Despite the rate of tech evolution, it’s possible that nothing is changing faster than the cybersecurity landscape. Even as businesses strike down one security threat, three more schemes seem to pop up to take its place and test cyberdefenses at every turn.
Moreover, the cyber underworld is evolving and consolidating, according to the McAfee Labs 2019 Threats Predictions Report.
“We have witnessed greater collaboration among cybercriminals exploiting the underground market, which has allowed them to develop efficiencies in their products. Cybercriminals have been partnering in this way for years; in 2019 this market economy will only expand. The game of cat and mouse the security industry plays with ransomware developers will escalate, and the industry will need to respond more quickly and effectively than ever before,” writes Raj Samani, chief scientist and McAfee fellow for advanced threat research, in an introduction accompanying the report.
So, what does 2019 have in store when it comes to cyberthreats? Here are three security concerns businesses should turn their attention to quelling in the coming year.
1. Watch Out for AI Threats
Artificial intelligence has much to offer businesses in terms of efficiency and automation of tedious tasks, but cybercriminals see opportunity in the technology as well, particularly when it comes to evasion techniques, which enable the criminals to avoid detection and circumvent security.
“We expect evasion techniques to begin leveraging artificial intelligence to automate target selection, or to check infected environments before deploying later stages and avoiding detection,” explain McAfee researchers in the 2019 Threat Predictions Report.
This AI-based malware will stack up on top of the already plentiful list of evasion techniques the cyber underground employs today, including new techniques spotted in 2018, such as botnets and cryptomining.
A possible antidote is AI-based and other next-generation cybersecurity tools, which are making use of emerging technology in order to detect and ward off increasingly sophisticated threats.
“Tools that use artificial intelligence to monitor device and user behavior and flag anything suspicious will be arriving [in 2019] to help improve security capabilities,” Raymond Boggs, vice president of small and medium business research at IDC, tells BizTech.
2. Cloud Security Becomes Paramount
As the adoption of cloud-based email and other applications takes off, cloud security will become an even larger concern in the new year, particularly because, according to McAfee, 21 percent of data stored in the cloud is sensitive. Bad actors search out, in particular, a chance to exploit when cloud or credentials have been misconfigured.
“As workload migration accelerates to the public cloud, security risk professionals will need to get more actively involved in their DevOps team’s processes, so they can automate the application of governance and compliance controls,” explains Tim Jefferson, vice president of Public Cloud at Barracuda Networks, in an emailed statement. “It’s not about dictating what tools the team uses, but verifying that controls are being met and helping the builders build securely.”
Jefferson expects, as a result, to see more teams embracing automation that can help to “continuously monitor cloud security and remediate problems automatically.”
3. Keep an Eye on Voice-Controlled Digital Assistants
Voice-controlled digital assistants are entering homes — and offices — everywhere and are revolutionizing everything from retail to banking. But, as with any new technology, they also represent a new threat vector.
“This opportunity to control a home’s or office’s devices will not go unnoticed by cybercriminals, who will engage in an altogether different type of writing in relation to the market winner, in the form of malicious code designed to attack not only IoT devices but also the digital assistants that are given so much license to talk to them,” McAfee researchers note in the report.
This ability to monitor and control infected Internet of Things devices, such as digital assistants, smartphones and routers, could literally bring bad actors into the home.
“Infected IoT devices will supply botnets, which can launch DDoS attacks, as well as steal personal data,” the McAfee researchers note. “The more sophisticated IoT malware will exploit voice-controlled digital assistants to hide its suspicious activities from users and home-network security software. Malicious activities such as opening doors and connecting to control servers could be triggered by user voice commands (“Play music” and “What is today’s weather?”). Soon we may hear infected IoT devices themselves exclaiming: “Assistant! Open the back door!””