new 2019 cyber challenges

A New Year, New Challenges

Will cybersecurity be better or worse in 2019? 2018 was truly a bad year for tech and according to an op-ed article by Susan Fowler in the New York Times, 2019 may be worse.

Top of the ladder for worries is privacy. It’s become apparent that our data is continually gathered and used without our knowledge. The article points out that in 2018 we discovered:

  • Our cellphones can be monitored
  • Facebook shared our private messages with third parties and

allowed developers using its platform to “harvest and exploit” our data to influence political elections

Today we don’t know how many companies have our personal data and what they are doing with it. The article points out that social media knows as much about us as our friends do; financial tech companies sell our bank account transaction data; and messaging apps have our photos and texts. Too much of our personal information is publically available.

Protecting privacy became a priority in Europe in 2018. They were the first to initiate privacy protection via the General Data Protection Regulation (GDPR) in May. This was a giant leap forward in information privacy notices. To date, nothing with this level of protection is in effect in the United States, the internet remains the modern day Wild West.

2018 was a busy cyber year and saw a large number of data breaches. A few of the major ones were:

  • Quora – 100 million user accounts were compromised
  • Facebook – 50 million users affected (Facebook was actually hacked twice last year)
  • Google+
  • Marriott – 500 million people’s personal data exposed

Read more about the breaches in this informative article at www.nytimes.com

2019 cyber threats

Threats to Look Out for in 2019

The statement “In 2019, new technologies and channels will come to market, opening up additional threat vectors for hackers to explore and attack,” opens up an article in Security Magazine. It grabs attention and businesses should be aware of the cyber risks that could be on the horizon. Following is a condensed version of their list of threats and preventative tips.

Phishing. This older form of attack is predicted to continue as a primary method of attack in 2019. Phishing has become more sophisticated and can now mimic correspondence from banks asking for verification of account information via links. Clicking on these links is extremely dangerous. One needs to verify the sender and treat email links as suspicious.

Document/PDF Attacks. Cybercriminals will leverage our trust in PDFs and Microsoft Office applications via attached or linked documents that are to be downloaded. Treat all documents that come in via emails, browser downloads and email links as executables and, if possible, run them through security software that has sandboxing analysis.

Passwords. Re-using passwords across professional and personal accounts can result in compromises. One way around this is to implement a cloud-based single sign-on with two-factor authentication. Another way is institute longer passwords.

Connected Devices. We are hyper-connected today…cars, thermostats, light bulbs, Google Home/Alexa, phones, etc. All of this results in increased IoT-based attacks. Don’t allow employees to connect personal IoT devices to sensitive networks and educate employees on the risks and threats associated with linking to smart technology products.

Read more about the above at www.securitymagazine.com

Florida voter cyber system

Florida Counties Using a New Cybersecurity System to Protect Elections

Meet ALBERT. Florida Governor Rick Scott announced that $1.9 million would be granted to the Supervisors of Elections for the purchase of a network monitoring security solution. It’s called ALBERT and will provide automated alerts about system threats. This will enable counties to react quickly and respond to the data that may be of risk.

According to a report by WPTV, ALBERT has sensors that will help block attacks and also identify who is behind those attacks. Sound too good to be true? It kind of is. It turns out that there is a flaw in ALBERT as it only detects the threats that it already knows to look for.

Read more at www.wptv.com

LA Times Cyber Threat

Major Newspapers Affected by Cyberattacks

The New York Times reported that the Los Angeles Times had its printing operations disrupted by a cyberattack that originated outside of the United States. This computer malware was apparently focused on Tribune Publishing networks and affected not only the Los Angeles Times, but The New York Times and the Wall Street Journal also. They share a printing plant in Los Angeles for their West Coast editions.

The issue first appeared as a malfunctioning computer server that appeared on a Thursday night. By Friday, the problem was contained, only to come back and spread. Apparently this is typical behavior for sophisticated attacks.

The attack was not linked to a ransom demand. However, it was reported that the attack shared characteristics of a ransomware called Ryuk, which had been used to target a North Carolina water utility as well as other infrastructure targets.

Read more at www.nytimes.com

 


This information is not intended to be exhaustive nor should any discussion or opinions be construed as professional advice.  Should you have any questions or would like to discuss your risk exposure with your company’s cyber insurance, please contact the insurance pros at ARCW Insurance.  We are here to help.