I was recently asked my thoughts about cyber security trends for the 2019. Here are a few of my predictions:
1. Many security issues will still be caused by human error. Despite many technology advances, a significant number of issues are caused by people using bad judgement or organizations deploying hardware and services insecurely. The reality is that social engineering attacks work: people follow links to insecure websites, they provide personal identifying information to unauthorized accounts, or they open up attachments that may contain a virus or malware. In addition, many resources are deployed on both internal networks and systems reachable from the Internet with default passwords, unrestricted access, or default installation pages and programs. On-going education and operational due diligence are the keys to minimizing these problems.
2. Internet of Things (IoT) devices will serve as a new widespread platform for exploits. Because so many IoT devices are targeted for large-scale consumer use, many IoT manufacturers are more worried about being first to market with new functionality than they are in ensuring they can be securely deployed or managed. In addition, those same consumers are often more concerned about just using the devices rather than having to spend time ensuring they are safe from hackers. These IoT devices can be susceptible to essentially the same types as exploits as any other computer: viruses, malware, Botnets, and information disclosure.
3. Increased cloud computing adoption will force cloud providers and application developers to focus on security. As more application architectures are built around cloud based services, those providers will be forced to take responsibility for a significant portion of securing the data: such as detecting spikes or anomalies in account usage, providing transparent metrics to the consumers about attacks or penetration attempts, and service level agreements to guarantee on-going security maintenance to their physical security, management of operating systems, and networked devices.
Brad Johnson is Vice President of SystemExperts Corporation and has been a leader of the company since 1995. He has participated in seminal industry initiatives including the Open Software Foundation (OSF), X/Open, the IETF, and has published many articles on open systems, Internet security, security architecture, ethical hacking and web application security.