Around this time of year, it seems as though everyone publishes their predictions about what they think will happen during the next 12 months. Being one in that “everyone”, I decided to follow suit:
Boards of directors will be a focus for security education
Boards of directors’ knowledge about business issues is generally quite good, but knowledge about security issues is typically not their strong suit. As a result, CISOs, security managers and others charged with providing security for their organizations often feel overstressed and under supported. However, we believe that 2019 will be a turning point during which boards will get serious about security. This enlightenment will be driven by high profile data breaches (the Marriott data breach of 500 million records figuring prominently in this awakening) and will take the form of making more CISOs board members, discussing security issues at most or all board meetings, and accelerating funding for security in most organizations.
Ransomware will make a comeback, but with low ransom demands
The ransomware problem was terrible in 2016, got worse in 2017, softened a bit in 2018, but will make a comeback in 2019. However, we believe that the focus of ransomware authors in 2019 will be low level ransom demands, perhaps on the order of $20 to $40. The goal of cybercriminals will be to make ransom demands low enough to make paying the ransom an easy decision akin to an impulse buy at a supermarket check stand. Moreover, these ransom demands will come with full instructions about how to pay the ransom using Bitcoin or other cryptocurrencies.
Cryptocurrency mining will become a much more serious threat
Osterman Research believes that the price of Bitcoin will recover significantly from the significant drop it has experienced during 2018. This will motivate more external cybercriminals to infiltrate corporate systems for the purpose of installing cryptocurrency mining malware on various corporate servers, and it will motivate some insiders to do likewise.
Home routers will become a greater focus of corporate security managers
The large number of employees who work some or all of the time from home, coupled with the fact that 83 percent of routers in the US have unpatched vulnerabilities, leads us to believe that a rapidly growing threat focus will be employees working from home. The relatively low use of VPNs, which ranges from 18 percent to 30 percent worldwide, will contribute significantly to this threat and will motivate corporate security managers to address the security of their employees’ home-based security infrastructure in a much more serious way.
Malware will be used to damage the reputations of celebrities and high level government officials
A tool commonly used to tarnish the reputations of celebrities, nominees to high level government positions and others is to reveal information they have posted to social media in the past, sometimes many years past. Osterman Research believes that in a few cases during 2019, some will go one step further and use malware to install compromising content on the computers, social media accounts or cloud accounts of celebrities and others. For example, while malware has been used in the past to install child abuse images on the computers of victims, such as in a 2009 case involving an employee for the Commonwealth of Massachusetts, we believe this approach will be used to discredit a few high-profile individuals in 2019.
The market for security awareness training will grow significantly
Employees are the last line of defense in any security infrastructure. Because technology-based solutions cannot block 100 percent of malicious content 100 percent of the time, employees need to be trained to deal with the phishing, spearphishing and other threats that will inevitably reach them. While the market for security awareness training has been growing at a healthy pace over the past several years, the fairly recent spate of acquisitions in this space by mainstream security solution providers will accelerate the trend at an even faster pace.
The market for web isolation technology will explode
A significant share of malware and other threats enters the corporate network through web browsing, webmail access and the like. To combat this, organizations of all sizes will increase their use of web isolation technology to prevent this avenue of attack from being effective. While these technologies have been available for several years, we believe that 2019 will be the breakout year for them.