Reading Time: ~5 min.
The cybersecurity landscape is in constant
flux, keeping our team busy researching the newest threats to keep our
customers safe. As the new year approaches, we asked our cybersecurity experts
to predict which security trends will have the most impact in 2019 and what
consumers should prepare for.
Continued Growth of Cryptojacking
“Cryptojacking will continue to dominate the landscape. Arguably more than a third of all attacks in 2019 will be based off of leveraging hardware in your devices to mine cryptocurrency.” – Tyler Moffitt, Senior Threat Research Analyst
The largest cyber threat of 2018 will continue
its unprecedented growth in 2019. Cryptojacking—a type of hack that targets
almost any device with computing power, including mobile devices, company
servers, and even cable routers to mine for cryptocurrencies—grew
by more than 1,000% in the first half of 2018. Compared to ransomware attacks,
cryptojacking is incredibly stealthy, with many systems losing processing power
while sitting idle anyway. We are now seeing cryptojacking in more significant
systems, as was the case when Nova Scotia’s St. Francis Xavier University struggled
for weeks to recover after cryptojacking software led to the school to disable its
entire digital infrastructure in order to purge the network. For home internet
users, cryptojacking can put undue stress on your computer’s processor, slowing
down performance and increasing your electric bill.
But, as with any cybersecurity threat, it’s a
constant cat-and-mouse game between criminals and the security industry. As
cryptojacking continues to grow, so does criminals’ ability to successfully
implement the attack. At the same time, so does our knowledge and ability to
defend against it. This type of attack can impact your devices in multiple ways,
whether via a file on your computer or a website you visit. We recommend a
layered solution that can protect against these
different attack vectors, like Webroot SecureAnywhere® solutions.
General Data Protection Regulation (GDPR) Influence
“We are going to see a lot more legislation proposed within the US that will be very similar to GDPR, much like California already has. These types of laws will inspire the idea that companies don’t own data that identifies people, and we need to be better stewards of that data. Data, by all accounts, is a commodity. It’s necessary for innovation and to stay competitive, but the data must be good to be of any use.” – Briana Butler, Engineering Data Analyst
The General Data Protection Regulation (GDPR) is a set of regulations put in place in 2018 that standardize data protection measures within the European Union, marking the beginning of a new era of international data protection. In the United States, California has been on the frontlines of data protection law since 2003 when bill SB1386 was passed, pioneering mandatory data-breach notifications nationwide. California continues to innovate in data privacy law with the recently passed California Consumer Privacy Act of 2018 (CCPA), possibly the toughest data privacy law in the country. Although clearly influenced by GDPR, it differs in many ways—enough that companies who are compliant with GDPR may need to take additional steps to also be compliant under the CCPA. But it’s not just lawmakers who are pushing for data protection regulation, influential tech industry leaders like Tim Cook are also calling for stronger consumer protections on data collection nationwide.
What does this mean for you? Expect another wave of “Privacy Update” emails and cookie collection pop-up notices while browsing, as well as expanded protections regarding the collection and storage of your personal data. Given the rising regularity of third party data breaches—like the one that recently left 500 million Marriott guests exposed—stronger data protection laws can only mean good things for consumers.
Biometrics on the Rise
“We will see continued growth in biometric services. Devices with usernames and passwords will become the legacy choice for authentication.” – Paul Barnes, Sr. Director of Product Strategy
Largely associated with facial and fingerprint
recognition, biometrics have been on the rise
since at least 2013, when the launch of TouchID placed the technology in every
iPhone user’s hands. But the adoption of biometric technologies—particularly
facial recognition biometrics—was dampened by cultural and ethical concerns,
with some fearing the establishment of a national biometric database. But today
we are beginning to see the normalization of facial recognition biometrics,
like those utilized by Snapchat and Instagram. Biometrics are also now widely seen
used in critical infrastructure applications. Airports use biometrics to
facilitate a faster boarding process, and hospitals are adopting biometrics for
both patient care and as a HIPAA security precaution.
We predict this regular exposure to biometrics will lead to a larger cultural acceptance and adoption of biometrics as a trusted security standard, leading to the eventual death of usernames and passwords. Why bother with a login when your computer knows the minute details of your iris? But convenience may come as a cost. Corresponding with rising use, biometric data will continue to become a more valuable commodity for cybercriminals to steal.
The Beginning of the End for SSNs
“There will be significant discussion around replacing Social Security numbers for a more secure, universal personal identity option.” – Kristin Miller, Director of Communications
In 2017 the Equifax breach compromised 145.5
million Social Security numbers, forcing us to face an uncomfortable truth:
SSNs are a legacy system. First available in 1935 from the newly minted Social
Security Administration, they were created to track accounts using Social
Security programs. They were never intended to act as the secure database key
we expect them to be today.
The conversation has already begun on the
federal level. “I think it’s really clear there needs to be a change,” White
House Cybersecurity Coordinator Rob Joyce said at the 2017
Cambridge Cyber Summit. “It’s a flawed system. If you think about it, every
time we use the Social Security number you put it at risk.”
Although it will be some time until we fully replace Social Security numbers, what should you expect from a replacement? When it comes to personal identifiers that are both unique and secure, the conversations tend to center around two technologies: biometrics and blockchains. Biometrics—particularly behavioral biometrics, which derive their logic from individual’s behavioral patterns, such as the syncopation of types or taps on a screen, or even your unique heart beat—are proving to be an especially intuitive solution.
Certification for the Internet of Things
“We will finally see a consumer IoT/connected goods certification body, similar to the Consumer Electrical Safety Certifications today. This will enforce the notion of Security by Design for a smart goods manufacturer.” – Paul Barnes, Sr. Director of Product Strategy
We love the Internet of Things (IoT). It
powers our smart homes, our fitness trackers, and our voice assistants. But IoT
devices are notoriously insecure, oftentimes featuring overlooked flaws that
can lead to exploitation in unexpected places. A recent Pew Research Center survey looked
at how growing security concerns are influencing the spread of IoT connectivity
reported only 15% of participants saying security concerns would cause significant
numbers of people to disconnect from IoT devices. Alternatively, 85% believe
most people will move more deeply into an interconnected life due to the
convenience of IoT products. Recently
published documents may signal that the time of putting convenience
ahead of security is quickly coming to an end.
The United Kingdom’s department for Digital,
Culture, Media, and Sport (DCMS) published the “Code of Practice for Consumer IoT Security.”
The code outlines thirteen steps for organizations to follow for the implementation
of appropriate security measures in IoT offerings. It also emphasizes the need
for a secure-by-design philosophy, a belief that security measures need to be
designed into products, not bolted on afterwards. This type of regulatory
influence on the industry is sure to make waves across the pond, and we are
already seeing this play out with California’s
new IoT security law.
Keep these predictions in mind as you make
your way through 2019. Staying informed is the best way to keep you and your
family safe, so check back here for more cybersecurity trend updates in the