Alan Woodward is a British computer scientist and visiting professor at the University of Surrey. He is a specialist in computer security with particular expertise in covert communications, forensic computing and image/signal processing. Professor Woodward is a Fellow of the Institute of Physics, a Chartered Physicist, Chartered IT Practitioner, Chartered Engineer, Fellow of the British Computer Society, a EUR ING, and Fellow of the Royal Statistical Society.
Predicting the immediate future for cybersecurity is fairly straightforward. Simply say that attacks will become more frequent and the impact will grow and accuracy is almost guaranteed. Going beyond that, however, can be particularly difficult. Technologies and vulnerabilities are constantly changing and new threats emerge every day. 2018 saw some of the most significant breaches to-date, record levels of compromised data and unprecedented regulation governing the use – and misuse – of personal data.
In the face of a growing skills shortage, cybersecurity professionals have their work cut out for them in the year ahead. 2019 promises to be as difficult to predict as every year, so Exabeam spoke to Professor Alan Woodward from the University of Surrey to get his thoughts on the cyber security landscape for the year ahead.
- The vast majority of cyberattacks will continue to involve vulnerabilities that have been known for at least a year. The corollary is that IT and security staff should spend the majority of their time fixing problems already known to exist. Patch, patch, and then patch.
- Humans will remain the weakest link. We’re only going to strengthen this area by making security tools simpler to use and unobtrusive, in addition to educating users about how a single person can unwittingly compromise a whole organization.
- IoT will increasingly become the attack vector of choice. I’d estimate up to 25 percent of attacks could soon use this route. However, organizations will continue to spend far less of their IT budgets on this area (some estimates put it at about 10 percent). You forget embedded devices at your peril: they need managing too.
Despite the introduction of guidelines, and even legislation, on the authentication required for IoT devices, over the next few years many will continue to ship with weak authentication; due diligence and a strategy for compensating for any such weakness are required. It’s not even that IoT devices will necessarily be used to compromise your organization, but that they’ll be used as a platform for attacking others—both as a way of obfuscating attack paths and as a means of constructing large botnets.
- Recognition technologies will become increasingly popular for system access control. However, there will be a tendency to swap passwords for these new recognition or token-based controls. Better to use the newer technologies as part of a two-factor authentication strategy.
- Malware will increasingly switch to easier pickings. Rather than attempt to steal individuals’ banking details, criminals will seek out and steal cryptocurrencies. This will happen both in personal wallets and exchanges. We will also increasingly see websites hijacked to utilize visitors’ computing power for crypto mining, rather than to attempt to steal their personal details. These new attacks will be very difficult to detect.
- Ransomware will continue. It’s a fact if life now, and organizations need to ensure they are ready to cope with such an attack by having appropriate business continuity plans and disaster recovery practices in place.
- Phishing will focus on whaling attacks, where high-value targets such as CEOs are stalked and specifically attacked.
- Malware will become adaptive. It will start to morph while inside networks and between attacks. Security systems will find it difficult to detect, enabling it to persist within networks even after it has first been identified. This has been happening for some time, but it now involves novel methods of employing and hiding steganography to sneak into networks, avoid detection, and exfiltrate data.
- Crime as a service will continue to increase. Criminals will increasingly buy access to malware, crypto-jacked websites, ransomware, and so on. The few highly skilled technologists behind some of these attacks will continue to effectively be multiplied by criminals using their “products.”
- The supply chain will become a primary means of attack. This may be through software updates, corrupted third-party scripts and services, or even whole products being compromised at some point in the supply chain.