“Cybercriminals are rapidly developing and adopting new forms of attack to hack into the networks of companies and critical infrastructure. Given this, ongoing investment in cybersecurity is crucial to keep up with technological development”, said Andy Schweiger, Managing Director Cyber Security Services at TÜV SÜD. And according to TÜV SÜD’s cybersecurity experts, the following nine trends are on the agenda for 2019:
1. Data protection And GDPR
The implementation of the EU General Data Protection Regulation (GDPR), which came into force on 25 May 2018, still poses a major challenge for many companies. After the first fines were issued in November 2018, companies are facing increasing pressure to up their investments in IT security. They should no longer rely on isolated, interview-based data-protection audits; integrated monitoring calls for a systematic approach to be adopted. Sustainable data protection requires ongoing investment in IT security.
2. Social Engineering
Many companies use sophisticated technological methods, such as threat intelligence services and penetration tests, to identify IT vulnerabilities – but unfortunately neglect their staff’s IT-security training. However, “social engineering” has long become a standard weapon in every cybercriminal’s arsenal. Take “CEO fraud”, for example, which involves impersonation of the CEO as the alleged sender of a deceptively realistic phishing email. Dedicated information, education and training, help to at least mitigate this risk. Social engineering scams are relatively easy to set up, and will continue to rise in 2019.
3. The Rise Of “Shadow IT”
Investment in new IT landscapes or company acquisitions represent complex and often very challenging projects. In this situation, companies often forget to disconnect equipment that is obsolete or no longer needed. Running on unsupported operating systems and missing security patches, this old equipment, known as “shadow IT”, offers convenient gaps for cybercriminals to hack into company networks. Risks can be minimised by continuously monitoring the security of the IT infrastructure and clearing out outdated equipment and software.
4. Smart Factories
To use the opportunities offered by the Industrial Internet of Things (IIoT), companies invest in connected production facilities. Security should be integrated in this process right from the outset, as later protection of these connected facilities against cyberattacks is a complex- and cost-intensive process. According to the Federal Office for Information Security (BSI), roughly 70 percent of all companies in Germany were targets of hack attacks in 2017.
5. Overcoming Language Barriers
More and more companies are moving cybersecurity up to the status of a management issue. Given this, cybersecurity is becoming a focal topic not only for IT managers, but increasingly also for C-level management in operational business. However, executives and IT experts often speak different languages and adopt vastly different perspectives on many issues. In this case, communication that is appropriate for the respective target group is helpful. Otherwise, communication problems may delay the necessary investments in IT security.
6. Cryptomining Vs. Ransomware
According to Bitkom, the German tech industry association, in 2016 and 2017 losses of 43 billion euros caused by malware were suffered by German companies alone. In 2019, experts expect a stronger tendency towards cryptomining. Instead of involving damage or theft of data, cryptomining uses a company’s IT infrastructure for CPU-intensive mining of cryptocurrencies without the knowledge of the infrastructure owner. Security by design, which considers the security requirements for software and hardware right from the design and development phase, is one possible solution for avoiding security gaps later on.
7. Artificial Intelligence
Cyberattacks are increasingly implemented with the use of machine learning and artificial intelligence. Pattern matching, i.e. checking values against known patterns, is no longer enough to ward off these attacks. Given this, companies should focus on the identification of anomalies and also the use artificial intelligence (AI) in their cybersecurity efforts. By taking this approach, they can identify unusual activities at an early stage.
8. Cloud Security
In a Bitkom survey, 57 percent of the CEOs and IT officers surveyed said that they considered storage of their company data in the public cloud to be “very secure” or “relatively secure”. Encrypted cloud storage is a solution that offers the highest level of security and conformity with data protection regulations. Data transfer and storage are encrypted and cannot be accessed, not even by the cloud service provider.
9. Nation-State Attacks
Large-scale professional cyberattacks launched by hackers working for a government will continue to rise in 2019. Given this, the software vendor’s country of origin should be a factor in purchase decisions for cybersecurity software.
READ MORE INDUSTRIAL AUTOMATION NEWS
WANT MORE INDUSTRY INSIGHTS? SUBSCRIBE TO IAA NOW!
CHECK OUT IAA’S CURRENT AND PAST ISSUES: DIGITAL MAGAZINE