As with every year, 2019 brings with it myriad security risks and security professionals have a lot to say about what companies and individuals should do to prepare for and prevent these issues. Here’s what seven of the top security professionals believe are the biggest threats looming this year.
Sue Bergamo, Chief Information and Chief Security Officer at Episerver
Digital crimes, especially cyberattacks, will continue for companies all over the globe. As a result, companies will need to improve the security of their networks, their personal devices and offer better education to employees about how to remain diligent in fending off digital attacks. Technology makes it much easier to exploit unsuspecting individuals and, while cybersecurity experts might remain aware of the latest changes, most employees do not.
Security threats will come from mobile phones, email and computer scams. Uninformed employees can lose personal, financial and company data. To that end, companies need to make sure that they not only provide education to their employees but that their networks are up-to-date and that they utilize a layered approach to protecting company data.
Justin Flynn, CISO and Security Practice Director of Lucidia iT
Identity is the most critical component to cybersecurity in the coming year. The biggest risk to organizations is the user base and every user stands to lose their identity. Credential theft is a serious issue. Companies need to focus on identity governance, privileged account management, multi-factor authentication and access management to prevent against such losses.
Again, companies need to educate their people and train their employees on basic security items like social engineering and phishing. Informed user bases can be much more aware of suspicious activities and help to monitor any suspicious activity.
Gary Hayslip, CISA, CRISC, Chief Information Security Officer of Webroot and ISACA expert on information security
In the foreseeable future, there will be two main threats. The first is the social engineering threat that employees face through phishing emails. These emails can include very well-written ransomware information. They are going to be quite destructive and not only impact individuals but the organizations in which those individuals operate.
The second issue is increasing education and security protocols for businesses on a larger scale. Businesses need to take it upon themselves to employ better processes to protect themselves and their company information but they also need to make sure that employees remain aware of what changes are being implemented and why.
Not doing this will expose sensitive data to serious consequences which can eventually result in brand damage, shareholder lawsuits, and even legal action among partners. All of this will significantly reduce a company’s ability to operate.
Martin Bally, Safe-T Executive Advisory Board member and VP/CSO of Diebold Nixdorf
The sale of credentials on the dark web is purportedly one of the larger issues to face companies in 2019. Accounts that typically use corporate email and passwords are being targeted by attackers and the consequences of this include reputational damage and fines. Many states have introduced new regulation that can result in serious civil consequences. Companies need to utilize authentication and access control in order to protect themselves from such issues.
Mike Pflieger, Safe-T Executive Advisory Board member and CISO of CDW
Today, humans are still one of the main targets for bad actors which means that faculty and staff need to be aware of phishing as a significant threat. Social engineering is one of the main ways that people get faculty and staff to give up personal information that is then used nefariously. Fraud is also a risk whereby employees are coerced into giving data and products away.
Another threat is using a business email for personal activities and using business emails and passwords across a multitude of websites for personal reasons. Consequences can include ransomware or malware being used against the target. Verifying who sends emails or attachments in situations where that email is unexpected is the first actual step to protecting businesses. Work emails should not be used for personal purposes.
Mikhael Felker, Safe-T Executive Advisory Board member and Director of Information Security & Risk at Farmers Insurance
Common personal threats such as identity theft, ransomware and phishing are the biggest security risks. People are generally very busy and they reuse the same password across multiple websites. This means that once attackers obtain that password they can reuse it across several different online services. The best defense against this is to utilize a password manager and create unique usernames and passwords for each account.
Aaron S Birnbaum, Founder and CSO at Seron Security
The biggest cyberthreats continue to be improved versions of the same threats that people have seen over the years such as Trojans, rootkits, ransomware and viruses. The issue is not what infects the system but how it infects the system. Ninety percent of compromises come from email attachments or links that are clicked on from email.
The single best thing that companies can do is to spend the time and money providing security awareness training to prevent such malware from entering into the company network in the first place. Humans are the element that causes a great deal of these issues. Computers don’t click on links. Computers don’t download nefarious attachments—people do. People remain the first and last line of defense against security threats, which is why companies need to invest in preventative measures.
Overall, what remains the critical component across the board for security risks in 2019 is the human element. Companies have to take charge of this by providing education so that employees understand what attacks are on the horizon and how to recognize a threat before it becomes an issue.