulting from accidental or deliberate insider threat activity
- Educate employees at every level, and involve them in creating and maintaining security policies
- Consider hiring a managed security service provider (MSSP) to help monitor and manage your security efforts and offload some of the burden from your IT department
Taking strategic security, access management and compliance measures to ready your business for the unique technological changes and challenges of 2019 protects sensitive data and minimizes the risk of security breaches. Although hackers will continue to develop more sophisticated ways to circumvent the protections businesses put in place, building a solid foundation with flexible, scalable solutions will help your business adapt to handle new cybersecurity threats and cyber crime while keeping data safe from theft and loss.
Looking for more in-depth readings on some of the topics discussed in this article? Brush up on what’s been happening in the cybersecurity industry with these blogs: