Post Published On: December 31, 2018
As the year draws to a close, it is worthwhile for Cyber Security professionals to reflect upon their individual experiences in light of the global landscape. The Cyber Security world was highly active in 2018 with several pitfalls, satisfying wins, pressing challenges and hidden opportunities presented across industries and geographies. How did we do? Where did we fail? What are the learnings, and what steps should we take to be best prepared for 2019? This blog post seeks to find out.
Cybercrime Landscape in 2018
Ransomware, a 2017-star performer for hackers, witnessed price correction efforts across the world in 2018. Cyber criminals lowered their ransom demands significantly (averaging around $250 per attack), with hopes that more victims would give in to their demands. This trend is indicative of better preparedness on the part of victims – either in terms of having backups available, or not falling for attackers’ lofty demands and deceptive tactics.
On the privacy scene, 2018 saw some of the biggest fines being levied for privacy violations, thanks in part to the coming into effect of GDPR. Facebook was awarded a hefty fine (around £500,000) for its failure to protect its users’ personal data in the Cambridge Analytica scandal, albeit under the older Data Protection Act of 2008. While much of the world outside of the European Union is still largely working on understanding GDPR and its applicability to their operations, the substantial fine, dished out by the Information Commissioner’s Office in the UK (the UK’s Data Protection Authority) is indicative of tighter enforcement and heavier penalties seeking out privacy violators in 2019. It is worth remembering that under the GDPR-era, these penalties can be high as €20m or 4% of the violator’s total worldwide turnover, whichever is higher.
Cybercrime in 2018 also witnessed the birth of a new entrant – a direct by-product of the Bitcoin wave. Given the extremely resource-hungry nature of a cryptocurrency mining transaction, CPU processing power literally spells the difference between winner and loser. It wasn’t long before criminals realized that they could steal CPU power from others. Called Cryptojacking, this form of attack spread its wings significantly in 2018. Phishing, incidentally, happened to be criminals’ launchpad of choice.
Cyber Defense Landscape in 2018
Securing the Human Factor:
Organizations’ cyber defense strategies in 2018 included a calculated focus on the chief vulnerability in phishing attacks, insider threats as well as identity theft – the Employee. Three new cyber defense areas were observed in 2018 that sought to achieve this – (1) Zero Trust Environments (2) User and Entity Behaviour Analytics and (3) Cyber Security Talent Acquisition efforts.
Zero Trust Environments:
In a Zero trust environment, all aspects of trust are removed, thereby mandating multiple layers of authentication before granting access to protected resources. The value of Zero Trust found public testament from no less an advocate than Google. The company published claims that their internal Zero Trust implementation, BeyondTrust, had demonstrated 100% resistance against credential based attacks in 2018.
2018 also saw a broader induction of User and Entity Behaviour Analytics (UEBA) systems into organizations’ cyber defense strategies. UEBA solutions, architected to “learn” employees’ behavior over time and flag off deviations as potential indicators of compromise, has been estimated by Gartner as having the potential to attract global end-user spending of up to $352m by 2020.
Cyber Security Talent:
A rather Herculean challenge facing Cyber Security decision makers was the attraction and retention of high quality Cyber Security talent to support their organizations’ security endeavors. As many as 1 million Cyber Security jobs were created world-wide. With the market being thrown open, Cyber Security professionals spent much of 2018 enjoying high demands for their services. However, the issue facing organizations was the acquisition of professionals with the right mix of certifications, skills and experience. For this reason, many positions are still unfilled. Worldwide, as many as 49,500 job positions for CISSP certified candidates remain unfilled. Much of Europe is staring into an abyss of close to 90,000 unfilled DPO positions, a figure made possibly only by the strong push coming from GDPR.
Looking Ahead to 2019
If 2018 was any indicator of things to come, it is clear that the key focal areas for Cyber Security decision makers lie in strengthening their disaster-preparedness levels and fortifying their overall internal security postures whilst bolstering their Cyber Security workforce.
Ingram Micro’s Cyber Security specialty unit – Ingram Micro Cyber Security – is committed to helping our partners deliver this to their end-customers. We deliver value added solutions founded on the people, processes and technologies in Cyber Security through our partners across the META region. Our solutions portfolio, organized across consulting, technical security assessments, managed security services, training and vendor-specific solutions, readily enables our partners to expand their capabilities in the market. We work closely with breach victims, assisting their recovery procedures, whilst also offering trainings on CISSP, CIPP/E and CIPM to help end-customers to overcome skills shortage in Cyber Security and Privacy.
Article Written by Praveen Joseph Vackayil – Cyber Security Consultant and Trainer