By: Kayla Matthews
As much as we’d like them to, cybersecurity scams and phishing attacks aren’t going away in 2019.
In fact, the march of technology and our reliance on it will only create new and inviting opportunities for criminals. Here are six of the biggest cybersecurity threats and trends to watch for in the coming year.
1. SMS Interception Will Make 2FA Obsolete
Two-factor authentication (2FA) has been a go-to in the fight against unauthorized access to online accounts. You’ve likely used it yourself: after entering a password, you’re “pinged” on another device and given a one-time code to finish your login.
Regrettably, even this venerable security standard may have been rendered obsolete by enterprising cybercriminals. SMS interception can take place via several means, including SIM swap attacks and malware already present on victims’ devices. In any event, the result is that somebody else can end up receiving your SMS messages — including 2FA codes.
This leaves a door wide open in what used to be a fairly robust security practice. As a result, we’re all — internet users and companies alike — looking for credible alternatives to this “two-touch” security.
Fingerprint and face scanners are a good start, but they’re not infallible. Another solution involves using specific physical objects to authenticate our interactions with digital services. It’s a little like the totems in the movie “Inception,” which helped tell the real from the not-real.
2. Companies Must Guard Themselves Against Threats From the Inside
When major companies think about cybersecurity scams and phishing schemes, their thoughts usually dwell on unshaven hackers in disordered basements. But some of the most worrying acts of digital theft in recent years were carried out from within.
This isn’t hypothetical: Coca-Cola and Tesla were both recently hit with attacks from within. In Tesla’s case, an employee with high-level clearances appears to have sent some intellectual property to (still unknown) third parties and sabotaged other pieces of IP to set Tesla back.
According to the Ponemon Institute, $8 million USD is the current average price tag for just one insider theft incident. Unfortunately, in Tesla’s case, the act was carried out by a trusted employee with company-issued credentials: an altogether harder threat to guard against than most others.
3. Identity Thievery Will Remain Big News
It’s the biggest threat to your identity and creditworthiness that you may never know about: it’s called “credit piggybacking.” This practice is barely legal in most situations — but it’s definitely illegal when a stranger’s doing it to somebody they’ve never met.
Using a minor’s Social Security number and name, for example, a modern identity thief can use these critical pieces of information to create a fairly credible “shadow identity” that leverages the victim’s credit and digital footprint to make purchases online, open bank accounts and more.
4. Companies and Employees Must Learn to Keep Email at Arm’s Length
Security research indicates that email is not a secure communication technology, never has been, and there’s probably no permanent fix in the works for some of its weakest weak points.
This might be startling — but companies, employees and everyday internet users need to take it to heart and make 2019 the year we learn to keep email at arm’s length. According to the FBI’s Internet Crime Center, most malware uses email to enter the victims’ systems. Moreover, scams and phishing via email is the single most costly form of cybercrime among businesses.
This security threat, too, is a cultural problem in many cases. Any attempt at security training at the institution level must include coaching employees — or volunteers, in the case of nonprofits — on how to spot a phishing email when one does show up. They can be convincing, but even this is no excuse.
5. If We Care About Security, We’ll Leave Facebook Behind
There seems to be no end in sight to Facebook’s security and privacy embarrassments. By 2018, the list of exploits and potential tools for thieves and social engineers had grown long indeed, even as company founder Mark Zuckerberg took to Capitol Hill to defend their commitments to user protection.
Some of the ways attackers can part Facebook users from their personal or financial information include fake surveys and prize drawings, threats of blackmail based on purported personal videos “going viral,” links to extravagant and tragic fake “news” stories that simply install malware, and other types of attacks that prey on the built-in credibility social media platforms have accumulated over the years and still manage to retain, even as stories like these pile up.
Just as fraudsters prey on the hopeful by engaging in lottery scams, a lot of the fraud happening on Facebook is designed to stir our worldly concern, our desire for financial independence or, in some cases, merely our loneliness.
6. The Internet of Things Will Keep Expanding — at a Cost
There may be as many as 20.4 billion active internet-connected devices by the year 2020. And soon, this global Internet of Things will be joined by 5G networks, which will expand the usefulness, the reach, the number of devices and, of course, the number of potential criminals looking for security exploits.
When 5G does come of age, it will bypass routers and traditional Wi-Fi architecture in many cases, for better and worse. But the “surface area” that remains vulnerable to attack will only increase as these devices proliferate.
In 2019 and beyond, it will be critical for individual users as well as enterprises to apply security updates as they become available and to, as often as possible, keep company IoT networks separated from other company traffic.
With these suggestions, and potentially a helping hand from an outside security firm, companies should find 2019 challenging, but ultimately manageable. And for the rest of us, let these sobering statistics and stories be reminders to practice common sense as technology continues to permeate our lives and bind us together.
Kayla Matthews writes about cybersecurity and technology for publications like Malwarebytes, Security Boulevard, InformationWeek and CloudTweaks. To read more from Kayla, visit her blog: ProductivityBytes.com.