BSI’s global centre of excellence for Cybersecurity and Information Resilience has forecast three key emerging trends across the cybersecurity landscape for 2019:
ePrivacy Regulation and related international standards
As organizations continue to grapple with the implementation of the GDPR, a new EU regulation will set additional rules to protect privacy and confidentiality in electronic communications. The ePrivacy Regulation will repeal the current ePrivacy Directive and is anticipated to come into force late in 2019. The ePrivacy Regulation aims to guarantee the rights laid down in Article 7 of the Charter of Fundamental Rights of the EU, which guarantees the right to a private life and private communications.
Stephen O’Boyle, Global Head of Cybersecurity and Information Resilience Services at BSI said: “The proposed sanctions associated with breaching this new regulation indicate its significance, as with the GDPR, organizations will be expected to pay 4 percent of their total worldwide annual turnover or a fine of up to €20 million. However, unlike the GDPR, this future ePrivacy Regulation will come with significantly more complex requirements, including architectural compliance and integration. The International Organization for Standardization (ISO) adds weight to the claim that the ePrivacy Regulation is fast-approaching, as it prepares for the publication of its new ISO/IEC 29101 ‘Privacy Architecture Framework’ and ISO/IEC 19086-4 Cloud computing; Service Level Agreement (SLA) framework; Part 4: Components of security and of protection of PII. In 2019, it will be vital that all information technology and board level professionals acquaint themselves with this new regulation.”
Upsurge in malware
Once considered to be more robust operating systems than their competitors, BSI identifies Linux and MacOS cyber attacks as another key area for growth in 2019, with the volume of Linux malware reported to have tripled since 2016.
Stephen O’Boyle explains: “A commonly held belief that these operating systems are less susceptible to cyber attacks, could expose the systems to challenging situations. This perception is counterproductive as it means fewer security controls are implemented and, more troublingly, given the reported rise in Linux-based attacks, many Internet of Things (IoT) devices and many web-based systems use Linux operating systems, which could lead to an increase in security breaches if this trend continues to grow. Subsequently, a re-evaluation of security requirements is needed to maintain cyber security.”
BSI also highlights crypto mining malware as a significant area which will experience a surge. ‘Cryptojacking’ is a relatively new term which refers to the remote use of malware to take over a computer’s resources and uses them for cryptocurrency mining without a user’s explicit permission.
“The upward trend involving the unauthorised use of individuals’ IT assets to mine digital currencies will persist, however these attacks will move away from being browser-based and instead will originate within your operating system. This underscores our concern surrounding the integrity and resilience of operating systems - securing these cannot be taken for granted. That is why we advise organizations to perform periodic testing to identify and evaluate evolving malware threats,” says Stephen O’Boyle.
Critical infrastructure as the key targeted sector
In 2019, critical infrastructures will continue to be involved in the cyber warfare geopolitical landscape but will probably be subjected to more disruptive and offensive cyber attacks.
Stephen O’Boyle explains: “The rise of state sponsored investment in cyber security will continue as a trend, largely in response to the offensive strategies of a select few nations. To counter this growing threat to international relations, the deadline set by EU regulators for the adoption of the Directive on security of Network and Information Systems (NIS Directive) will hopefully push member states to implement best practice surrounding the security of their essential services.”
“The increase in laws and regulations will require high levels of expertize in 2019. Malware attackers and phishing campaigns will continue to be present, characterized by augmented persistence and undetectability. Targeted sectors such as critical infrastructure will remain a primary target in the geopolitical landscape of cyber warfare. The innovation of technology will continue to be accompanied by unanticipated cyber risks. When it comes to cyber security, preparation is vital and forecasting upcoming threats, fixing vulnerabilities and mitigating risks are essential steps in strengthening an organization’s cyber security posture,” concludes Stephen O’Boyle.