Virtualization Technology News and Information
Article
RSS
CyberInt 2019 Predictions: Why We'll Be Seeing Bolder Cyber Attacks Against Digital Businesses

Industry executives and experts share their predictions for 2019.  Read them in this 11th annual VMblog.com series exclusive.

Contributed by Itay Yanovski, Co-Founder & SVP Strategy at CyberInt

Why We'll Be Seeing Bolder Cyber Attacks Against Digital Businesses

As more value is transferred through digital channels, the more they become a target for cyber criminals. British Airways experienced a 15-day data breach that compromised around 380,000 card payments, and furious customers had to cancel their credit cards.

As we move forward to 2019, credit card and payment information theft will continue to rise as more and more attacks go after businesses' digital footprint - digital assets or channels they employ to interact with their customers. Yes, this isn't a major surprise; however, if organizations can better address the reasons for that growth, they'll be better prepared.

Here are some of the reasons why we're all still vulnerable:

  • Third-party components - Many businesses use third-party components within their digital business environment - shopping carts, for example - and cyber criminals exploit vulnerabilities within these components to breach security walls.
  • Better organization & sophistication by threat actors - The bolder cyber attackers become, the more organized and sophisticated their campaigns in terms of tools, tactics, and procedures (TTP) and the greater the magnitude of their attacks or the longer it takes to detect and mitigate them.
  • Lack of real-time monitoring and reactions - Frequency of attacks is increasing; this will continue in perpetuity; only real-time monitoring and fast mitigation will be able to protect organizations
  • More script-based malware (like in the recent Magecart attacks) instead of executable malware - Attackers are now using higher level languages that can easily bypass existing protection mechanisms. The malware simply looks like normal code to the defense system.
  • Lack of CISO empowerment - The role of the organization's top security executive should be much more prominent, with CISOs providing greater business value (i.e., fraud and reputation protection) and assuming greater involvement in activities that were once in the CFO's or CMO's purview in terms of fraud, reputation and legal affairs.

For example, the CISO's role in GDPR compliance, implementation, and enforcement within the company - ensuring the standard of due care required from organizations to protect information - cannot be overstated.

  • More legitimate infrastructure being used as platforms for attacks - More and more attackers use legitimate addresses and domains that are harder to detect and harder to block - advanced techniques that obscure attackers' bad behavior and cover up their tracks.

For example,  a known streaming service or social media platform uses command and control to take a "safe" URL and transform it into a page phishing for credit card data.

Getting around this problem requires more targeted threat intelligence and more sophisticated detection and response platforms and, if need be, outsourced, cyber expert-based managed services.

In short, 2019 will see more sophisticated threat actors, more intensified attacks and, yes, more advanced security technology that will, in turn, require greater skills and capabilities. Will 2019's security teams be up to it? Will yours?

##

About the Author

 

Mr. Yanovski is a veteran of the IT and cybersecurity space, specializing in information security management and cybersecurity operations. Prior to founding CyberInt, Mr. Yanovski was the Global CISO for ZIM Shipping Services, a multinational enterprise with a presence in over 70 countries.

Mr. Yanovski lectures regularly at professional conventions and at training programs as a Senior InfoSec lecturer. He is one of the founders of The Israeli Forum for Information Security (IFIS) and serves as Deputy Chairman and Head of the Professional Committee.  Mr. Yanovski is a Major (Res.) in the IDF Communication and Computer Corps, with expertise in Communications and IT Security.

Published Friday, November 30, 2018 7:37 AM by David Marshall
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<November 2018>
SuMoTuWeThFrSa
28293031123
45678910
11121314151617
18192021222324
2526272829301
2345678