Hot cybersecurity trends to watch in 2019
One of the biggest challenges in cybersecurity is foreseeing the next new threat. Because, unlike other disaster scenarios, cyberattacks are constantly evolving.
This year’s nastiest malware could be succeeded by a completely different threat next year. And by the time you resolve your existing vulnerabilities, new ones could be created.
While nobody can predict the future, you can hedge your risks by keeping a close eye on the latest cybersecurity trends. A little bit of looking forward can go a long way to helping you see which incremental changes to your defenses will be needed to fend off the next big attack.
Here are some trends to watch in the coming months.
ONE OF THE BIGGEST CYBERSECURITY TRENDS HAS TO DO WITH SPENDING
Let’s start with the industry as a whole.
How much companies are spending on cybersecurity (and what they’re spending it on), year after year, can be a good indicator of where things are moving. Sudden increases in business continuity spending, for example, can signal rising concerns about a new threat.
20% increase in spending
Analysts at GBH Insights estimate that businesses will spend 20% more on cybersecurity in the next year, based on surveys with organizations around the world. This reflects a larger increase than the previous year: in 2017, spending increased 16% over 2016.
$90 to $124 billion in total
Worldwide, businesses are projected to spend between $90 to $124 billion on cybersecurity in the next year, according to estimates from GBH and Gartner. These totals include all spending on security software, services and other defenses.
Fastest growing segment: security testing
Services and technologies for testing security are projected to grow faster than all other segments, according to Gartner. The segment is expected to growth about 14% annually over the next few years.
7.8% growth in data privacy & data loss prevention
Not surprisingly, businesses are very concerned about protecting their data (and keeping it out of the hands of cyber-criminals). Privacy-related security technologies will drive roughly 10% of the market in the next year, according to Gartner, and are projected to grow about 7.8% annually through 2022.
Security services represent 50% of the market
Spending on security services (managed, subscription, etc.), as opposed to actual hardware, will make up more than 50% of the global cybersecurity market by 2020. Additionally, Gartner adds that security-as-a-service is “on the way to surpassing on-premises deployments.”
Many businesses still racing to comply with GDPR
The deadline for EU’s Global Data Protection Regulation (GDPR) passed in May 2018, but one in three organizations (including those outside the EU) are expected to invest in GDPR-related consulting and implementation services through 2019.
Costs of an attack are increasing
A survey of 660 IT security professionals found that the cost of a successful cybersecurity attack now averages $7.1 million, up from $5 million the year before. More specifically, the average cost for each compromised endpoint is $440, while small to medium-size businesses average even higher at $763 per endpoint. These costs include losses in productivity, IT and data theft.
We’ll dig into some additional, specific drivers for security spending in the “Technologies” section below. But first, let’s look at some of the emerging cyber-threats you need to be aware of in the months ahead.
THREATS & VULNERABILITIES
When the WannaCry ransomware attack infected more than 200,000 computers in May 2017, many businesses were completely blindsided. In fact, many of them had never even heard of ransomware before. But attacks like this would catapult malware into the cybersecurity spotlight, quickly making it a top concern for organizations worldwide, and rightly so.
If you want to proactively defend against the next big style of attack—whatever it looks like—before it happens, then here are the trends you should be watching.
Cryptojacking / cryptomining jumps 600%
Without a doubt, one of the biggest cybersecurity trends of 2018-2019 is the meteoric rise of cryptojacking. While it doesn’t make as big of a splash as threats like ransomware, cryptojacking bogs down your systems by quietly mining cryptocurrency on your machines. It steals your computing resources, hurts worker productivity and wears down your hardware.
Ransomware going out of style, but not gone
Ransomware payloads dropped off significantly last year (from 60% of all malware payloads to only 5%). But that doesn’t mean the threat is gone. In a recent survey by Datto, 92% of IT providers predict that ransomware attacks will continue at their current rates or worse in the next year. Also, it’s important to remember that ransomware development is a market – driven by individuals and groups that are simply looking to make the biggest bang for their malware-distributing buck. Right at this moment, ransomware isn’t as lucrative for hackers, but that doesn’t mean it’s gone or that the rate of infections won’t climb again in the future.
Fileless attacks increasing and 10x more likely to succeed
Malware is typically delivered by email, when unsuspecting users open file attachments or click links to suspicious websites. But increasingly, hackers are bypassing the end user by exploiting system vulnerabilities. These vulnerabilities can be in the operating system, applications, browser plugins and other software. 77% of IT systems that were successfully compromised in 2017 involved fileless attacks, according to Barkly. Fileless attacks are 10 times more likely to succeed than traditional file-based attacks.
Email 2x more likely than exploits
Even while fileless attacks are on the rise, email remains the #1 attempted entry point for attackers. Symantec says attacks by email are twice as likely as those from exploit kits (though they aren’t as successful), with 1 out of every 9 users encountering email malware in 2017.
Supply chain attacks on the rise
When you look at who’s receiving all these malicious emails, some telling patterns begin to emerge. Increasingly, hackers are targeting specific types of industries believed to have more vulnerable systems. For example, Symantec found that 23.8% of surveyed users at wholesale trade companies have malicious emails sent to then, compared to only 14.4% of users at retail trade companies. This is also emblematic of a larger trend of hackers targeting supply chains: so-called “third-party” or “fourth-party” attacks that can disrupt not just a single business but many organizations down the chain.
Most common malicious email: bills & invoices
Symantec found that malicious attachments disguised as “bills” and “invoices” now make up 9.2% of all malicious emails. The reason? Users open them. Unsuspecting employees interact with these messages because the messages look like they’re legitimate. But in reality, the attachments infect the user’s computer as soon as they’re opened. (This underscores the importance of thorough cybersecurity training for employees.) “Package delivery” emails make up another 9.1% of disguised emails, followed by “scanned documents” at 8.4%.
55% increase in attacks on businesses
Mid-2018 saw a huge jump in the number of malware detections at organizations around the globe. Attacks on businesses increased by 55% in the third quarter of 2018, according to Malwarebytes. In contrast, attacks on consumers increased by only 4% during the same period. Researchers at Malwarebytes explained, “Threat actors are searching for more bang for their buck, and business targets are returning more value for their efforts.”
Big spike in banking Trojans
Banking Trojans spiked suddenly in Q3, quickly becoming the #1 malware detection for both businesses and consumers. This malware runs quietly in the background and spies on users when they log into online banking websites, thereby stealing their login credentials. And it’s not just workers’ personal banking accounts you need to be concerned about. Banking Trojans can also steal login information for your business’s banking accounts and other online financial services. Three big Trojans to watch for are Emotet, Panda Banker and UriZone.
Antimalware solutions aren’t keeping up
IT professionals estimate their antimalware software is only blocking about 43% of attacks, according to a survey by Ponemon Institute. This means more than half of attacks are getting through, despite having safeguards in place. Respondents also said that their antimalware solutions were reporting more false positives, alerting them to problems that didn’t actually exist. Better safe than sorry; however, these false positives only add more work for busy help desk teams.
We mentioned a few trends in cybersecurity spending above, but it’s worth highlighting a few more big ones. Here are some technologies that experts say will be crucial for defending against evolving cyberattacks in the next few years.
- Cloud security: The shift to the cloud is still happening, and many businesses are just now looking at public/private/hybrid cloud architecture options for the first time. In the process, they are also seeking the best security for their data. GBH Insights forecasts that cloud security services and hardware will become one of the biggest cybersecurity technologies in the next 3 to 5 years.
- Next-generation firewall technology: In recent years, firewall technologies have gotten better at identifying threats within deeper layers of data packets. Analysts believe further advancements in these technologies will be key to keeping malware out of our networks and applications in the years ahead. GBH Insights sees next-gen firewall technology as a big driver for cybersecurity spending in 2019.
- Data backup: Backing up data is nothing new, but newer solutions in recent years are helping businesses achieve new levels of business continuity. For example, technologies from Datto, such as Inverse Chain backups, hybrid cloud replication and instant virtualization, result in far more resilient backups, higher backup frequencies and much faster recoveries. In the years ahead, these backup technologies will remain key to helping businesses stay up and running after a destructive cyberattack like ransomware.
Get the best protection for your data
Protect your data from a cybersecurity disaster with business continuity solutions from Datto and Invenio IT. For more information, request a free demo or contact our experts today by calling (646) 395-1170 or by emailing [email protected].