Dan Lohrmann Prediction Awards:
Most Creative — Beyond Trust – “Millennials Ruin Everything” — (Based on a privacy prediction on the evolving prediction of privacy and how young people don’t care and share.)
Newest & Specific — “Bring your own security (to work) takes off” — (MalwareBytes)
Most Scary (yet practical) — Cybercriminals Will Compete for Dominance in an Emerging IoT ‘Worm War’ (TREND MICRO)
Most Common and Likely — More large-scale security breaches — (almost everyone)
Most Disagreement Among Security Companies — The Role and Value of AI in 2019 (Many predictions highlight how AI value is way overblown).
Best Overall Advice in Predictions — Well-known Vulnerabilities Will Continue to Dominate Cyber Attack Reports (Beyond Trust and others)
1) Trend Micro
-Actual Mass Real-World Use of Breached Credentials Will Be Seen
-Sextortion Cases Will Rise
-Home Networks in Work-From-Home Scenarios Will Open Enterprises to BYOD-like Security Risks
-Innocent Victims Will Get Caught in the Crossfire As Countries Grow Their Cyber Presence
-99% of Exploit-Based Attacks Will Still Not Be Based on 0-Day Vulnerabilities
-Cybercriminals Will Compete for Dominance in an Emerging IoT ‘Worm War’
-My favorite from Trend Micro: Cybercriminals Will Use More Techniques to Blend In - “In response to security vendor technologies, specifically the renewed interest in machine learning for cybersecurity, cybercriminals will use more malicious tactics to “blend in.” New ways of using normal computing objects for purposes other than their intended use or design — a practice known as “living off the land” — will continue to be discovered, documented, and shared. We have been observing a few of these.”
2) Fire Eye
-(More) Nations developing offensive capabilities
-Breaches continuing due to lack of attribution and accountability
-The widening skills gap, and fewer trained experts to fill security roles
-Lack of resources, especially for small and medium-sized enterprises
-Supply chain as a weakness
-Attackers eyeing the cloud, since that’s where the data is headed
-Social engineering, considered by many to be the most dangerous threat
-Cyberespionage, cybercrime and other threats to the aviation industry
3) McAfee Labs
-Cybercriminal underground to consolidate, create more partnerships to boost threats
-Artificial intelligence the future of evasion techniques
-Synergistic threats will multiply, requiring combined responses
-Misinformation, extortion attempts to challenge organizations brands
-Data exfiltration attacks to target the cloud
-Voice-Controlled digital assistants the next vector in attacking IoT devices
-Cybercriminals to increase attacks on identity platforms and edge devices under siege
-AI-Driven Chatbots Go Rogue
-Utilities and Industrial Control Systems Targeted with Ransomware
-A Nation-State Launches a "Fire Sale" Attack
-Fileless, Self-Propagating "Vaporworms" Attack
-Attackers hold the internet hostage
-The winter of AI — There is no real AI in cybersecurity, nor any likelihood for it to develop in 2019.
-Industrial IoT disruption at scale — Attackers will disrupt Industrial Internet of Things (IIoT) devices using vulnerabilities in cloud infrastructure and hardware
-A counterfeit reflection — Hackers will game end-user face recognition software, and organizations will respond with behavior-based systems.
-Courtroom face-off — 2019 will see a court case in which, after a data breach, an employee claims innocence and an employer claims deliberate action.
-A collision course to cyber cold war — Isolationist trade policies will incentivize nation states and corporate entities to steal trade secrets and use cybertactics to disrupt government, critical infrastructure, and vital industries
-Driven to the edge — Consumer concern about breaches will cause companies to embrace edge computing in order to enhance privacy. Designers will face significant headwinds with adoption due to low user trust.
-Cybersecurity cultures that do not adapt will fail — Industrywide security trust ratings will emerge as organizations seek assurances that partners and supply chains are trusted partners.
6) Beyond Trust
-Privileged attack vectors will continue to be the number one root cause of breaches for both consumer and business data.
-Well-known Vulnerabilities Will Continue to Dominate Cyber Attack Reports — “The pattern of successful attacks through the use of well-known and entirely preventable vulnerabilities shows little sign of abating. Organizations continue to focus their efforts injudiciously, ignoring the lower severity vulnerabilities with known exploits in favor of largely academic, high severity vulnerabilities.”
-AI on the Attack — Skynet is becoming self-aware!
-Results Section: Millennials Ruin Everything — Evolving Definitions of Privacy
-Centralized Information Brokers Emerge
-Attackers Will Exploit Artificial Intelligence (AI) Systems and Use AI to Aid Assaults
-Defenders Will Depend Increasingly on AI to Counter Attacks and Identify Vulnerabilities
-Growing 5G Deployment and Adoption Will Begin to Expand the Attack Surface Area
-IoT-Based Events Will Move Beyond Massive DDoS Assaults to New, More Dangerous Forms of Attack
-Attackers Will Increasingly Capture Data in Transit
8) Kasperky-No more big APTs
-Emergence of newcomers — “The thing is that the entry barrier has never been so low, with hundreds of very effective tools, re-engineered leaked exploits and frameworks of all kinds publicly available for anyone to use.
-The ever-increasing attack surface — The increasing amount of automation systems, the variety of automation tools, number of organizations and individuals with direct or remote access to automation systems, as well as the emergence of communication channels for monitoring and remote control between previously independent objects — all expand the opportunities for criminals to plan and execute their attacks.
-The underestimation of general threat levels
-Contextual privacy will be front and center
-Automation will transform the workforce: Robotic process automation and machine learning (ML) will transform how business operates
-We’ll go back to basics on security (again), but also focus on specifics: In 2019, organizations will redouble their efforts to strengthen their security posture. It’s about understanding their risk environment, and ensuring they are doing the basics right to protect their business; practicing IT hygiene to keep infrastructure current to protect against vulnerabilities continues to be critical.
-Caretaking robots — Robots are already in our homes in the form of vacuum cleaners and cute mechanical dogs, but Andrew McAfee, MIT research scientist, envisions more sophisticated robots helping senior citizens with dementia or children with autism. "One of the great things is they don't get impatient with human beings," he said.
-AI and your digital self — Artificial intelligence can allow us to leave an imprint of ourselves that can remain a hundred years from now. Alicia Abella, VP of operational automation and program management for AT&T, envisions creating an AI print of her deceased father, a pitcher, who could teach her son how to play baseball.
-Shopping — The mundane task of grocery shopping could be eliminated if Abella has her way. She describes virtually picking her own tomatoes, but through an avatar in the store while she sits at home.
-Cars — Autonomous driving may end up being a real game changer for the industry. "No one will own a car in 25 years," said Rsesh Patel, senior executive vice president of retail and care at AT&T.
11) RSA Security
-More sophisticated artificial intelligence features of security tools in 2019.
-Cryptomining will continue to be a threat as long as attackers can make quick cash from the infections. Be on the lookout and deploy endpoint and intrusion prevention tools designed to detect these exploits. (Note: This is different than others who think this trend is fading.)
-Lack of backup verifications will continue to plague IT managers, making ransomware a continued threat in 2019.
-“Terrorist-related groups will attack population centers with crimeware-as-a-service. …
-Managing privacy will be the new normal, like securing data or paying taxes. Privacy will continue on a similar path as the evolution of cybersecurity. …
-”In 2019, healthcare organizations will be the number one target for attackers. …
-macOS attacks on the rise — Apple’s share of the desktop market is rising, and malware designed to infect Macs is growing along with it.
-Combating invisible threats — Network-level exploits will enter the limelight next year, and they will likely be hyped by social media, if history is any indication.
-A shift toward mobile attacks — Fintech services are paving the way to a very profitable new trend for hackers, particularly in the mobile space. The more money they manage on behalf of their users, or the tighter the integration with traditional banking systems, the more attention they will get from cybercrooks who will likely develop new threats targeting these specific services in 2019.
14) Sophos Lab
-Targeted attacks gain popularity, reap deep rewards
-What’s old is new again
-Transitioninh to manual attack mode
-SamSam ransom payments — Total: $6.5 million USD
-Attacker techniques evolve to use what’s already there
-“Living off the land” is the new law of the land
-How “LoL” changes malware detection and prevention
-The growth explosion of Office exploits
-Mobile and IoT: Malware is not slowing down
-The growing and persistent threat of mobile malware
-Android: The good, the bad, and the ugly
-Unusual malicious campaigns affecting the Android platform
-Attacks against the internet of things
15) IBM's Predictions
-Causality will increasingly replace correlations
-Trusted AI will take center stage
-Quantum could give AI an assist
-Economic espionage will reawaken because of the US-China trade war.
-Bad bots’ fraud revenue will make Fortune 1000 firms jealous.
-Woman CISO's will increase as companies look for different perspectives
-Affidavits fail cyberbullying — By 2023, 25% of organizations will require employees to sign affidavits to avoid cyberbullying, but 70% of these initiatives will fail.
-Personal data poisons blockchain — By 2022, 75% of public blockchains will suffer “privacy poisoning” — inserted personal data that renders the blockchain noncompliant with privacy laws.
-Consumers ignore security breaches — Through 2021, social media scandals and security breaches will have effectively zero lasting consumer impact.
18) Nuvias Group
-Increase in crime, espionage and sabotage by rogue nation-states
-GDPR — the pain still to come
-Cloud insecurity — it’s your head on the block
19) Barracuda MSP
-Email security will continue to dominate the threat landscape.
-Cybersecurity education will be key to mitigating threats and vulnerabilities.
-Differentiation will happen through vertical focus. (for channel partners)
Cyber security student and researcher.
Security Predictions for 2019
Hackin' with Metasploit
Understanding the Reference Monitor
Did the Security Predictions for 2017 Come True?
Cyber Security Executive Order & NIST