By Sean Duca
Prediction No. 1: Business Emails with Nasty Surprises, Attached
Businesses are quickly becoming cybercriminals’ favoured targets. This alarming rise in business email compromise underscores the diverse and sophisticated methods attackers use today, from mimicking corporate websites to targeting employees’ personal social media accounts to launch exploits.
TIP: Passwords remain amongst the weakest links in computer security – easy to steal, difficult to secure and offering little proof of a user’s identity. In response to this, 2019 will see measures such as two-factor or multi-factor authentication and biometrics become increasingly commonplace.
Prediction No. 2: Supply Chain Will Be Your Weakest Link
The digital age has helped break down barriers to create an interconnected, global supply chain. These links also prove a boon to opportunistic attackers preying on weaknesses in existing security.
TIP: If third-party systems and devices reside on your network, apply a Zero Trust mode to inspect and verify all traffic by placing them in a zone which only allows approved users and apps to communicate with them.
Prediction No. 3: Data Protection Legislation Gains Ground in APAC
As Asia-Pacific countries pledge greater cooperation with cybersecurity initiatives, the move towards formalising data protection frameworks seem inevitable. The year 2019 could see many countries take the first steps towards protecting it.
TIP: Businesses can use the European Union’s General Data Protection Regulation GDPR as a baseline to assess current gaps in compliance and help determine overall prevention posture.
Prediction No. 4: Forecast For 2019: Cloudy Skies Ahead
The security of the cloud is not the sole responsibility of the cloud service provider; but is shared with enterprises that also must grapple with the security of data, applications, operating systems, network configurations and more. This intertwined ecosystem has made security a much more complex undertaking.
TIP: To succeed, enterprises must have the processes, technology and – most importantly – people in place to keep systems adequately secured. Reducing cyber risk requires having integrated, automated and effective controls in place to detect as well as prevent threats at every stage of the attack lifecycle.
Prediction No. 5: We’ll Finally Realise What Makes Critical Infrastructure (C.I.) So Critical
As CI goes digital and automated, cross-pollination between corporate and industrial networks has made them easier targets for cybercriminals. This is especially dangerous as industry systems such as supervisory control and data acquisition and industrial control systems, which are critical to the energy, water and public transport sectors, often rely on legacy and unpatchable systems.
TIP: CI owners, both public and private, will have to put in place Zero Trust systems and ensure the segregation of access.
The writer is VP & chief security officer, Asia Pacific at Palo Alto Networks