How accurate are the security industry’s 2019 predictions so far?
Six months ago, in keeping with the annual tradition, vendors and journalists in the cybersecurity space predicted the tech, threats and trends expected to dominate in the new year.
How did they do? Since we are at the 2019 halfway mark, I'm taking this opportunity to analyze the accuracy of the most popular predictions.
Full disclosure: not all of Nyotron’s predictions hit the bullseye either!
Cyberwarfare on the Rise
Many experts predicted a rise in state-sponsored cyberattacks, especially by Russia. This prediction made sense because of the impending US presidential campaign. Considering Russia’s history of interfering with our elections, it would not be surprising to see them try again.
While state-sponsored cyberattacks have indeed increased, a big surprise is that the U.S. is at the forefront, having allegedly conducted online attacks against an Iranian intelligence group. According to the New York Times, the U.S. targeted multiple Iranian computer systems in retaliation for tanker attacks and the downing of an unmanned American drone. The newspaper also reported that the U.S. has been deploying cybertools to hack into Russia’s power grid.
China is another major player this year, having been linked to attacks on at least 10 global telecom companies in an effort to collect data on certain individuals. Add to this the ongoing allegations that Huawei could be exploited by the Chinese government for espionage, and it’s clear that state-sponsored cyberwarfare is as prevalent in 2019 as expected.
Cryptojacking Shifts into Neutral
Cryptojacking is an odd trend. Many thought that, as popularity in the blockchain ecosystem increased in the form of mining, trading and ICOs/STOs/IEOs, we’d see an uptick in crypto-related cyberattacks in 2019. However, the “crypto winter” buried the market at the beginning of the year and made traders wary, which led to the industry coming to a standstill up until very recently.
According to a CipherTrace report, $356 million in cryptocurrency was stolen in the first quarter of 2019. While this might seem like a lot of money, in 2018 an astounding $1.2 billion in crypto was stolen.
The question is, as interest in crypto and blockchain begins to pick up steam again, will cryptojacking again increase? The answer is likely yes, but the real danger is to enterprises rather than crypto exchanges or wallets.
Cryptojacking cyberattacks aimed at enterprise cloud environments can cause a significant amount of damage, draining resources, slowing system performance, and increasing operating costs. Companies deploying private blockchains (distributed ledger technology) must take precautions as well. If not, they could be inviting a security catastrophe into the organization.
Zero Trust Takes Off
Cybersecurity experts will tell you that the Zero Trust model should have been adopted by enterprises years ago. Closing your network to outsiders and setting permission-based limitations on those with access is one of the best ways to protect your company from both malicious insider threats and accidental disasters.
Last year, Zero Trust was a buzzword that was beginning to take off; this year you can’t attend a security conference without hearing it throughout. While this was one of the easiest predictions to make, it’s also exciting to finally see it come true. The Zero Trust model should have been mainstream on both the network layer and for endpoints a long time ago.
GDPR in the USA?
It’s been a little over a year since GDPR became law in Europe, and a year and a half since privacy experts began warning that it would hit the U.S. sooner than we think. Well, it hasn’t.
True, we now have the California Consumer Privacy Act (CCPA) but that’s only one state. And yes, the CCPA will affect companies and consumers in other states (especially due to e-commerce), but by now most experts expected to see other states passing similar bills, or even a federal version of the CCPA.
What does this say about the country? Are US consumers less concerned about privacy than Europeans? Or are we more willing to exchange privacy for a better customer experience or less expensive goods and services? The answer isn’t clear, but for security professionals, it’s puzzling that GDPR hasn’t made the same waves on this side of the ocean.
Clearly, there were some hits and misses, but we can’t all be Nostradamus. It'll be interesting to assess how the predictions fare in the second half of the year.