The British Standards Institution (BSI) has revealed its top three 2019 cybersecurity trends.
The standards body, via its Cybersecurity and Information Resilience centre of excellence, made the forecast in a whitepaper released today.
With 2018 a seemingly endless list of breaches and cyberattacks – check out our interactive desktop map to revisit some of the biggest – and the implementation of GDPR, what should you expect in 2019?
Here are BSI’s top three 2019 cybersecurity trends to look out for:
1. ePrivacy Regulation and related international standards – GDPR with “significantly more complex requirements”
If 2018 was the year of GDPR, 2019 looks set to be the year of the ePrivacy Regulation.
While GDPR covered data in all its forms, the EU’s ePrivacy regulation specifically covers online communications.
As with GDPR, organisations in breach of the ePrivacy regulation will have to pay 4% of total worldwide annual turnover or a €20m fine.
“However, unlike the GDPR, this future ePrivacy Regulation will come with significantly more complex requirements, including architectural compliance and integration,” said Stephen O’Boyle, global head of Cybersecurity and Information Resilience Services at BSI.
The new regulation will repeal the current ePrivacy Directive and is expected to come into force late 2019.
“The International Organization for Standardization (ISO) adds weight to the claim that the ePrivacy Regulation is fast-approaching, as it prepares for the publication of its new ISO/IEC 29101 ‘Privacy Architecture Framework’ and ISO/IEC 19086-4 Cloud computing; Service Level Agreement (SLA) framework; Part 4: Components of security and of protection of PII,” added O’Boyle.
“In 2019, it will be vital that all information technology and board level professionals acquaint themselves with this new regulation.”
2. An upsurge in cryptojacking and malware – watch out Linux and MacOS
A common misconception is that the Linux and MacOS operating systems are less susceptible to cyberattacks. In reality, malware exists for both operating systems – the difference is that the number of attacks and scope is far greater on Windows.
“This perception is counterproductive as it means fewer security controls are implemented and, more troublingly, given the reported rise in Linux-based attacks, many Internet of Things (IoT) devices and many web-based systems use Linux operating systems, which could lead to an increase in security breaches if this trend continues to grow,” explained O’Boyle.
“Subsequently, a re-evaluation of security requirements is needed to maintain cybersecurity.”
In addition to this, BSI expects cryptojacking – the remote use of malware to hijack a computer’s resources for mining cryptocurrency – to increase.
“The upward trend involving the unauthorised use of individuals’ IT assets to mine digital currencies will persist, however, these attacks will move away from being browser-based and instead will originate within your operating system,” said O’Boyle.
“This underscores our concern surrounding the integrity and resilience of operating systems – securing these cannot be taken for granted. That is why we advise organisations to perform periodic testing to identify and evaluate evolving malware threats.”
3. Critical infrastructure will be a key targeted sector
Perhaps the most worrying form of cyberattack is against a country’s critical infrastructure. Nuclear power plants, transport networks and power grids are all hypothetically at risk and all have the potential to cripple a country.
In December 2015, for example, 230,000 Ukrainian’s were left without power for hours after Russian security services allegedly compromised its power grid.
These forms of attack have been on the rise in recent years, and O’Boyle believes this trend will continue.
“To counter this growing threat to international relations, the deadline set by EU regulators for the adoption of the Directive on security of Network and Information Systems (NIS Directive) will hopefully push member states to implement best practice surrounding the security of their essential services,” he said.
“The increase in laws and regulations will require high levels of expertise in 2019. Malware attackers and phishing campaigns will continue to be present, characterised by augmented persistence and undetectability. Targeted sectors such as critical infrastructure will remain a primary target in the geopolitical landscape of cyberwarfare. The innovation of technology will continue to be accompanied by unanticipated cyber risks.
“When it comes to cybersecurity, preparation is vital and forecasting upcoming threats, fixing vulnerabilities and mitigating risks are essential steps in strengthening an organisation’s cybersecurity posture.”