Review - Cybersecurity Predictions for 2019

At the end of 2018, I was asked to provide a set of cybersecurity predictions for 2019. Now that we enter into the last quarter of the year, it's time to take a look back and see how those predictions panned out.

True - Mega Data Breaches will stay in the headlines

True - "S” in IoT will still be a concern

Unfortunately true and much more than expected! - Ransomware will continue to plague companies

False! This is one that I'm happy to get wrong. The gap is slowly starting to close as more start showing interest in getting into cybersecurity (either as a first career or as a change of careers. - The cybersecurity skills gap will continue to widen

Shannon's Predictions for 2019

2018 was not a good year for cybersecurity news. Data breach after data breach hit the headlines leading to “data breach fatigue” where consumers simply started accepting that their data was going to be breached and there was nothing to do about it. Then there were numerous stories about massive ransomware attacks hitting medical centers, cities, schools, and other industries and cyber-criminals raked in ill-gained profits by holding data hostage.

As we enter into 2019, here are some predictions for what wewill see in the cybersecurity space.

Mega Data Breacheswill stay in the headlines

It only took two weeks before the first data breach of 2019took place with the Collection#1 dump of 773 email addresses and 21 million passwords. And then beforeJanuary was over, 24 million loan and mortgage documents were exposed by anunproperly protected AWS S3 storage bucket.

As long as businesses and corporations continue to fail toproperly protect the data they collect from users and customers, we can expectto continue to see the trend of the mega data breach go into 2019 and beyond.Europe took a step towards punishing businesses for failing to protect datawith the implementation of GDPR in 2018 and already there have been 95,000 complaints lodged since it went into effect eightmonths ago.

The “S” in IoT will stillbe a concern

Smart device manufacturers continue to be in a rush to bringtheir products to market and security is too often an afterthought, if athought at all. At CES 2019, it was found that over 80% of consumersdon’t trust internet-connected devices to protect their data and IoTsecurity is in such a state of disarray that nearly half of companies wouldnot be able to detect if their connected devices had been hacked. In fact,internet-connected devices pose such a risk that DevOps.com believes that ithas displaced people as the numberone threat to organization’s cybersecurity.

Ransomware willcontinue to plague companies

Ransomware has been around since 1989 but it has gainedimmense popularity with cyber-criminals with the introduction of digitalcurrencies and  vulnerabilities likeEternalBlue that allowed it to spread quickly through corporate networks.Companies fell victim to ransomware attacks by employees enabling macros ininfected documents, compromised remote desktop connections, and poorly securedinfrastructure. Several cities have already fallen victim to ransomware attacksin January 2019 including DelRio, TX, Sammamish,WA and Akron,OH. 

Ransomware has been profitable for cyber-criminals and aslong as they can continue infecting victims and making money, we can expect tosee the trend continue. The group behind the Ryuk ransomware variant which hitcompanies from major news organizations to a cloud data provider, thought to belinked to groups in North Korea or Russia, has made $3.7million in just a five month period.

The cybersecurityskills gap will continue to widen

The cybersecurity skills gap has widened to 3million open vacancies in January 2019 and it will take time before the newgeneration of skilled workers have the training, education, and know-how tostart filling the growing gap.

Many universities still focus on teaching nothing buttheory, failing to equip students with the real-world skills needed to closethe gap in cybersecurity protection that businesses need. And women continue tobe a small minority in the cybersecurity workforce, making up just 11% of theindustry despite being 50% of the overall workforce.