Happy New Year, a look at what happened 2018 and what we expect of 2019
In the rear-view mirror 2018 might be looked upon as a slow year when it comes to cyber-attacks. Not because they didn’t happen, but mainly due to the fact that there were fewer ground breaking news stories. In 2017 we had WannaCry (affecting more than 300,000 computers in 150 countries) and the Equifax’s data breach (exposing half of the US) that basically everyone was talking about.
If anything, 2018 will be known as the year of data breaches, with plenty of large ones and an uncountable number of small ones. Perhaps if I have to choose one that I will remember it would be the British Airways data breach (but we also have Under Armour and Marriott as close runner-ups).
Trends that are starting to show are cyber-attacks related to vehicles, cloud, and IoT. For instance, during 2018 the Tesla AWS cloud account was hijacked to mine crypto-currency, a rare malware was uncovered in the Uber Android app, and Cadillac had their ODB-II port sniffed. Different cloud providers have seen misconfiguration, unauthorized access, insecure interfaces, and hijacked accounts appear as top threats. And IoT devices have been infected with malware to create massive botnets. I believe that next year, 2019, we will see much more of these examples.
What we can do is enter 2019 being more prepared than before. That is, not waiting for the next big attack to happen and hope that it won’t be us in the news. No, being proactive is key. Nowadays there are solutions for quantitative data driven IT risk analysis (let’s call it threat modeling with breach and attack simulations) that can help us find threats, structural vulnerabilities, limiting the success and consequence of potential attacks, and prioritizing the security countermeasure investments. Thus, there is no need to panic if you are onboard with these. Help is on the way.
2018 was a big year for foreseeti, new and improved product releases were launched, customers and partners are now present in more than six countries and three continents, and several large development projects where won under fierce competition - leading the way into 2019. Since I am a firm believer in following the data 2019 will have us at foreseeti focusing more on developing key features for cloud, IoT, and vehicle security. Or what do you say about having a one-click AWS security assessment?
Article by: Robert Lagerström, Associate Professor in Software Systems Architecture & Security, KTH & foreseeti