Security 2019 Predictions (Part 4)
AI and ML are used for security and by hackers alike.
Join the DZone community and get the full member experience.Join For Free
Given the speed with which technology is evolving, we thought it would be interesting to ask IT executives for their predictions for 2019. Here are some additional thoughts about what will be transpiring with regards to security:
Despite advances in cybersecurity technology and the launch of stricter consumer data protection framework (GDPR) in 2018, large-scale data breaches are still common on a global level. Aadhaar (1.1 billion records), Exactis (340 million records), and Under Armor (150 million records) top the chart. At this point, one can assume that if you have an active digital online profile, your personal identity will be easily available by hackers around the world. The amount of financial damage caused by these leaks is largely unknown at this point.
I predict that starting in 2019, large IT organizations will start shifting their security spend from data theft prevention to constantly scanning their data warehouse for suspicious fraudulent activities. Our patented Unsupervised Machine Learning (ML) approach scans for unknown attacks by dynamically forming clusters against all user attributes and derived attributes. By looking at abnormal activity automatically, we were able to find new attack patterns in the formation stage. For example, it is really easy for you to cash out your entire limit on your credit card instantly in China by using a mobile app. We have collaborated with partners and found crime rings using these fake identities to apply for many credit cards (over 60 per person), making valid transactions on them for months to increase the credit limit and then cash out one night before disappearing. As it is normal to assume digital identities are readily available, intelligent data scanning solutions should be a cybersecurity spend focus just as Antivirus has reduced the damages of malware on corporate devices.
Fei Huang, CEO, NeuVector
Security will go deep with service mesh. As new attack vectors arise, additional layers of virtualization are bypassing traditional security methods — especially in the areas of network and host security. Hackers are leveraging new technologies such as Kubernetes and container APIs, and security solutions need to react instantly and feature automated intelligence. The addition of security mesh within service mesh will provide strong inline protection, with advantageous knowledge of application context.
Smart home, voice-controlled speakers such as Amazon Echo and Google Home. As consumers become more comfortable using voice-controlled smart home speakers like Amazon Echo and Google Home, look for cybersecurity threats surrounding them to rise in 2019. Keep in mind that accounts such as Google or Amazon must connect to smart speakers to control smart home devices. Malicious hackers could very well attempt to manipulate device vulnerabilities and hijack these accounts associated with the devices. Earlier this year, it was reported that Amazon Echo recorded a private conversation and sent it to a friend. Such smart home devices can be used for eavesdropping and privacy invasion, which can bring subsequent hacking attacks.”
We believe a significant attack or strain of malware will leverage AI in 2019. AI and ML have been the “silver bullets” of the security industry for the past few years. Malicious actors are taking note. For instance, just like security vendors can train their ML models on malware samples to detect them, malware writers can “train” or tune their malware to avoid detection using the same exact algorithms. Attackers can also poison the data that ML models use in training.
2019 is the year of government data compliance. Data management is no longer simply a consumer vs corporation battle; it has quickly elevated to the country and federal level. In the wake of GDPR, others are using it as a blueprint to enact more stringent compliance standards. The California Consumer Privacy Act goes into effect January 2020, and we should expect to see more of the same in the coming years. Such regulations mean company obligations will become more complicated and will need to meet new standards. Having the flexibility and scalability to store data within specific regions will become a key buying consideration and increasingly favor cloud deployments over on-premises solutions.
In 2019, expect to see ransomware, data breaches, and phishing scams to remain the top threat vector for hackers. Smaller businesses, including state and local municipalities, mom and pop shops, and others, will be targeted due to their lack of security solutions and limited budget. SMBs should look for solutions that are paired towards their small budgets and limited staffing resources to ensure compliance, network security, and peace of mind.
With IoT technology more tightly integrated into consumers’ day-to-day lives than ever, consumers will realize the tangible impact of poor security and demand stronger security measures.
Every company has vulnerabilities and is at risk of a data breach. The public perception of companies who have a breach will need to shift so that we are evaluating companies not based on whether or not a breach is possible or has occurred but, instead, to what degree and what processes they have in place to understand and mitigate their risks and how much effort they have spent to reduce their risks.
Consumers will slowly but increasingly follow those companies who take a leadership position around data privacy and care.
Cyber attacks on an industrial control system or public utility will cause injury, damage, and potentially loss of life. It is only a question of time before a Bhopal-like disaster will be directly caused by a targeted cyber attack. Intervention by cyber attackers in large-scale industrial chemical processes has the potential to cause massive trauma to both the facility and the surrounding communities. The same is true for public utilities. The Aurora vulnerability attack vector has remained open in many utilities and remains a source of similar concern for major physical damage to the power grid in the wake of a targeted cyber attack. Here is a link to a demonstration done by the government of a targeted cyber attack against a power generator.
The Federal government will move to a more aggressive posture against cyber attacks. I believe that, in 2019, the federal government will step in to reach out beyond our borders to address cyber threats directly at their sources of origin. The U.S. government will take steps to defend our Internet infrastructure so that normal commerce and communications can continue unhindered. This would involve moving assertively to identify these overseas attackers, blocking their access at a national level to our Internet infrastructure, and in the event of a concerted attack, reach out and shut them down. We have the tools and technology to do this today. As always, we must do this within the rule of law, put all of the evidence out there in the view of the global community, and enlist the support of our allies to ensure we are successful.
The continued growth in malevolent nation-state activity, especially against commercial business, will force the emergence of a global treaty. This will take the initiative taken by the Paris Call recently to a new level of commitment and enforcement.
European Union GDPR regulators will make an example. GDPR has been enforced since the end of May this year. It is apparent that many companies have done very little towards fulfilling the requirements to be compliant. This situation has been aggravated by highly public and visible events, such as Cambridge Analytica and more. For these reasons, we expect the European Commission to make a very public example of one or two GDPR violations and expect this will be accompanied by very large financial penalties.
Two-factor authentication security will become ubiquitous and mandatory. The tempo around cyber threats has been increasing for the past twenty years. Stolen credentials are central to most of the cyber threat activity. The wide availability of software to set up a server to provide support for this control using a mobile device, Yubikey, or similar technology is now pretty much ubiquitous. Two-factor authentication will emerge rapidly in 2019 as the basic requirement for any website requiring a login.
Encryption goes to the cloud … and fails. Almost 100 percent of the new data protection and threat protection compliance requirements line up behind encryption as an essential requirement for data pseudonymization. Expect a barrage of poorly implemented application vendor encryption that either provide minimal, database-only encryption or require that you share the data encryption keys with your vendor to be breached. In the absence of “edge” end-to-end encryption, cyber attackers will continue to press forward and will continue to find many ways to exploit these weaknesses.
A GDPR-like regulation does not come to the USA in 2019. Why? Security and, specifically, security in the cloud is too hard to accomplish to meet the requirements.
Competing for financial and national security regulations will create compliance confusion. In 2019, we’ll see more businesses receiving fines as they scramble to meet GDPR compliance requirements. Adding to this will be competing regulations that will increase as the flux of data protection silos pop up within regions, and in the US. financial firms, particularly, we will see a real battle between GDPR and competing regulations like the U.S. Government’s CLOUD Act or FFIEC, UK’s FCA requirements, the EU’s MiFID II. These financial firms — or U.S.-based cloud-providers — will find themselves in the unfortunate bind of conflicting obligations with regards to “right to be forgotten,” data transfers, and regulatory records retention and be absolutely certain of the data they store, where it's stored, and who has access to it to begin to even make sense of their legal obligations.
The first major public cloud multi-tenancy breach will hit the news. Multi-tenant security breaches will become more paramount because of either an unknown vulnerability or, more likely, because an individual within the organization provisions Office 365 or Azure AD in the wrong place. Another contributing factor to multi-tenant breaches will be a result of an IT staff member rejiggering tenants for easier management, yet unwittingly creates attack avenues for disgruntled users or hackers. Businesses will pay closer attention to defining and applying strict security and monitoring policies across their environment to ensure misconfiguration doesn’t compromise systems.
Opinions expressed by DZone contributors are their own.