Review – Cybersecurity Predictions for 2019

At the end of 2018, I was asked to provide a set of cybersecurity predictions for 2019. Now that we enter into the last quarter of the year, it’s time to take a look back and see how those predictions panned out.

True – Mega Data Breaches will stay in the headlines

True – “S” in IoT will still be a concern

Unfortunately true and much more than expected! – Ransomware will continue to plague companies

False! This is one that I’m happy to get wrong. The gap is slowly starting to close as more start showing interest in getting into cybersecurity (either as a first career or as a change of careers. – The cybersecurity skills gap will continue to widen

Shannon’s Predictions for 2019

2018 was not a good year for cybersecurity news. Data breach after data breach hit the headlines leading to “data breach fatigue” where consumers simply started accepting that their data was going to be breached and there was nothing to do about it. Then there were numerous stories about massive ransomware attacks hitting medical centers, cities, schools, and other industries and cyber-criminals raked in ill-gained profits by holding data hostage.

As we enter into 2019, here are some predictions for what we will see in the cybersecurity space.

Mega Data Breaches will stay in the headlines

It only took two weeks before the first data breach of 2019 took place with the Collection #1 dump of 773 email addresses and 21 million passwords. And then before January was over, 24 million loan and mortgage documents were exposed by an unproperly protected AWS S3 storage bucket.

As long as businesses and corporations continue to fail to properly protect the data they collect from users and customers, we can expect to continue to see the trend of the mega data breach go into 2019 and beyond. Europe took a step towards punishing businesses for failing to protect data with the implementation of GDPR in 2018 and already there have been 95,000 complaints lodged since it went into effect eight months ago.

The “S” in IoT will still be a concern

Smart device manufacturers continue to be in a rush to bring their products to market and security is too often an afterthought, if a thought at all. At CES 2019, it was found that over 80% of consumers don’t trust internet-connected devices to protect their data and IoT security is in such a state of disarray that nearly half of companies would not be able to detect if their connected devices had been hacked. In fact, internet-connected devices pose such a risk that believes that it has displaced people as the number one threat to organization’s cybersecurity.

Ransomware will continue to plague companies

Ransomware has been around since 1989 but it has gained immense popularity with cyber-criminals with the introduction of digital currencies and  vulnerabilities like EternalBlue that allowed it to spread quickly through corporate networks. Companies fell victim to ransomware attacks by employees enabling macros in infected documents, compromised remote desktop connections, and poorly secured infrastructure. Several cities have already fallen victim to ransomware attacks in January 2019 including Del Rio, TX, Sammamish, WA and Akron, OH

Ransomware has been profitable for cyber-criminals and as long as they can continue infecting victims and making money, we can expect to see the trend continue. The group behind the Ryuk ransomware variant which hit companies from major news organizations to a cloud data provider, thought to be linked to groups in North Korea or Russia, has made $3.7 million in just a five month period.

The cybersecurity skills gap will continue to widen

The cybersecurity skills gap has widened to 3 million open vacancies in January 2019 and it will take time before the new generation of skilled workers have the training, education, and know-how to start filling the growing gap.

Many universities still focus on teaching nothing but theory, failing to equip students with the real-world skills needed to close the gap in cybersecurity protection that businesses need. And women continue to be a small minority in the cybersecurity workforce, making up just 11% of the industry despite being 50% of the overall workforce.