Last year I proposed as a trend for 2019 that many security problems would be caused by human error. This is still the case. The reality is that social engineering attacks work: people follow links to insecure websites, they provide personal identifying information to unauthorized accounts, or they open up attachments that may contain a virus or malware. In addition, when push comes to shove, many people will focus on getting a task completed rather than following all of the security policies and procedures that have been documented. On-going security awareness education and operational due diligence are the keys to minimizing these problems. No story is going to go viral talking about this topic, but it still remains near the head of the class of trends.
Again, last year I also proposed that the adoption of cloud computing will force a whole new vector of security issues. These are not new security problems, but security issues in a new forum. Unfortunately, one of the most insidious of cyber security issues – ransomware – is likely to take advantage of this technology shift and new variants of ransomware are going to target cloud infrastructures hosts and services. Organizations that use cloud services need to expand their contract negotiations and service deliverable expectations to include discussing the plans for dealing with such an incursion.
The results of the American election in 2016 have been in a constant state of critique not only in America, but abroad as well. The reality is, our polling mechanisms haven’t changed significantly since then and several hacking efforts have demonstrated that things are still in a very bad state. A review of 100 voting machines (https://www.motherjones.com/politics/2019/09/defcon-2019-hacking-village) showed that every single one was vulnerable in one way or another. Given the United States presidential election next year, this topic is going to explode in the news.
Brad Johnson is Vice President of SystemExperts Corporation and has been a leader of the company since 1995. He has participated in seminal industry initiatives including the Open Software Foundation (OSF), X/Open, the IETF, and has published many articles on open systems, Internet security, security architecture, ethical hacking and web application security.