As 2018 draws to a close, the time comes when security professionals take a look back over the cybersecurity developments, trends and headlines over the past 12 months. 2018 has graced us with a fair few: hotel hacks, the GDPR, and low-level vulnerabilities were just a few of the things we saw. What else grabbed our attention this year, and what might we expect 2019 to bring?
Mobile phishing is getting traction with companies
Phishing in general is a well-known issue, but 2018 saw an increase in malicious messages being delivered to mobiles and other devices. The problem is, employees – and people in general – are falling for it more often than not.
While part of this is because people are simply using mobile devices more regularly, there’s an increasingly significant aspect to this trend. We, as humans, have a naturally different pattern of behavior when we’re feeling relaxed or at ease.
In addition, we tend to use our desktops or laptops in a work context, whereas the cognitive ease of mobile use can leave us vulnerable resulting in mobile phishing catching us in our weaker moments.
Compromising mobile devices is a desirable objective for many threat actors, so preparing for this type of attack is worthwhile for many companies. Expanding security awareness training would be one such way of combating this trend.
Privacy was a big deal, for better or worse
Privacy concerns were prominent in 2018, with security issues at companies at Facebook acting as a driver. Whilst the Cambridge Analytica scandal is what drew the most attention, the way Facebook’s login credentials are used to access other third party services was of greater concern.
Many websites, in a classic example of favoring usability over security, aren’t implementing this mechanism as securely as they could, and this coming to light is making people question what their data is being used for. These organizations could potentially access sensitive personal details – not only about who a user has been talking to, but also the conversations had with other people, details of where you’ve been and items they may have purchased. People are starting to understand just how much information they’re entrusting to these big technology companies, and are starting to question just how carefully these organizations are taking care of it.
The introduction of the GDPR was also a big win for internet privacy and, whilst it’s a positive step forward and part of a wider trend encouraging companies to embrace security and privacy by design, we will most likely be seeing organizations incurring fines as 2019 progresses.
Ransomware is in retreat
2016/2017 were the years of ransomware and whilst many thought this trend would continue into 2018, we did, in fact, see a decline in its popularity. With many big companies previously falling foul of ransomware, it spurred others into focusing on how they might become a victim of this and what they could do to avoid it.
Ransomware doesn’t appear to be as profitable as it once was, with much of the easy money or ‘low hanging fruit’ already having been collected. We’ve seen this trend on the consumer side for a few years already but it now seems that companies are waking up to this threat, making it harder for cyber-criminals to make their money.
We will still see instances of ransomware popping up wherever it can on an opportunistic basis, but as an industry we’ve been successful in educating organizations – and end users – in how to defend against such attacks.
Looking forward
2018 was a year of interesting trends and headlines, keeping many of us on our toes but as we get closer to the New Year, we’re already looking ahead and wondering what it might bring. Who knows, maybe this time next year we’ll be bringing you the latest from 2019. Watch this space…