What are we expecting from the world of cybersecurity, as we enter its second quarter of 2019? In order to predict whatever theoretical or reasonable trajectory that we will experience for the rest of the year, let us review happened in 2018 and discuss the trend of 2018 as a guide for this year based on the context. So let’s start with a brief look at the events and trends that occurred in 2018.
Cyber warfare is no longer exclusive to rich/highly industrialized countries
Cyber-attacks can be highly effective at low cost and have high anonymity, so even countries that are reluctant to be in a low position in international politics may be able to equalize with the big countries in the cyber world. In 2018, countries in third countries such as Africa, Central, and South America, Southeast Asia, and the Middle East, which focus on the characteristics of such cyber attacks as “equalizers,” have gradually entered the stage of the cyber competition.
Cybercrime fuses with regular crime syndicates
Cyber-attack techniques are constantly evolving, and are constantly being worked out to achieve the maximum return with less effort and risk. At the same time, however, ecosystems and infrastructure are being developed to make effective use of old-fashioned methods and achieve significant benefits. It is feared that a new type of highly profitable cybercrime scheme will be created by linking conventional crimes to this.
Ransomware is still here to cause problems for its victims, but it will inflict lesser damage overall
Ransomware damage continued to occur frequently in 2018, but overall it is on the decline. However, they were not used as ransomware but tended to be used as tools to complement other types of attacks. For example, use ransomware to erase traces of malware intrusion and try to destroy the evidence. The use of ransomware as a complementary tool is expected to continue in the future.
Critical infrastructure is a good target
In 2018, large-scale attacks targeting government and social infrastructure, as well as individuals and companies, were noticeable. These attacks are very popular targets for attackers because they are popular and highly damaging. One example is Japan’s holding a global sporting event in 2020, further strengthening its preparedness against such attacks, strengthening its resilience in the event of an incident, and a solid crisis. Anyone with an interest of not becoming the next victim of cyber attack attempts will need to develop a management plan.
A practical method for securing the interest of end-users
Traditionally, security measures have been taken from the standpoint of limiting user behavior and educating and enlightening users who are ignorant of security. However, the effects of measures that regard users as “enemy” are naturally limited. In the future, in addition to measures to force users to change their behavior, security measures will be required that will be tailored to the user’s actions.
What is the expected cybersecurity trend in 2019?
Given this trend in 2018, what direction will cybersecurity move in 2019? We will try to predict some trends:
Fileless virus and Phishing to continue its growth trajectory
From 2017 to 2018, fileless malwares that used PowerShell exerted damaging blows against many victims. While many companies are already working on this attack method, in 2019 new types of fileless malware targeting different vulnerabilities may appear and intimidate. In addition, phishing and whirling attacks will be more diverse, targeting employees from all positions in the enterprise.
Known dates of national events as best dates for cybercriminal campaigns to strike
Cyber attack attempts are now positioned not only as an activity area for individuals and criminal organizations but also as a means for the state to achieve its political goals. Therefore, in the future, cyber attacks will be used as part of the nation’s diplomatic activities, trade negotiations, economic activities, and military activities. In large-scale events to be held in 2019, it is expected that such motive-based cyber activities will be activated under water.
Commoditization of cyberwarfare tools enable emerging countries to develop countermeasures against cyber attacks
In recent years, an arms race in space has become apparent, but only a few superpowers can participate in this, and the majority of nations are outside the nets. However, if you use cyber, you may be able to get along with superpowers without spending huge budgets on physical weapons and space development. Driven by these motives, it is possible that many nations will invest in the battle in cyberspace from now on.
Mobile devices as the favorite cyber attack and data breach targets
Many companies have dealt with the security risks associated with physical theft and loss of mobile devices relatively well, but have not prepared enough for cyber attacks. However, in 2019, it is easier for many attackers to break into weak mobile terminals and get in and out of the network as a foothold, rather than directly intruding into a tightly protected corporate network. You will notice that it is expected to use such a method.
IoT becomes a mainstream focus of hackers
It is expected that IoT will steadily advance and spread explosively after 2019. In the future, IoT devices will be increasingly integrated and smaller and will be equipped with more complex functions. And the network connected by devices will continue to expand. As these trends progress, the number of vulnerabilities targeted by attackers naturally increases explosively, so earlier countermeasures are desired.