2018 was a banner year in cybersecurity. The breaches were many, the remedies were few, and the cost of doing nothing went up. But there is hope on the horizon as new methods of authentication are beginning to show up, old practices are discarded, and as the threat landscape becomes clearer. But the risks are also going up, and failure to be ready for them could put you out of business.
Here are some key data points for business executives to know regarding IT security in 2019:
Nation-state attacks will get worse: While we’ve begun to get some insight into the state-sponsored hacking carried out on behalf of the Chinese and Russian governments, the fact is that the ease with which those attacks were carried will embolden those hackers even more. They won’t be the only attackers; we can expect to see attacks from Iran and the Ukraine as well as from other governments as the lack of a real U.S. response, and the lack of any serious coordination by the U.S. government, becomes clear. This will be underscored by the inability of a dysfunctional U.S. Congress to pass any meaningful legislation regarding cybersecurity.
Phishing attacks will get worse: Phishing attacks are already the single most effective means of breaching a network because hackers add social engineering to the information about your company that you provide them through your failure to control the information available on your company website. If you haven’t already engaged an organization such as KnowBe4 for training, including tools to help your staff identify phishing emails, then it’s important that you do so now. Your staff is your final firewall, but without proper training, they can’t help.
Ransomware is not going away: While the nature of ransomware is changing for the worse, meaning it’s harder to identify it and harder to get your data back without paying the ransom, the fact is that intelligent backups and practice in restoring from backups will allow you to recover. But you also need a next-generation firewall, appropriate anti-malware software and training.
Cryptomining will move to your servers and cloud instances: Criminals have figured out that the chances of being caught while hijacking your cloud services is very low, and the rewards are great, so expect the target to shift there. This means you’ll need to implement some actual security on your cloud servers. You’ll also need to make sure your on-premises servers are protected, because they’ll also be a favorite target for cryptomining and other intrusion attacks.
Cryptocurrency mining, or cryptomining, is a process in which transactions for various forms of cryptocurrency are verified and added to the blockchain digital ledger. In order to be competitive with other cryptominers, however, a cryptocurrency miner needs a computer with specialized hardware.
Two-factor authentication will become a necessity: You can’t depend on the old, easy ways you used to use for authenticate your users. Too many user names and passwords have been stolen to make that any sort of real protection. But before you head out to implement some sort of SMS messaging authentication, find another way. SMS two-factor authentication is no longer secure.
Start working on a way to eliminate user names and passwords: This means that you’ll need to start finding a way to incorporate biometrics or another secure way to authenticate access to your systems. You might consider security keys, as long as you’re aware of the constant stream of people who will lose them or leave them at home when they get to work.
Your company will be attacked: You have to assume that your company will be a target for attackers who are after information from your relationship with other companies. They will be looking for contact information to use for phishing attacks, user names and passwords for attacking the servers and cloud services of business partners. You can no longer assume that just because you’re a small company without a national scope that you’re free from being attacked.
You may need to revise your network architecture: A flat network is an open invitation to intruders once they penetrate your defenses, and yes, they will penetrate your defenses. Instead, you need to implement internal segmentation, which may require changes to your routers or perhaps installing internal firewalls. You may also need to revise your intrusion detection so that it can detect unauthorized entry into protected areas by your own employees.
All of your data needs to be inaccessible: Because intruders will gain entry to your network no matter what you do to prevent it, you need to make sure that when they find your data, it’s useless to them. This means you need to encrypt everything, including stuff you don’t think is valuable. And since you’re doing it anyway, use quantum-proof encryption so you don’t have to go back later when decryption tools have improved.
Engage a third-party for a security audit: Just because you think you’ve taken all of the steps to meet the new security challenges of 2019 doesn’t mean you haven’t missed something. Bringing in a third party will help you confirm that you’ve done what needs to be done and will also help you make sure that you’re meeting the requirements of relevant security regulations, including Europe’s dreaded General Data Protection Regulation (GDPR). Yes, it will cost money, but it won’t cost nearly what a breach will cost, not to mention what the fines will be for non-compliance.
Unfortunately, there’s no way to protect yourself against a well-organized attack, but you can make it as difficult as possible to gain access and even more difficult to accomplish anything once the bad guys gain access. It’s worth knowing that if you make things sufficiently inconvenient, they’ll go attack someone else. And that’s probably the best thing you can expect.