The biggest cybersecurity threats of 2019

Another year, another crop of cybersecurity threats — as well as some familiar ones. Whether you’re a casual user of internet-connected devices or you represent a company with digital infrastructure, it’s clear that computing and doing business in the modern world comes with lots of warnings and caveats. Here are some of the biggest threats out there in 2019, along with some guidance on avoiding them.

Internet of Things vulnerabilities intensify

The year 2019 is hardly the first we’re hearing about the vulnerabilities of the Internet of Things. But if current trends continue, this year will see both a remarkable proliferation of IoT devices as well as a far broader “attack surface” for users of those devices. Some estimates say there might be as many as 100 IoT devices per person on earth by the year 2025, representing some $11 trillion in value. In practical terms, what does this mean for security?

DDoS attacks are one of the biggest concerns. The Mirai Botnet attack leveraged thousands of connected devices to bring major services and entire swaths of the internet to its knees. The only good news about this event is that it served as a wake-up call for device makers and helped bring about a new set of best practices when it comes to the design and implementation of IoT assets.

Some of the lessons learned include isolating IoT device traffic from the rest of a company’s network, remaining diligent about updating device drivers and firmware, and creating bespoke passwords for IoT devices, even when deployed in large numbers (across an enterprise, for example). All of these lessons will only grow in urgency as 2019 continues and IoT adoption continues apace.

Cryptocurrency scams prey on the uninformed

Despite the almost boundless potential of blockchain technology, the presence of cryptocurrencies so far seems to be more of a gift to fraudsters than to users of fiat currencies. There may be some money to be made buying and trading “coins” and “tokens,” but it’s also true that ill-prepared or overly credulous users of cryptocurrencies will find lots of threats awaiting them in 2019 and beyond.

A practice called “cryptojacking” is one of these. You can think of cryptojacking as a specialized type of ransomware, which essentially hijacks a user’s computer to mine for coins in the background without the user’s knowledge or consent. It might sound reasonably innocuous, but the practice paints a target on every internet user and every business, no matter how small. You might be too minor a target for thieves who want your intellectual property and trade secrets — but if you have computing infrastructure, that’s more than enough to make you tempting for cryptojackers.

There are lots of other crypto-based threats to watch for in 2019, too. Some of these have found a home on social media websites, including Twitter and Facebook. Whether or not you’re a current user of cryptocurrency, be on the lookout for ads promising anything that sounds like the crypto version of “easy wealth” or a “get rich quick” scheme.

Thanks to what appears to be incredibly lax advertising standards on these websites, scammers have cheated lots of internet-goers out of their credit card numbers by building fake ads that lead to fake landing pages and, ultimately, to fake cryptocurrency exchanges. In other words, you’re greeted with the promise of a “remarkable return on your investment” — only to trade your real cash for a crypto payout that never arrives.

Third-Party vulnerabilities strain relationships between business partners

Doing business in a modern, digital-first world requires lots of companies to engage in partnerships — whether with contractors, vendors, logistics companies or entities providing cloud services of other digital infrastructure on a subscription basis. Unfortunately, when these outside vendors don’t take security seriously, they pose a very real and present danger even to other businesses that do take it seriously.

A few years ago, this threat was driven home by a high-profile breach of customer information at retail giant Target. The vector for the attack was eventually traced back to, of all things, one of the company’s refrigeration and HVAC vendors.

In 2016, security specialists at the Security Analyst Summit demonstrated that it’s almost laughably easy to hack into consumer-level air conditioners, too. And the results could be staggering — including a loss of power all the way up and down a city block.

There are two big worries here, and both have to do with the proper vetting of third-party business partners. For a start, every company engaging in partnerships like these have to make double-sure they’re dealing with a company that takes security seriously. Some vendors out there offer language in their contracts promising accountability and transparency in the event they detect a data breach or intrusion. And that brings us to our second warning about vendors: even when they include language like this in contracts, it doesn’t mean they’re prepared (or willing) to honour it.

The bottom line here is that proper vetting of your vendors’ security apparatus is paramount for keeping both of you safe. Also paramount? Vetting their professionalism and integrity.

The end of BYOD workplace culture draws near

Performing work-related functions on personal devices is something that’s always presented security risks. But for a few years running, lots of companies made peace with the risks in the name of employee happiness and potential productivity benefits. Who doesn’t want to carry out their work duties using devices and operating systems they’re already familiar with?

Unfortunately, in light of the security vulnerabilities we’ve just discussed here, plus many others, 2019 could be the year that spells the end of “BYOD culture” in workplaces all across the world. But why? And what’s the alternative?

Even in 2019, lots of device users don’t take security seriously. Questionable app installs, unsecured home screens, out-of-date firmware, weak passwords, and poor email security hygiene all represent serious attack vectors. All due respect to your employees, but that’s a lot of assumptions to make about how well-secured your intellectual property is on employee-owned machines.

The inevitable alternative is looking increasingly like a return to the basics: company-issued hardware, company-vetted software and a rigorous set of security protocols employees must abide by on their work machines.

You can expect that this cybersecurity threat, along with the others named here, could require some reevaluation of some of your policies and even your company culture. It might mean parting ways with partners that don’t share your level of concern. The good news is, keeping yourself protected — whether you represent a company or you’re “just another” internet user — isn’t impossible. It takes technological vigilance, which can be pricy. But a healthy dose of scepticism is totally free.

Arrange a Conversation