Experts predict threats to the aviation industry, continuing nation-state activity, rise in supply chain attacks and the widening cyber security skills gap in India.
FireEye, the intelligence-led security company, released its 2019 cyber security predictions report, “Facing Forward: Cyber Security in 2019 and Beyond.”
This year’s report includes a top-down view of the cyber security industry by FireEye senior leaders, including CEO Kevin Mandia, in addition to research-based insights from experts from the FireEye iSIGHT Intelligence, Mandiant Consulting, and FireEye Labs teams. The IT and threat landscapes will continue to evolve in 2019, and this report is a look forward at what the cyber security industry needs to address and get right to stay ahead of the adversaries.
“We expect 2019 to arrive with ample new and existing challenges for Indian enterprises, from misuse of the social media to security vulnerabilities in the cloud,” said Shrikant Shitole, senior director and country head for India at FireEye. While more Indian enterprises are recognizing the threat that cyber attacks can pose to their organization and bottom-line, many are not sure about the extent to which they need to be covered.
Shitole continued: “In 2019, we expect to see board level executives taking a significantly increased role in cyber risk management and threat hunting initiatives. We also hope Indian organizations will consider investing in enhancing their existing capabilities and accelerating the adoption of technology, intelligence and expertise necessary to move up in the cyber security maturity curve and go beyond SOC operations.”
Top discussion points from the FireEye 2019 cyber security predictions report include –
Threats Targeting the Aviation Industry
While it’s important to stay attuned to cyber-enabled physical threats to aircraft and supporting systems, a far more common threat that security teams in the aviation industry must be prepared to defend against is cyber espionage.
The Restructuring of Chinese Cyber Espionage
Notable restructuring in the Chinese cyber espionage apparatus has taken place since at least 2016, resulting in a resumption in the pace of activity. This reorganization should inform the growth and geographic expansion of Chinese cyber espionage activity through 2020 and beyond. Cyber espionage activity related to the China’s Belt and Road Initiative will likely include the emergence of new groups and nation-state actors. Given the range of geopolitical interests affected by this endeavor, it may be a catalyst for emerging nation-state cyber actors to use their capabilities.
Attackers Eyeing the Cloud
Adversaries go where the money is, and 2019 promises to offer an increasing number of opportunities for attackers in the cloud. With cloud, there’s a new, and often expanding attack surface that can be left undefended or without the proper safeguards in place to protect important data.
Supply Chain as a Weakness
In 2019, an increase in both state sponsored and financially motivated supply chain attacks is expected. As organizations have improved their posture and built up their perimeter defenses, attackers will shift their focus to compromising third party vendors, customers or partners with the goal of gaining access to a target’s network.
Cyber Capabilities of Nation States
In 2019 and beyond, FireEye expects to see more nations developing offensive cyber capabilities. As seen with the rise of Iran, North Korea, and Vietnam over the past few years, many other emerging cyber nations are expected to come to the forefront in 2019. Iranian attackers in particular will continue to improve capabilities, even as new, less capable groups emerge supporting Iranian government goals.
The Rise in Breaches Due to Lack of Attribution and Accountability
Attribution and accountability are two of the biggest sticking points when it comes to winning the war in cyberspace. Without risks and repercussions for malicious activity carried out on the internet, attackers will keep attacking and organizations will keep getting breached.
The Widening Skills Gap and Lack of Trained Experts to Fill Security Roles
According to various industry estimates, there are at least two million cyber security jobs that will go unfilled by the year 2020. However, the critical meltdown point has not quite been hit yet, when it comes to staffing. The good news is that the thinking around this challenge is changing.