Other issues in this category (7)
What will happen next?
Today we’ll continue discussing forecasts.
CyberArk’s security analysts have come up with five information security predictions for 2019.
By the way, why did we opt to devote another issue to projections? Well, with each passing year, it becomes increasingly difficult for experts to come up with things that could get worse a whole year later. And, meanwhile, a year that’s winding down can best speak about the quality of the previous year’s predictions. Do most of you remember the panic that broke out after vulnerabilities were discovered in Intel’s CPUs? Virtually all the media outlets were screaming about impending super-stealth hacker attacks. A year has passed, and where are those attacks? Even the forecasts don't mention them anymore.
But let's get back to the security projections issued by CyberArk.
The upcoming year will witness a wave of attacks on biometric markers used to facilitate user authentication.
That's why companies will adopt new authentication methods such as embedded human microchips. Just imagine that in the near future, you will have a microchip implanted into you whenever you switch to a new job. Of course, this is to simplify the authentication process and control your access permissions. That sounds really creepy.
And hackers will be hacking into the chips to access places they are not supposed to go. That one makes a good movie plot, no less!
Luckily, this is unlikely to happen any time soon. For now, it's safe to assume that data leaks will remain a major problem. Attacks involving stolen passwords and photos are a distinct possibility. In the long term, biometric data can be used by attackers to carry out unauthorised transactions, e.g., to obtain loans from banks. Why don't we expect a sharp increase in the popularity of these fraud schemes? Because criminals already have access to people’s scanned IDs, but incidents of attackers actually taking advantage of them are not very common.
Biometric data storages within organisations will become the primary attack targets.
In our opinion, incorrect access settings and vulnerabilities (that may exist because users neglect to install security patches) will become the main cause of data leaks. Statistics show that the World Wide Web is rife with security issues, and we predict that the number of vulnerable sites will not decline.
CyberArk believes that governments will regard the social media accounts of public servants as part of the critical infrastructure. The same fate awaits accounts used by secret services. This is because social networking sites are supposedly becoming an important tool authorities can use to facilitate communications with citizens. The incident involving false missile attack alerts causing panic in Hawaii and Japan is a good example.
We doubt that. And that’s simply because we can’t envision how a specific account on a third-party website can reliably be protected. After all, sites of this kind are created to help people get in touch with each other easily and (let's be honest) gather their personal information. Nothing can prevent attackers from creating fake accounts and publishing bogus news posts, even if media outlets can expose them.
Industrial espionage provoked by trade wars is the third problem on the experts' list. Nation-state attackers will attempt to use even more advanced technology to steal intellectual property.
A massive upsurge is very unlikely, just because adopting someone else's technologies is usually noticed instantly. And the discovery quickly leads to lawsuits and sanctions. Piracy and military technologies may be the only exceptions.
The fourth predication suggests that blockchain will be used to secure supply chains.
That’s very unlikely, too, although individual projects of this kind may be implemented. The reason: slow operation and the inability to remove false data. And if you have suppliers you need to control, there exist agreements and penalties for that.
BeyondCorp is a new security concept from Google that regards local networks to be as hazardous as the Internet. Users can access corporate environments from anywhere, whether it be from their homes, a coffee shop, their offices, etc. Google's strategy uses authentication and encryption to facilitate access to corporate assets from any location.
Although BYOD was much talked about, it never became a trend (or a sales driver). The reason behind this is the inability to easily control a diverse array of personal devices. Android is still an operating system for individuals rather than corporations. It doesn't include any remote administration tools, and its security mechanisms are not particularly robust.
Will attacks follow? They will, but not in great numbers because of the low cost/efficiency ratio—bribing one's way into a corporate network is much easier.
…next year things will remain the same: users will install Trojans all on their own and then blame their problems on their anti-viruses.