13 data breach predictions for 2019

How will the nature and consequences of data breaches change in the coming year? Industry experts weigh in with their predictions.

Data breaches are inevitable at any organization. But what form will those breaches take? How will the attackers gain access? What will they steal or damage? What motivates them to attempt the attacks? CSO has gathered predictions from industry experts about where, how and why cyber criminals will attempt to break into networks and steal data during the coming year.

1. Biometric hacking will rise

The growing popularity of biometric authentication will make it a target for hackers. We will likely see breaches that expose vulnerabilities in touch ID sensors, facial recognition and passcodes, according to the Experian Data Breach Industry Forecast. “Expect hackers to take advantage not only of the flaws found in biometric authentication hardware and devices, but also of the collection and storage of data. It is only a matter of time until a large-scale attack involves biometrics either by hacking into a biometric system to gain access or by spoofing biometric data. Healthcare, government, and financial industries are most at risk,” said the report’s authors.

2. A cyber attack on a car will kill someone

The ability to hack and take control over a connected vehicle has been proven. Such a hack can not only turn off the car’s engine but disable safety features like antilock brakes or the airbags. “As cars become more connected and driverless cars evolve, hackers will have more opportunities of doing real harm,” says James Carder, CISO at LogRhythm Labs.

3. Attackers will hold the internet hostage

Someone—likely a hacktivist group or nation-state will take distributed denial of service DDoS to a whole new level in 2019 and attempt to take down a large part of the internet in an extortion attempt. A DDoS attack in 2016 against DNS hosting provider Dyn took down many popular websites including Twitter, Reddit and Amazon.com. Security expert Bruce Schneier noted that attackers were probing other critical internet services for potential weaknesses.

“A DDoS attack of this magnitude against a major registrar like Verisign could take down an entire top-level domains (TLD) worth of websites,” WatchGuard’s Threat Lab team wrote in a blog post. “Even the protocol that drives the internet itself, Border Gateway Protocol (BGP), operates largely on the honor system. Only 10 percent of the internet addresses have valid resource public key infrastructure (RPKI) records to protect against route hijacking. Even worse, only 0.1 percent of the internet’s autonomous systems … have enabled route origin validation, meaning the other 99.9 percent are wide open for hostile takeover from route hijacking. The bottom line, the internet itself is ripe for the taking by someone with the resources to DDoS multiple critical points on the internet or abuse the underlying protocols themselves.”

To continue reading this article register now

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!