It’s been a big year in the cyber-security sector. Attacks on individuals and enterprises have become ever more frequent and the tactics employed by hackers and cyber-criminals ever more innovative.
Australian organisations paid out an estimated $3.8 billion in protection money in 2018, according to Gartner Group. That figure is likely to grow, not shrink, in 2019, as enterprises continue to invest significant sums to reduce the likelihood of their experiencing a disruptive and expensive attack or data breach.
So what will the new year have in store on the cyber-security front? These are the trends and topics we expect will make headlines over the next 12 months.
Ransomware on the wane
Infecting individuals’ or organisations’ systems with ransomware – malicious programs designed to block access until the hapless victim pays up – has been a profitable exercise for cyber-criminals in recent years. We’ll likely see less of it in 2019, courtesy of the fact that companies have wised up to the risk, improved their security posture and become increasingly reluctant to cough up. That doesn’t mean the perpetrators will hang up their hats any time soon. Cyber-criminals are nothing if not adaptable and it’s a guarantee they’re working on clever new ways to part the careless and poorly protected from their hard earned.
The new target
As organisations continue to batten down the hatches, we expect to see more cyber-scammers homing in on a new area of vulnerability – individuals who can be targeted with personalised attacks. A typical scam may involve a target receiving a phone call advising them their email account has been hacked, malicious code has been inserted and compromising screen shots have been taken. A fee payable in bitcoin can make it all go away. It’s very likely lies – the scammer in question may not, in fact, have taken the actions described or have the capability to do so – but the threat will be sufficient to make some folk pay up to make it go away.
Desperately seeking security staff
The global security skills shortage will continue to bite in Australia and elsewhere in the developed world, in 2019 and beyond. Aust Cyber estimates the country will need around 11,000 additional cyber-security professionals over the next decade, to meet anticipated demand. Education providers are racing to fill the gap with diploma and degree courses but with the first tranche of graduates not due to hit the market until 2022, competition for qualified employees will remain fierce. So much so that candidates whose skills and experience are dubious may be tempted to talk themselves up – and into a job. Organisations anxious to avoid a cyber-version of Australia’s infamous pink batts debacle, which saw a rash of organisations hire untrained insulation installers with tragic results, are advised to check credentials carefully.
Safe as clouds?
Australian businesses will continue their mass migration to the cloud in 2019 and this is likely to prove a positive security development for the majority. Why? Because while the cloud model is not without its vulnerabilities, the security measures cloud providers offer as standard will be a step up on those many lackadaisical small and medium enterprises put in place for themselves.
Cyber insurance policies have grown in popularity in recent times, as organisations try to mitigate the financial fall-out from major attacks and privacy breaches. Burning down the factory and claiming the loss on insurance has long been a way for unscrupulous operators to make a dishonest buck and we believe 2019 will be the year someone attempts the high tech equivalent. Whether insurers will pay up without a fight or demand a fulsome forensic investigation if they suspect an organisation has staged its own hacking remains to be seen but we’d suspect the latter.
The not so private My Health Record?
My Health Record – the federal government’s online summary of our key health information – has generated its fair share of controversy in recent months, as Australians express well founded concerns about the security of their most sensitive personal information. Ministers continue to make reassuring noises but, with access to the system open to thousands of healthcare practices, it seems inevitable an unscrupulous individual will go on a fishing expedition and lay bare the records of at least one high profile patient in 2019.
Data breaches to cost dear
2018 saw the introduction of tough new data privacy regulations – and significant financial penalties for organisations which find themselves in breach – in Australia and the European Union. Regulators have taken a ‘softly softly’ approach to date but this is unlikely to continue in the New Year. We expect to see an expensive enforceable judgement against at least one large company which finds itself in breach, in 2019. If this happens, there’ll likely be a collective scramble to adopt more stringent data security measures, by organisations which haven’t taken the issue as seriously as they should.