It seems like every week there’s a new high-profile data breach that dominates cybersecurity news headlines. Sometimes, these stories bleed into the mainstream as well.
In just the past few years alone, for example, you’ve probably heard about the following cyberattacks:
- WannaCry and SamSam ransomware attacks
- Deloitte and Equifax data breaches
- Colorado Department of Transportation hack
- Facebook and Cambridge Analytica breach
Not surprisingly, cybersecurity news tends to focus on the biggest breaches — i.e. those affecting major corporations and municipalities. In fact, these cybersecurity trends can (and do) affect anyone, with 50 percent of all attacks targeting smaller businesses that typically lack the security expertise to defend themselves.
Moreover, these information security breaches will only get worse as our lives become increasingly digitized. Already, society is dangerously reliant on hyper connected devices — from smart TVs to driverless cars to automated manufacturing. Each of these technologies creates another entry point for criminals and hackers.
This quickly changing landscape makes forecasting potential threats very difficult, even among cybersecurity news experts who closely follow emerging developments.
Below are our top picks for cybersecurity trends to watch in 2019 and beyond.
1. Fileless attacks
With normal phishing, malicious code is downloaded and installed on a user’s hard drive (usually after clicking on a suspicious link). As the name suggests, fileless attacks don’t rely on downloaded “files.” Instead, they work by hijacking a computer’s existing infrastructure before taking over core administrative functions. Basically, the user’s machine is turned against itself.
Because all instructions are coming from trusted programs that are already installed on the computer, fileless attacks are hard to detect. This is what makes them so effective – and worrisome. According to some estimates, more than 75 percent of all cyberattacks today are classified as “fileless.”
2. Ransomware attacks
Ransomware attacks aren’t new, but they enjoy tremendous staying power due to the genius behind this particular type of hacking.
Ransomware targets vulnerabilities in unprotected machines (without requiring the user to click on any links). Once a machine is compromised, malicious code is automatically downloaded onto the user’s computer. The hacker essentially holds the machine (and data) hostage until the victim pays a hefty “ransom” — usually via untraceable cryptocurrencies such as Bitcoin.
The WannaCry attack of 2017 is one of the best-known examples. It exploited holes in Windows XP, an outdated operating system originally released in 2001.
The best way to protect yourself from ransomware attacks is to keep all of your devices and servers updated with the latest patches, operating systems and anti-virus software.
3. Cloud-based attacks
With falling storage prices and ever-increasing Internet speeds, cloud-based technologies are on the rise. They’re incredibly convenient, providing access anytime, anywhere for users around the globe.
This is precisely what makes cloud-based infrastructure so attractive to hackers. Instead of trying to break into millions of private computers, criminals need to focus on a single, centralized chokepoint.
Protecting yourself from cloud-based attacks is difficult since you (as a user) don’t really control the infrastructure involved, but it’s always a good idea to:
- Keep local backups of important data.
- Use secure passwords (that you change frequently).
- Share information only with trusted platforms.
4. Malicious state actors
The U.S. military spends more on defense than the next seven countries combined, making it very difficult for potential adversaries to beat us on the battlefield. They’d have to spend many billions to close the gap.
For a fraction of that investment, aggressive state actors can build an army of coders to hack into America’s critical infrastructure (e.g., power grids, defense systems and nuclear reactors).
Credible reports suggest that Russia and China have already started doing precisely that in recent years. If true, there’s no reason to believe such attempts will diminish in the near future.
Unfortunately, there is no real protection against this type of cyber threat. Just be sure you keep plenty of flashlights, batteries and bottled water handy.
5. Artificial intelligence
Not all attacks stem from malicious intent. Sometimes, indifferent, unfeeling machines are to blame.
For example, modern computers increasingly use artificial intelligence (AI) to spot patterns or make surprisingly accurate predictions about the future.
However, the machine learning used to train AI programs usually happens in black box environments. This makes it difficult (if not impossible) for the architects of these programs to understand what is happening under the hood.
When all is well, there’s nothing to worry about. When things go south, there is no way to correct the problem — unless you turn off AI entirely. That’s assuming the AI platforms of tomorrow even respond to the stop buttons and safeguards we put in place today.
6. Fake news
This last type of cyber threat combines the two previous ones — state actors and artificial intelligence. The 2016 U.S. presidential election has already demonstrated the deadly potency of this combination.
Online users were inundated with fake news that, many believed, helped sway the election. This trend was especially pronounced on Facebook, but no corner of the Internet was completely immune.
The technology is only getting better (or worse?), with bots able to auto-generate realistic-looking articles in mere seconds. These articles are then amplified by fake social media accounts that help like, share, and spread the news like wildfire.
It’s also now possible to create realistic-looking videos of events and conversations that never happened. Against this backdrop, blackmail, extortion and character assassination are inevitable. When guided by bad actors, artificial intelligence has the power to make anybody believe anything.
Worst of all, there is currently zero defense against this emerging threat.
Protecting Yourself Against These Cybersecurity Trends
As a business owner, there are common sense strategies you can implement to make yourself less of a target.
For example, you should closely follow cybersecurity news on a regular basis. The more you know about emerging information security trends, the better equipped you’ll be to avoid them.
In addition, many of the tools we use to prevent payment fraud at BluePay can also be used to safeguard other types of data — such as customer records, credit card numbers, or business email accounts.