Today’s world experiences massively interconnected devices to share information across variety of platforms between traditional computers (machines), Smart IoT devices used across smart homes, smart interconnected vehicles etc. and of course the social networks apps such as Facebook, LinkedIn, twitter etc.
We have experienced this trend with a skyrocketing growth and foresee it to continue exponentially in the future. At one end, we find life becoming easier with such developments and at the other end, we experience more and more cyber threats on our privacy, security and trustworthiness with organizations holding our data.
This article presents my view on cybersecurity trends for 2019 based on my recent experiences dealing with smart device technologies and data privacy.
ALSO READ: What Does Your Data Mean In 2019, And How Do You Make Sure You Protect It Like Crazy?
Data is the future currency of businesses and protection of data is the utmost priority for individuals, business organizations and countries. As the tremendous growth in smart devices is certainly going to impact the way we share our information, it will open up a new front in creating additional attack surface.
Core devices such as the routers and home assistants are the kinds of equipment that interact most with other smart devices as well as the Internet. Hence, they are likely to be primary targets for attackers.
Data breach is either a situation when personal information is lost or compromised intentionally or accidentally resulting in harm to individuals, agencies or business organizations. The breach of sensitive data not only poses serious threats to both public and private organisations but also puts their employees and clients at risk, e.g., economic loss.
General Data Protection Regulation (GDPR) was introduced and legislated by the European Union (EU) on 25th May 2018 and is certainly an important step to preserve data privacy of consumers and organisations. Such efforts are encouraged by other countries and a trend that will influence the cybersecurity landscape in 2019 as well as in future. California Consumer Privacy Act (CCPA) in United States signed law similar to GDPR less than 40 days after GDPR came into effect.
ALSO READ: How This Secret Cyber Security Centre In Chennai Protects All Of Us In India From Cyber Attacks
In India, similar laws have been proposed under the ‘Personal Data Protection Bill’, which is expected to be tabled in the Parliament this summer, after the Lok Sabha elections 2019.
Data breach can be classified into two categories based on how they are preserved. Physical breach where protection of physical sensitive files and its storage must be kept and maintained confidentially.
It is the responsibility of officials and authorities who are in charge of maintaining and preserving the integrity of data at all times. In the world of digital economy, organizations now rely more on maintaining their data in digital form.
Though finding, accessing and operating on these data is quicker and cost effective using digitally stored information, such data is also exposed more frequently to adversaries.
Data breaches could happen at different points during the life cycle of data such as, data-at rest, data-in-use and data-in-motion (i.e. data in transmission). A breach may result in exposing (leaking) sensitive transmitted data either intentionally or accidentally, from a victim organisation to external unauthorized destinations.
The leak of sensitive data, such as high level security classified government and military information, patients’ medical records, commercial information, intellectual property and customer information, can be caused by insiders, outsiders or trusted third-parties.
ALSO READ: Indian Govt Can Now Track & Monitor Data On Your Computer, And Police Can Seize Your Devices
However, regardless of how leak of sensitive data is caused and regardless of whether the leak is due to a malicious intention or an inadvertent mistake, the incident could pose serious threats to an organisation and leads to direct and indirect losses.
There has been significant progress made through researchers, academics and organizations as well as government policy bodies in the last few years developing solution to avoid data breach. In spite of all these efforts, there have been increased data breach happening around the world in recent years.
We envisaged the fact such breaches are increasing due to several reasons. 1. The proposed solutions are not fully implemented, 2. Users of various social networks expose too much information either intentionally or unintentionally and have very limited understandings on consequences of exposing such information and 3.
Development and use of non-standardized Internet of Things (IoT) smart devices. Recent data breach incident involving how fitness tracker was used to locate military bases of countries expose serious data breach and security.
There have been numerous such incidents happening around the globe, which are of severe concerns to private, public and government organizations. Data breach may do more than damaging the trust that people place in an organization.
ALSO READ: How To Keep You And Others Safe Online: Here Are 9 Tips To Protect Your Data Anywhere
Based on the data protection law either adopted or in final stages of legislation by different countries (Australia, Brazil, Japan, China, India etc.), it is expected that in 2019, companies will be busy preparing to comply with such legislation around the world.
Recent cases with Facebook and Google+ exposed the account information of 90 million users suggest tight control on data privacy is what organisations must consider to win the confidence of their users in order to stay safe in the business.
Business organizations must take extra precautions as well as follow strict regulations on how to protect their consumer data in every form. Hence, consumers should not leave it up to businesses to do the right thing, there are things consumers must do to protect themselves.
There is a steady increase in Ransomware cases until now and recently many ransomware victims have found themselves having to follow a criminal’s instructions on how to sign up for a Bitcoin wallet or other means of making a ransom payment.
With increased use of block-chain technology, new problems surrounding crypto currency would most likely going to be surfaced in 2019. An exhaustive description of how blockchain, cryptocurrency and coin mining work is well out of scope for this article. Simplistically, all these terms and their associated mechanisms could require huge processing power into the future.
More and more Cyber criminals have been using Monero (private digital currency) which certainly has obvious advantages for criminals. With new technologies around crypto currency being used, cyber criminals will be more interested intercepting devices (Cryptojacking) used to process crypto currency. In 2019, we predict cryptocurrency-mining malware to target Mac OS or Android OS due to third-party add-ons used with Linux and Windows distributions.
With constant progress in cyber defence schemes, we are also experiencing changing strategies adopted by cyber criminals such as, use of more automation techniques involving Artificial Intelligence (AI) and Machine Learning (ML) techniques to make their attack approach even more efficient.
Hence, in 2019 we expect such criminal activities will become more effective, cost-efficient and easier for social engineering attacks.
ALSO READ: 77.3 Crore Emails & Passwords Have Been Leaked Online, In One Of The Biggest Data Breach Ever
Connected vehicles is an area where more and more vehicle manufacturers are investing their resources to manage transport data in most effective and efficient manner.
New data protection schemes surrounding transport data is an important area of research recently in the space of Vehicular Network as more threats may be posed by cyber attackers causing significant damage to the privacy and security of future connected autonomous vehicles.
Hence, in 2019 and to the future years we expect more research activities in some of the important areas of concern involving vehicular network such as; a. How to prevent illegitimate users from accessing or forging transport data, b.
Developing flexible key management algorithms preventing forged data, c. How to develop a vehicle traceability mechanism in case of cyber-attacks on such network, d. Establishing an infrastructure reputation model and e. Building a data responsibility system.
Finally, we would like to emphasize that, in 2019 and beyond more and more cyber threats related to data breach, ransomware, infrastructure related attacks are going to happen due to new automated schemes recently adopted by cyber criminals. Alongside these threats, users will still be hit by traditional attacks involving phishing, DDoS, Identity theft and so on.
Hence, individuals, companies and governments around the world must take a proactive approach, training individuals adopting to new secure technologies and preparing a holistic approach to combat future threats.
About the author: Dr. Priyadarsi Nanda is a Senior Lecturer at the University of Technology Sydney (UTS) with more than 27 years of experience specializing in research and development of Cybersecurity, IoT security, Internet Traffic Engineering, wireless sensor network security and many more related areas. In Cybersecurity research, he has published over 80 high quality refereed research papers as well as conference articles. In 2017, his work in cyber security research has earned him and his team the prestigious Oman research council’s national award for best research.