CIO

The security trends Australian businesses need to be aware of in 2019

By Sean Duca, vice president and chief security officer, Palo Alto Networks
  • Sean Duca (CSO Online)
  • 29 December, 2018 10:44

Cybersecurity will continue to be a key business focus for organisations in 2019 and beyond, with ongoing risks showing no signs of abating. Security professionals and cybercriminals continue to play a cat-and-mouse game in which each new innovation is quickly met with an equal and opposing force, with neither group gaining a clear ascendancy.

2018 saw some decisive measures around the globe aimed at reducing the effects of security breaches. In Australia, the government’s mandatory Notifiable Data Breaches (NDB) scheme came into effect at the beginning of the year. Developed to put more power in the hands of individuals whose data may be breached, the scheme has already reported hundreds of breaches with most of them resulting from malicious activity. Europe’s General Data Protection Regulation (GDPR) has the same goal and affects many Australian businesses.

Australians have lost more than $94 million and counting since January 2018 due to online scams, with phishing scams topping the list. This is an increase on 2017 when Australians lost a total of just under $91 million for the entire calendar year. If this trend continues, businesses can expect 2019 to be another dangerous year. It’s therefore important to be aware of what’s on the horizon and act to protect the business.

There are five key cybersecurity trends that businesses should keep an eye on in 2019:

1. Email compromise

Attackers continue to steal passwords and login details, giving them access to organisations via email. These hackers can pose as partners or internal stakeholders, tricking employees into providing more information, or even acting against the company’s best interests. Attackers range from mimicking corporate websites to targeting employees’ social media accounts to launch exploits. These methods are proving exceptionally effective, so attackers are likely to continue along these lines in 2019.

2. Supply chain targeting

Organisations that work closely with suppliers and partners create interconnected avenues of attack for cybercriminals. Security weaknesses in just one link of the chain make it possible for attackers to infiltrate each of the organisations connected with that initial victim, creating a knock-on effect that can be difficult to trace and hard to remediate. The Internet of Things (IoT) and third-party devices present a significant security challenge and this is likely to gain momentum as organisations adopt more of these devices and supply chains become increasingly complex.

3. Data protection legislation

Governments around the world are taking a more active role in data protection, implementing new requirements to secure data for their citizens. NDB and GDPR are just the first steps; other countries are preparing to follow suit, including New Zealand, which plans to introduce data breach notification legislation in 2019. This highlights the growing importance of compliance not just as a box-ticking exercise but as a genuine tool to help assess gaps and determine an overall prevention posture. As the push for more legislation gains ground, this will become an essential part of doing business instead of a competitive advantage; companies that act now to protect individuals’ data will be ahead of the curve.

4. Cloud security

As more organisations embrace cloud services and depend on a cloud-based infrastructure, more mission-critical data and systems will sit with third parties. Securing these assets at rest and in transit is a shared responsibility between the cloud provider and the business itself, so enterprises will need to develop a strong security strategy that leverages every possible advantage. Because cloud makes security a more complex proposition, questions around which security products to use will need to be answered. The ongoing skills shortage will also remain top of mind as organisations battle to attract and retain suitably-skilled security professionals who can help navigate the complexity of protecting data, applications, operating systems, network configurations, and more.

5. Critical infrastructure threats

One of the most attractive targets for some cybercriminals is critical infrastructure, particularly for hacking groups sponsored by nation states. Crippling or sabotaging critical infrastructure can put citizens’ lives at risk at worst and, at least, compromise the smooth running of services such as energy and water provision, as well as financial services, telecommunications, and the media. These services are becoming easier targets for cybercriminals as they become more digital and automated, and the connections between these networks and corporate networks blur. Legacy and unpatchable systems make it difficult to secure these critical networks. Organisations must put in place zero-trust systems and segregate access to maintain the integrity of these systems. These are just five of the threats that are likely to affect businesses in 2019; the rate of evolution in the cyberthreat landscape means that organisations must be prepared for even more threats to emerge.