Mison Riggins from Inspired eLearning joins me for Converge Tech Talk today and we’re taking a look at the 2019 Cybersecurity trends and what we see as important now and in the coming months.

We start off by addressing the Collection #1 Data Breach. With some 770+ million email records and 21 million passwords reported to be shared online, there’s every reason that it’s being called “the mother of all data breaches.” If you’d like to learn more about the Collection #1 breach, I’ve covered it here—Collection #1 Data Breach, What You Need to Know.

Then we moved on to 2019 cybersecurity trends and what’s on the horizon. This includes:

AI and Machine Learning

AI and machine learning are current industry buzzwords, but Mison and I talk about how these things, or either of them, like weaponized AI, impact cybersecurity.

Ransomware

What’s happening with ransomware? Are we going to see more ransomware or less in 2019 and beyond? While we most likely expect to continue to hear about pointed attacks against big name companies and/or conglomerates, we’ll likely see a shift in cybercriminal focus to cryptocurrencies. The reason for the decline is that it is much more lucrative to mine cryptocurrencies through nefarious means than to steal protected data and hold it for a ransom payment that may or may not come.

What should companies be doing to protect against ransomware?

That said, it doesn’t mean you don’t still need to protect against ransomware. That means backing up your data and using encryption to protect your hard drives or at least your personally identifiable information (PII) as well as your intellectual property is still good security practice.

Weaponized IoT

We move on to the IoT … specifically, Weaponized IoT and the impact that has on the security space. So what is “Weaponized IoT”? Great question— and you’ve got to watch or listen to the interview for a deeper dive on this. Bottom line, more IoT connected devices means more opportunities for cybercriminals to take advantage of them for their own uses.

What risks do Weaponized IoT attacks present, and who is their most likely target audience?

The targets for weaponized IoT attacks include the relatively mundane, We expect to see escalated attacks specifically targeting critical industrial infrastructures like power plants, electricity grids, public utility services, and communication networks. Industrial IoT make a great target since their vulnerabilities lie in the underlying cloud infrastructure, increasing network connectivity to edge computing, difficulty in securing the devices themselves with Meltdown and Spectre vulnerabilities still in the mix, and the exponential number of devices that have to connect to the cloud for updates and maintenance. IIoT has become low-hanging fruit for attackers since just a compromise of back-end servers will cause widespread service outages and bring vital systems to a screeching halt, affecting other vital sectors at the same time.

What Role do Privacy Regulations Play in Trend Predictions

We expect consumer awareness of and demands for privacy protection to continue. As a result, we also expect cybersecurity trends to demonstrate increased legislative and regulatory activity continuing throughout 2019. GDPR violations will mostly likely start to receive penalties from 2019. We saw that with recent news of France levying a nearly $57m US fine against Google for GDPR violations, and that’s likely not the first such assessment. Also, state-level privacy regulations will continue to be outlined and distributed as we see happening in California already.

Authentication Methods Will Improve

There’s good news in cybersecurity trends for 2019 as it relates to authentication methods—passwords are going to get a massive makeover.

Single Factor Passwords will be a thing of the past, perhaps even regulated as Dark Age Relics. With Fido Alliance and other such cross-organizational movements, the use of crypto keys instead of a single, albeit complex, password will be the more secure option to opening applications. Multi-factor authentication is already gaining ground with requests for “something you know”—a phrase or pin, and “something you have”—biometrics, token, or an encryption key, being the new norm. NIST has already moved away from advising security professionals to demand a complex list of items to include in a password as it has resulted in End User password management fatigue.

Wrapping Up 2019 Cybersecurity Trend Overview

Perhaps most important of all in the cybersecurity trend overview is that 2019 will likely mark a strategic shift in the way people, especially the boardroom and the C-Suite executives view cybersecurity. The security industry will also see a shift from an emphasis on “cybersecurity” to “information assurance and risk management.”

If you like what you’re seeing/or listening to, be sure to hit the subscribe button here and stay in touch with all the latest business and technology news from Converge Tech Talk.