For the third year in a row, C-level executives are pointing to cybersecurity as the leading challenge confronting their business. But for a variety of economic, political, and technological reasons, this year looks to be significantly different from 2018 in terms of what to expect with cybersecurity. With that in mind, here are six predictions that deserve CIOs’ close attention in 2019:
- The European Union will punish companies that fail to comply with its General Data Protection Regulation (GDPR).
The European Union didn’t come down hard on companies that failed to abide by the GDPR after it became law last May, but European Data Protection Supervisor Giovanni Buttarelli recently said that GDPR-related fines, admonishments, and preliminary or temporary bans would likely be forthcoming1. The EU is expected to levy some hefty fines against offending businesses that operate in Europe to make an example of them and to build public trust in the GDPR.
Consider yourself warned: Violators can receive fines of up to four percent of their global revenue or 20 million euros ($23 million), whichever is higher.
- Cybercriminals will increasingly turn to cryptomining as a source of revenue.
The number of users who experienced a cryptomining attack in the past year grew by 44 percent, according to one report. And you can expect even more cryptomining-related breaches in 2019 for two reasons. First, cybercriminals have hit a wall with ransomware attacks and are looking to replace the loss of ransomware-produced revenue by hijacking companies’ computing resources for mining digital currencies. Second, the number and quality of ready-made cryptomining tools has increased significantly, so it’s much easier for less-technical bad actors to pursue cryptomining.
- Enterprises will shore up their cybersecurity defenses with improved employee security training.
Some good news: Companies are investing in security training for their employees. Increasingly, companies are recognizing that their own employees constitute one of their largest security vulnerabilities, and nearly 60 percent of companies say that employee training tools are their most effective emerging security solution2. Through formal, mandatory training along with regular tips and reminders, CIOs can reduce the number of careless human errors, such as employees clicking on a link in a phishing email.
- Business email compromises and email account compromises will defraud enterprises of millions of dollars.
Business email compromises (BECs) and email account compromises (EACs) have resulted in companies around the world losing $12 billion since October 2013, according to the FBI3. In the first scam, a cybercriminal impersonates an executive and persuades an employee (or contractor) to send them funds or confidential business information. In the latter scam, a cybercriminal gains access to a business email account, sometimes through email spoofing. BEC and EAC attacks have increased by 136 percent between December 2016 and May 2018, according to one report3.
- Enterprises will use AI and machine learning to strengthen their cyberdefenses. Cybercriminals will use AI and machine learning to circumvent them.
Enterprises are increasingly using AI and machine learning to detect data breaches and thwart cyberattacks. But cybercriminals and other bad actors are also using adversarial AI and machine learning to identify these cyberdefenses and rapidly change their tactics to elude detection. Security experts also suspect that cybercriminals are using AI and machine learning to develop a new generation of offensive tools, tactics, and procedures. One worrisome possibility: that cybercriminals will develop malicious chatbots, or hijack existing ones, and use them to direct unwitting victims to click on malware-ridden links.
- Hostile nation-states will target U.S. organizations and unleash havoc on their operations.
China, North Korea, Iran and other nation-states will continue to target U.S. enterprises, government agencies, and academic institutions. Some likely scenarios4: Confronted with an ongoing trade war, China is likely to step up its cyberespionage attacks designed to steal intellectual property, trade secrets, and other sensitive information. North Korea will extend its four-year spree of persistent assaults on financial institutions, including U.S. banks and the U.S. Federal Reserve. Iran will respond to U.S. economic sanctions with an increase in hacking attempts against federal government officials and other targets. Any enterprise that has a relationship with the U.S. government should consider itself a likely target.
Take cybersecurity seriously
The hope for 2019 is that enterprises take cybersecurity more seriously. In today’s hyper-connected world in which bad actors from anywhere on the planet can launch a sophisticated cyberattack against your operations, it is critical that CIOs lead the way in protecting their organizations from a slew of known and unknown daily threats. In that respect, 2019 promises to be another challenging year for CIOS to guard against cybersecurity threats.