2019 Cybersecurity Predictions

While I am not a big fan of the “Top 10” things that we expect to see next year, I do think looking forward with a security focus is a good endeavor. While this time of year is always full of next year’s predictions, you really should be looking at the next six months every month. That way things won’t surprise you. But without further ado, here are my predictions for next year.

Increased O365 account compromises. In 2018 we saw a record number of O365 individual account compromises. People just tend to either set bad passwords or click on links and put in their credentials. This is NOT a user issue, this is a training issue. You didn’t hire that accountant because they are also good at cybersecurity. They need to be trained.

Increased cybersecurity training. This goes hand in hand with the above prediction.  Most companies will be phishing their users as well as training them on what to look for. As users are the first line of defense, this will become critical for companies.

IoT botnet infections will increase. As IoT devices quickly outpace the number of servers, workstations and phones on people’s networks, these become the easiest targets for botnets.  They are not well secured, nobody monitors them, and if they get slow, nobody will notice.

The Username/Password problem will become prominent as more large-scale breaches become public.  While I do not think companies will solve the username/password problem, there will be more attention to it and larger companies will begin to push for this to be fixed. The average user is not good at creating difficult single use passwords. So, when one website has a breach, any other website that the user used that password on is now vulnerable.

Malware using AI will become prominent.  As Artificial Intelligence becomes more mainstream, the cyber criminals will start using it to their advantage; like a chatbot to try to scam you out of money or using AI to create better malware. It will start being used more often.  With AI, cyber criminals can automate attacks using less resources. And unlike using it for defensive purposes, it only needs to work some of the time to be profitable for a criminal.

Risk management will become a common topic in audits and board meetings. Vendors and their vendors are now being looked at risk wise. As it has become painfully obvious in previous breaches, many times a vendor can have access to a customer’s network and cause irreparable harm. Your board will now start asking which vendors have access to your network and do they have security protocols in place.