FTI Journal
FTI Journal | Critical Thinking at the Critical Time
 

Corporate Cybersecurity Now: 10 Things to Know in the Next 10 Months—and Beyond

Corporate Cybersecurity Now: 10 Things to Know in the Next 10 Months—and Beyond

In the fast-moving world of cybersecurity, predicting the full threat landscape is near impossible. But it is possible to extrapolate major risks in the coming months based on trends and events of last year. Here’s what organizations must be aware of to be prepared.

I

n 2018, cyber-related data breaches cost affected organizations an average of $7.5 million per incident—up from $4.9 million in 2017, according to the U.S. Securities and Exchange Commission. The impact of that loss is great enough to put some companies out of business.

As remarkable as that figure is, associated monetary costs do not include the potentially catastrophic effects a cyberattack can have on an organization’s reputation. An international hotel chain, a prominent athletic apparel company and a national ticket distributor were just three of several organizations that experienced data breaches in 2018 affecting millions of their online users—incidents sure to cause public distrust. It’s no coincidence that these companies were targeted—all store valuable user data that is coveted by hackers for nefarious use.

These events and trends should serve as eye openers for what’s ahead this year, as malicious actors are becoming more sophisticated and focused with their attacks. Consider these 10 predictions over the next 10 months:

Want more insights from our latest content? Click here to subscribe based on your specific area of interest.

1. With more data moving to the cloud, cloud services will become a prime target for hackers

Organizations are rapidly migrating to the cloud to take advantage of its organizational benefits such as cost savings, increased productivity, etc., and to store sensitive data. However, this migration is happening at a speed that often surpasses the security controls required to secure that data. Additionally, organizations often make the fatal flaw of blindly agreeing to the cloud provider’s terms without doing their due diligence to determine if proper security protocols are in place, which they often are not. This combination of risky practices means that attacks on the cloud can be expected to increase.

2. Artificial intelligence will help and hurt

Both attackers and defenders will increasingly leverage artificial intelligence (AI) to fuel their purposes. Hackers can use advancements in AI to scan networks for vulnerabilities, automate phishing attacks and conduct large-scale social engineering attacks to propagate the spread of "fake news." Conversely, AI can be used to prevent potential breaches by automating the detection process. Humans can only handle so many alerts at once. AI can make the threat detection process more efficient, helping combat the nonstop barrage of threats that organizations face.

3. Cryptocurrency mining will continue to be a threat

As long as attackers can make quick cash from cryptocurrency mining, infections that support this theft will continue. According to McAfee Labs, in 2018 the number of devices infected with a cryptocurrency miner increased by 4,000 percent. Criminals have been targeting those who use vulnerable routers or Internet of Things (IoT) devices, such as IP cameras or video recorders because they often lack robust security. This trend is expected to continue upward as more devices come online. There were an estimated 23 billion IoT connected devices worldwide in 2018; that number is expected to reach nearly 31 billion by 2020.

4. 5G will make the existing IoT problem worse

With the escalating rollout of the 5G network this year, the attack surface the hackers can target is expected to expand. A new network means new architectures, which creates new vulnerabilities for malicious actors to exploit via IoT devices that were not built with security in mind.

5. State-sponsored espionage will increase, with continued impacts across the supply chain

Compromises in the supply chain will lead to more state-sponsored spying, which in turn will lead to increased concerns for businesses responsible for technology development and manufacturing. These threats may force companies to change their production strategies or reduce outsourcing in order to shrink their supply chain and thus reduce risk exposure.

6. Cyber risk insurance will become more necessary

Cyber insurance coverage will grow considerably as companies rely on it as a necessary risk management tool in the face of increased, large-scale breaches. However, policies are evolving to require organizations to first implement certain controls prior to insurers underwriting their risk. The days of being insured with low premiums despite a weak security posture may soon be numbered. Growing data privacy regulations (see 7 below) that are coming into full force will also drive organizations to purchase cyber insurance plans.

7. Increased potential for new legislation, regulation and oversight

Growing data privacy and cybersecurity concerns may lead to more legislation, regulation and oversight this year. With the implementation of the General Data Protection Regulation (GDPR) in the European Union, other countries have started to follow suit, leading to an expanded need for companies to bolster their cybersecurity infrastructure and policy. Combined with individual states enacting legislation (e.g., the California Consumer Privacy Act of 2018), this has created a sense of urgency in the U.S. to advance data privacy legislation. It’s likely no new controls will be enacted in 2019, but discussion of data privacy at the national level is sure to continue.

8. Two-factor authentication will begin to evolve to multi-factor

Malicious actors are increasingly figuring out how to exploit vulnerabilities in the two-factor authentication process. As a result, two-factor will evolve to multi-factor authentication, which will be a significantly more common solution for most online services. Various other methods of user verification may also expand.

9. Hacktivism will rise

Due to increased global political and economic discord, activity from hacktivists will increase. In the past, hacktivists relied mostly on disruptive-style attacks, such as distributed denial-of-service (DDoS) attacks to send messages during times of political and economic upheaval. However, over the past few years sophisticated tools and techniques have made their way into commodity-grade ransomware attacks. The commoditization of weapon-grade cyber tools and techniques, combined with the effects of rising political tensions and economic downturn, will open the door for cyber-activists and disgruntled citizens to leverage destructive attacks.

10. “Deepfake” video and audio editing will increase

This style of deceptive media has the potential to create serious harm by portraying people of significance doing or saying things they didn’t actually do or say. The realistic nature makes it difficult to detect reality and it can be even harder to prove its illegitimacy. Whether the intention is for financial gain like blackmail or to alter society’s view with fake political messages, the use of “deepfake” media is expected to cause turmoil in 2019.

Malicious actors are always looking for new ways to infiltrate networks, steal data, further their political cause or simply make money. As a result, defenders cannot assume that last year’s threats will remain static. Focusing on known vulnerabilities will leave an organization susceptible to an unexpected attack. Cybersecurity is an ongoing process that will never be perfect, but taking a proactive approach to ensure that holistic, intelligence-led programs are in place is an effective cyber risk mitigation practice that will bolster a resilient 2019 and beyond.

Published January 2019

© Copyright 2019. The views expressed herein are those of the author and do not necessarily represent the views of FTI Consulting, Inc. or its other professionals.

About The Author


Anthony J. Ferrante
ajf@fticonsulting.com
Head of Cybersecurity, Senior Managing Director
Global Risk & Investigations Practice (GRIP)
Forensic & Litigation Consulting
FTI Consulting

Share This

Practices


Strategic Communications
With more than 25 years of experience advising management teams in critical situations, the Strategic Communications practice of FTI Consulting has a broad network of relationships with key influencers, and provides communications counsel based on in-depth industry knowledge and experience.
Read More

Technology
The Technology practice at FTI Consulting helps clients meet e-discovery challenges, developing and implementing strategic solutions that lower the total cost of discovery. Our clients rely on our software, services and expertise for matters ranging from internal investigations to large- scale litigation with global e-discovery requirements.
Read More

Related Articles

  • Corporate Cybersecurity Now: 10 Things to Know in the Next 10 Months—and Beyond

    How Asset Management Firms Can Combat the Growing Threat of Cyber Attack
    With asset management firms facing mounting cyber risks and increasing regulation, general counsels must get up to speed quickly on the dynamic cyber threat landscape and take a leading role within their firms to implement best practices to harden their digital infrastructures and respond to cyberattacks and incidents.

  • Corporate Cybersecurity Now: 10 Things to Know in the Next 10 Months—and Beyond

    Cybersecurity Expertise: From the White House to the C-Suite
    Anthony J. Ferrante, FTI Consulting’s new Head of Cybersecurity in the Global Risk & Investigation Practice, addresses the growing cybersecurity threats affecting U.S. businesses today.

  • Corporate Cybersecurity Now: 10 Things to Know in the Next 10 Months—and Beyond

    Quiz: How Vulnerable is the Power Grid to Cyber Attack?
    It’s only a matter of time before the U.S. power grid comes under cyber attack by hostile nation-states or rogue hackers. Yet the electric utility industry is remarkably unprepared. What’s holding the industry back? Find out by taking our revealing true or false quiz.

Latest Articles

Related Articles

  • Corporate Cybersecurity Now: 10 Things to Know in the Next 10 Months—and Beyond
    How Asset Management Firms Can Combat the Growing Threat of Cyber Attack
    With asset management firms facing mounting cyber risks and increasing regulation, general counsels must get up to speed quickly on the dynamic cyber threat landscape and take a leading role within their firms to implement best practices to harden their digital infrastructures and respond to cyberattacks and incidents.
  • Corporate Cybersecurity Now: 10 Things to Know in the Next 10 Months—and Beyond
    Cybersecurity Expertise: From the White House to the C-Suite
    Anthony J. Ferrante, FTI Consulting’s new Head of Cybersecurity in the Global Risk & Investigation Practice, addresses the growing cybersecurity threats affecting U.S. businesses today.
  • Corporate Cybersecurity Now: 10 Things to Know in the Next 10 Months—and Beyond
    Quiz: How Vulnerable is the Power Grid to Cyber Attack?
    It’s only a matter of time before the U.S. power grid comes under cyber attack by hostile nation-states or rogue hackers. Yet the electric utility industry is remarkably unprepared. What’s holding the industry back? Find out by taking our revealing true or false quiz.

Latest Articles

It looks like you're enjoying this article. If you'd like to receive email updates from the FTI Journal, please consider subscribing.
The views expressed in this article(s) are those of the author and not necessarily those of FTI Consulting, Inc., or its professionals.
©Copyright, FTI Consulting, Inc., 2012. All rights reserved.

http://www.ftijournal.com/article/corporate-cybersecurity-now-ten-things-to-know-in-the-next-ten-months-and-b