1(630)802-8605 Ravi.das@bn-inc.net

Yesterday I posted about the top 9 Cybersecurity legislations that you will impact you coming into 2019.  As I also mentioned, the Cybersecurity pundits have already started to make their predictions for 2019, and here is a sampling of a few of them:

  1. Phishing:

This kind of Cyberattack has probably been around the longest, probably even much longer than when I first expanded my tech writing biz into writing about Cybersecurity.  We all know what this encompasses, you get a phony E-Mail, with a suspicious header, as well as content that is very often poor in grammar and sentence structure.  Not to mention, there are also typos in the body of the language as well.  Then there is the usual suspicious link that you should never click on and/or download an attachment which contains a malware payload.  But Phishing is still expected to be the number one Cyberthreat for 2019, and it will be different and even more lethal this time around.  For instance, the Cyberattacker will not just be simply mass E-Mails out.  Rather, they will take the time to study their target, and learn their particular profile.  They will also send out much fewer Phishing E-Mails, but these will be highly targeted and the penetration rate of it will be much higher.  A perfect example of this is Business E-Mail Compromise, or BEC for short.  These are Phishing E-Mails that are designed to hit at the C-Level Exec at a particular company, and con them into transferring a large amount of money into a fictitious overseas account.  I have to be honest, Phishing style E-Mails have truly become convincing, and there are times I even have to read an E-Mail a few times in order to confirm that it is a Phishing one.

2) Attacks to Microsoft Office and PDF files:

Gone are the days when you could download or simply install the Microsoft Office suite onto your computer.  Microsoft has made it to the point now where you must open up an Office 365 account, and download the essential applications from there (this primarily includes Word, Power Point, and Excel).  With all of this stuff now in the Cloud, this only expands the attack surface for the Cyberattacker.  Besides, from this though, the Cyberattacker in 2019 will still continue to send malicious .DOC and .XLS files to unsuspecting victims.  The Cyberattacker has also made these attachment file names sound very convincing.  Because of this, the level of human curiosity has also increased, thus making them want to open these malicious attachments even more.  Worst yet, even Adobe Acrobat files (such as the .PDF ones) are predicted to be a target for sending malicious files via E-Mail (or any other electronic means for that matter).  Perhaps all of the patches that Adobe has released in the past few months is indicative of this really happening???

3) Ah yes, the infamous password:

Passwords have long been the much sought-after Crown Jewels of any Cyberattacker.  But, not just ole password will suffice, they want the keys to the kingdom of the financial resources of the victim.  Or, any other exploitable information and data will do, if it will lead to further financial gain.  Because of this, Corporate America has greatly increased the requirements for its employees in order to create long and complicated passwords that nobody can remember.  Because of this, the counter effect is happening, where now employees are fighting back, and not using these super long and crazy passwords. Instead, they are resorting to using the traditional easy password that they can remember; but worst yet, they keep using the same one over and over again.  The Cyberattacker is fully aware of this, and because of that, the password will continue to be the much-favored target, yet once again in 2019.  Is there a remedy to all of this?  Yes, there is, and it is called “Single Sign on Solutions”, or “SSOs” for short.  This makes use of Biometric Technology, such as Fingerprint Recognition or even Iris Recognition.  Thus, your fingerprint or your eye literally becomes your password, and you can login to whatever you need to in just a matter of a few seconds.

4) The World of the IoT:

The Internet of Things or IoT for short is expected to quickly mushroom in 2019.  Long story short, this is where all of the devices that we interact with both in the physical and the virtual world will be connected to us on a daily basis.  The basic premise behind IoT is to make our lives more automated and simpler.  A good example of this is the “Smart Home”.  This has actually started to evolve, with the use of the Virtual Personal Assistants known as Siri and Cortana on our Smartphone.  Other industries have also taken off with the idea of all of this interconnectedness in mind.  Another prime example of this is the automotive market.  Today, we are seeing cars literally roll off the production line with all of the latest electronic devices that one could ever imagine.  But with all of these connections, comes the much greater chance of a Cyberattack from happening.  Once again, this is increasing the attack surface for the Cyberattacker, because more than likely, these connections will not be secure; or if they are, they can be easily penetrated.  The simplest solution to this problem:  Just simply disconnect all connected devices when you are not making use of them.

My thoughts on all of this?

I am not all surprised by these predicted four attack vectors.  The first three have been around for quite a long time, so there should be no surprise there. But it is the last one, the IoT that is really concerning to me.  Yes, our lives will be automated, but that does not guarantee any more in the way of Security at all.  In fact, I think that of these four, it will be the IoT that will emerge as the prized trophy for the Cyberattacker. 

After all, they could literally turn your home into a “Bot”, and use it launch other attacks against other so called “Smart Homes”.  This could in the end be yet another way for the Cyberattacker to leverage even further attacks against Critical Infrastructure points, such as the water supply, the electrical grid, etc.

At the present time, there really is no defense mechanism for the world of IoT.  At best, all we have is the recent law that was just passed in California trying to get manufacturers to make their IoT products more secure.  There is still yet to be an established list of best practices or best standards to come, in the way of Security. 

Truth be told, although I am in the tech field, I am planning to stay away from the world of IoT.  I like to keep things simple, and easily fixable in case anything breaks down.  Heck, even on my own Smartphone, i just have at most two mobile apps, of which I never use most of the time anyways.  My recommendation would be to stay aware from IoT as much as possible, until we, as an American society, come to further understand the potential as well as the downfalls that it can bring with it.