Out of the Frying Pan (Q1 2019 Issue)

Written by

The infosec industry is a difficult, and dangerous, one to predict
The infosec industry is a difficult, and dangerous, one to predict

Here we are...the start of a brand new year. I hope you all had a wonderful end to 2018, and welcome to the first Infosecurity print issue of 2019

During the last few weeks of 2018, I closely perused the litany of 2019 information security predictions that were sent my way as the industry took a glance towards what the next 12 months might have in store.

Industry predictions are always an interesting prospect for me. On the one hand, they can serve as a useful glimpse of what’s to come, allow us to prepare for, and even (try to) get ahead of, trends and threats that could be ahead. However, I do also wonder just how accurate they are for an industry that is so fast-paced and one that can change so quickly.

For example, in the final weeks of 2017, experts from across the industry predicted that ransomware, the threat that had countless organizations and individuals on their knees at certain points that year, would skyrocket in 2018 to become more targeted, more sophisticated and more devastating. Well, ransomware was an issue in 2018, but we didn’t see anything like what was expected. In fact, mid-year research from Trend Micro discovered a decline of 26% in the number of ransomware families; it was the first time that had happened since ransomware became a prominent threat back in 2005.

However, something that did seem to be on everyone’s lips last year was cryptojacking, the means by which attackers target a user’s system to illicitly mine cryptocurrency. Cryptojacking didn’t make anyone’s 2018 predictions list at the end of 2017 (to my knowledge), yet it seemed to emerge and grow at a startling rate. The Cyber Threat Alliance discovered that cryptomining increased 459% from 2017 through 2018, with Check Point claiming that cyber-criminals made an estimated $2.5bn from cryptomining malware in the first half of the year. Big name brands such as Tesla fell victim, as did smaller organizations across the globe, evidence that regardless of company size, cryptojacking is a risk to all.

The Infosecurity team will be back in San Francisco in March for RSA 2019
The Infosecurity team will be back in San Francisco in March for RSA 2019

Likewise, there was no notable mention of ‘card skimming’ threats in the reams of predictions for 2018, yet the Magecart attacks of the second half of last year saw attackers skim their way to millions of credit card details by targeting large consumer brands including Ticketmaster, British Airways and Sotheby’s. Accountability remains a bit of a mystery, with some research suggesting a collection of different groups are responsible rather than just one perpetrator, but card skimming of that ilk was a major problem last year, and one that many didn’t see coming.

My point? Our industry is very unpredictable. We can (and should) do our best to take stock of what has come before to try to gauge what it might mean for the future. End-of-year predictions do have a place, but as an industry we can’t only prepare for what we think might happen, we also have to always expect the unexpected. Putting too much emphasis on what’s predicted to happen because of what’s occurred in the past is, for this industry, a dangerous game to play. It might just land you out of the frying pan, and into the fire.

Looking ahead at what we do know for certain though, it’s definitely shaping up to be a busy first quarter for Infosecurity. RSA Conference is just around the corner (March 4-8, 2019) and soon thousands of us will descend on that giant exhibition venue the Moscone Center for a busy week of infosec conference action. I love this event, and it’s always fantastic to catch up with old friends and make some new ones there, so make sure you drop by booth #6341, North Expo, and say hello to the Infosecurity team.

Also, we are delighted to announce our Spring Online Summit will be taking place on Tuesday March 26 and Wednesday March 27. Our second iteration of our rebranded virtual event will feature a host of live sessions covering a range of infosecurity topics. Registration is open on our website (https://www.infosecurity-magazine.com/online-summits/) so make sure you reserve your spot for what promises to be a terrific two days of information security conversation and content.

Finally, we’ve been working hard over the last few months to build our new podcasting stream, the latest addition to our digital content catalogue. Slightly different from our weekly webinars, these podcast sessions will be shorter, snappier, but still packed with the same quality industry insight from the Infosecurity editorial team – keep your eyes peeled for the launch of our first batch of podcasts very soon.

So, I hope you enjoy the issue as much as we enjoyed putting it together, and that your first quarter of 2019 proves to be as exciting as ours!

What’s hot on Infosecurity Magazine?