Thank you, our adivisors will calling you.
Best Managed File Transfer Software
For the second year in a row, our MFT solution GoAnywhere has been awarded as best product in SoftwareReviews.Learn more
par Philip Robinson | Lepide • 31 Dec 2018
2018 is coming to an end, and there is certainly no end in sight to the onslaught of cyber-attacks that plague individuals, companies and critical infrastructure. So, what are we likely to see in 2019? Below is a brief round-up of emerging security trends and attack vectors.
While enterprises have been slow to adopt MFA due to the complexities associated with adopting new security technologies, we will see an increase in the adoption of MFA that will be driven by regulatory compliance requirements, such as GDPR and PCI-DSS, and increased reliance on cloud services. According to the following infographic, the MFA services market is expected to a 16% increase by 2022.
According to the 2017 Data Breach Investigations Report, 21% of breaches were related to espionage, and we will likely see a rise in the number of attacks on manufacturing and critical infrastructure.
Since the GDPR came into effect in May, 2018, we have seen a 160% rise in data breach complaints, and the EU expects the first GDPR fines to be levied before the end of the year.
Naturally, enterprises who use cloud-services will be using more than one service provider to store their data. And given that more than 50% of the data stored in the cloud is considered sensitive, we will inevitably see an increase in the number of security breaches, as companies struggle to enforce security policies. Using multiple services will make it harder for companies to keep track of where their sensitive data resides, who is accessing it, and when.
Crypto-jacking/crypto-mining is replacing ransomware as the most popular attack vector. We will see more large enterprises being targeted by crypto-mining attacks as they will yield the greatest rewards, due to the large number of users they can infect, and the more mining power they can harvest form corporate or cloud servers.
Between 2016 and 2017, we’ve seen a 600% increase in the number of IoT attacks, according to a report by Symantec. Many of these attacks are linked to the rise in cyber-espionage, with as much as 21% of these attacks originating from China.
Few companies have yet to find a practical use for blockchain technologies. This is not surprising as the blockchain was not designed for the purpose of enabling companies to secure their digital assets via centralized control. However, there are a number of post-blockchain solutions that are emerging, such as the SAFE network, Holochain, and many others, that provide user-friendly, decentralized and encrypted storage/hosting options that will make it very difficult for hackers to target specific servers.
The number DDoS attacks have doubled over the last six months. This has been due to the growing availability of DDoS-for-hire services, and the increase in the number of unsecured IoT devices.
Security teams are struggling to stay on top of the growing frequency and sophistication of security threats. Using AI to automate the process of identifying and responding to threats can allow security teams to focus on more productive tasks. However, it may turn out to be a double-edged sword. According to predictions made by McAfee, we will likely see more cyber-criminals exploiting AI and machine learning to deploy even more sophisticated cyber-attacks.
Given that malicious and negligent employees are still the greatest cyber-security threat to the business community, more executives are looking towards real-time auditing solutions to help them protect their sensitive data. Sophisticated DCAP (Data-Centric Audit & Protection) solutions provide companies with a wealth of invaluable information about how their sensitive data is being accessed, moved, modified or deleted. They can be used to monitor user privileges, files, folders, mailbox accounts, and any events that match a predefined threshold condition. They can automate the management of inactive user accounts, as well as reminding users to reset their passwords.