By Gerry Grant, Chief Security Officer.
Unbelievably, it is now late June and we are almost halfway through 2019. Normally at the start of a year we see lots of ‘predictions’ around what will happen in the world, including the types of cyber threats that may emerge. Instead of waiting till December, let’s have a look now at what we believe will be on the cyber horizon in the next six months based on the first half of 2019.
The first thing on our radar is news from May which could have a huge impact on organisations of all sizes. During their regular ‘Patch Tuesday’ last month, Microsoft issued a fix for a vulnerability that has the potential to wreak as much havoc as the ‘WannaCry’ attack that the NHS and many others got caught up in. Basically, there is a weakness in a commonly used protocol, RDP, that affects some Windows machines. Not only has Microsoft issued warnings for people to update, but so has the American National Security Agency (NSA). Weeks after the security patch has been released, there are still many hundreds of thousands of machines that are still not updated and left vulnerable to attack. My prediction is that one of two things are going to happen before Christmas. 1. Everyone will update their systems and the hackers will stay on Santa’s nice list. 2. We are going to see another mass scale attack like WannaCry that will have a large impact across the globe. Santa may need to check that list twice.
There has been a steady decline in ransomware attacks over the last couple of years, but my next predication is that ransomware is not yet dead. In the golden age of ransomware everyone was a target. The fact is that we are now better prepared for this type of attack, with organisations and individuals regularly backing up their data. As a result, these attacks are becoming less profitable for cyber criminals. But cyber criminals don’t stand still, and their focus has now changed to targeting specific organisations rather than mass blanket attacks. Just ask the city of Baltimore in the USA who were hit with an attack at the start of May. The estimated cost of this attack is $18 million and currently they are still in recovery mode. The beauty of a targeted attack from the point of view of a criminal is that the pay-out directly correlates with how much damage they can cause. This strategy can be a license to print money.
Finally, GDPR is now one year old. Almost a toddler. The second half of 2019 could be the time that we see large, high profile cases in relation to these regulations. Some companies are still nervous around this and are treading carefully but as more organisations start looking at technology such as facial recognition, how long will it be before someone raises a case that sees these two hot topics meet? Microsoft has recently removed a database of over 10 million faces downloaded from the internet and used to ‘train’ facial recognition systems. Some say that this was taken down amid privacy concerns, Microsoft say it was because the ‘person who curated it had now left the company’.
Anyway, those are my thoughts on what to expect over the next few months. I’ll be keeping my eye on the headlines as they unfold.
If you have any questions or concerns of your own, please get in-touch with our cyber security team.