Over the last few blogs, I have been recapping what the Cybersecurity landscape could look in 2019.  So far, I have looked at some of the top threats, the top pieces of Cybersecurity Legislation that will soon come into fruition, as well as some of the major business activity that will transpire.  In today’s blog, we examine something a little bit different: The most overlooked Security issues that will spill over into 2019.  Here we go:

*The American small to medium sized business:

As we know, the Cyberattacker of 2018 has gone after those targets which are the much larger corporations and businesses, government agencies, credit card numbers, usernames and passwords, attacking home WiFi networks (especially during the time when the FBI released their announcement that you should reset your router because the Russians could have hacked into hit).  But the one thing that we did not hear of were the Mom and Pop businesses being hit with a Cyberattack. Not to say that it did not happen, but it certainly did not make the news headlines nearly as much.  The fear in 2019 is that these same Mom and Pops will be the next major target for the Cyberattacker.  It just won’t be a few that will be hit, rather the fear is that many of them could be hit all at once, thus really making an impact on the US economy, especially when it comes to supply chain and trucking operations.

*The misuse of Artificial Intelligence:

Artificial Intelligence (AI) and Machine Learning (ML) have both garnered a lot of attention towards the latter part of 2018.  Why is this so?  Well, let’s face it, the IT Security teams of every organization here in the United States are simply overburdened with just trying to keep up with all each and every alert and warning that comes from their systems.  They are overworked, tired, and just plain exhausted.  So, by bringing in the tools of AI and ML, it is hoped that many of the mundane and tedious could be automated, thus decreasing the workload of the Cybersecurity specialist so that they could focus on the much more important stuff.  While this is a great boon, people are fearful of the opposite in 2019:  The potential misuse of AI and ML to launch Cyberattacks. I have not seen any actual evidence of this happening yet…but we still have next year.

*The Public Transportation System:

As I have written about before, many of my podcast guests are fearful that the attack on US Critical Infrastructure will be the next wave to happen in 2019.  It’s not only the water lines and the electrical grid that will be the target, but so will also be the entities that depend on them.  An example of this is the Public Transportation System.  It won’t be the busses and the taxi’s ad the trains that will be the direct target; but rather, it will be the systems that they rely upon to get customers on board.  For example, it could be the disabling of ticketing processes, hacking into the IT Infrastructure that deals with the traffic and flow of trains on the tracks, messing with the traffic light systems, etc.

*The lack of coordination:

A lot of Cybersecurity professionals were harping on the fact that Corporate America simply does not have a good Incident Response (IR) Plan in place should they be hit by a Cyberattack.  Well, the good news is that it seems like that companies are starting to realize the need for this, and are starting to do something about it.  But even if they have developed an IR Plan, many of them have not even practiced it yet in real time.  So, what is the good of having one, if you don’t even know if it will work in real time?  This is where the lack of coordination comes in.  Nobody wants to seem to take the responsibility for coordinating such a dress rehearsal.  But coordination goes much more than that.  For example, in the IR Plan, there will be designated individuals that will have responsibility in order to work with others on the IR team to help mitigate the damage caused by a Cyberattack.  This too will not need an effective communications strategy, but even greater levels of coordination as well.  The bottom line is that when responding to a Cyberattack, an organization does not need any more chaos than what will already precipitate.  Practicing coordination will decrease that level of it.

*The Supply Chain and Logistics Channels:

While we have heard about attacks taking place to Critical Infrastructure, this is one that is often left out.  But truth be told, this is probably the weakest link in the total import/export grand scheme of things.  The United States has hundreds of maritime ports on both the West and East Coasts, with millions of shipping containers going through them, very often uninspected.  Who is to say that there is not a bomb, or perhaps some sort of nuclear bomb in of these containers? Also, it is not just the channels that are at risk, so is the IT Infrastructure that governs them.  Another weak area which has gained some news:  The discovery that a Chinese manufacturer covertly implanted chips onto the motherboards of servers that were used both by Amazon and Apple.  So, it is not just the point of destination that is at risk, so is the point of origination, and anything that falls in between them.

*The world of Mobile:

It seems like that the Smartphone of today is now our next intimate family member, even more so than our own spouses or even children.  This is a very sad statement to make, but it is the truth and the reality.  From the very moment we wake up to the very moment we fall asleep, our Smartphones are chained to us.  Heck, even when we go to bed, some people take their celly’s with them.  Now, just for a moment think what would happen if our Smartphone suddenly was lost or stolen? What we do?  An instant feeling of helpless paralysis will be bestowed upon us, and will take a long time to recover.  The Cyberattacker is well aware of this, and this is the kind of fear that they want to greatly exploit on in 2019.  Worst, these kinds of exploitation attacks will be launched from the remotest parts of the world, where it will be that much harder to track down and apprehend the perpetrators.

*The manipulation of Data:

This year, one of the mantras in Cloud Security has been that of Data Leakage.  In other words, how does a company implement those controls so that sensitive customer information and data does not fall into the wrong hands? A lot of effort has taken place to create and deploy such controls, but one area that has been overlooked is in the integrity of that data.  Take for example this scenario:  Suppose a Cyberattacker was able to alter the contact information of some of the customers of an organization?  Most likely, this won’t be a big deal and will even probably go unnoticed.  But the fact remains that the Cyberattacker has a way into your systems, or in other words, has found a backdoor that they can walk easily in and out of.  Or what if some of the financial transaction history in your bank account were maliciously altered?  How would you trust the controls and safeguards of your financial institution going forwards?  Keep in mind that if even the tiniest bit of information has been altered from a long time, ago, the chances are even much greater something more disastrous down the road could also happen.  So, although preventing data leakage is important, so is maintaining the integrity of that information and data in which you entrust third parties to.

Cyber Diplomacy:

Let’s face it no one individual, company, or even nation can combat Cyberattacks by themselves.  As Hillary Clinton said, it literally takes a village.  Because of the current political chaos and headwinds that are occurring in DC today, trying to forge relationships with other nations to come together as one cohesive unit to share intelligence, information, and data has faded into the woodworks.  The threats of closing down borders and imposing tariffs simply won’t cut it anymore.  We will be making more enemies than friends on the Cybersecurity front.  Therefore, there needs to be a huge, and drastic change upon this “America First” mentality, at least when it comes to the world of Cybersecurity.

Well, there you have it.  The most overlooked Cybersecurity issues in 2018.  Will 2019 give them the attention that they so desperately need? Stay tuned . . . 2019 is only two days away.