As CISOs prepare for a fierce battle with the nefarious plans of cyber attackers and their crafted cyberattacks methods, the battlefield seems to be widening even more. With technology heavy-lifting in organizations in pursuit of digital transformation goals, the threat landscape is becoming a never-ending puzzle for CISOs and InfoSec leaders.
According to a report by SonicWall, all malware is on the rise with ransomware seeing the biggest growth with 117% jump between January to October 2018. But, what’s even more interesting is that over 300,000 new attack variants were spotted, which breaks down to 1,095 new attacks each day. Surprisingly, 50,000 of these attack variants have never been seen before. Besides a surge in variants, 2018 saw a surge in targeted ransomware attacks. Cryptojacking has been gaining momentum and steadily rising up the ranks as the attack choice for cybercriminals.
With targeted attacks by skilled and persistent cyber criminals becoming the norm, the cost and resultant damages from cyberattacks are also growing exponentially. According to Ponemon Institute’s 2018 Cost of a Data Breach 2018 study, the cost of an average data breach to companies worldwide runs into a staggering $3.86 million (U.S. dollars).
dynamicCISO.com spoke to some of the leading CISOs and cybersecurity professionals to understand what they perceive to be the biggest and most critical cybersecurity threats affecting their business in 2019.
Here is what they have to say:
“With multiple access points, disparate networks and cloud-enabled apps on rise, Shadow IT poses significant risk with a lot of gaps.” Subhajit Deb, CISO, Dr. Reddy’s Laboratories
“Unknown risks will hit companies due to rising adoption of RPA, AI and ML during application and product development. There may be other threats also, including Insider threat, OT and IoT security, unpatched system, malware, phishing mail, privacy concerns, etc.” Nitin Gaur, Director – Information Security, Risk and Compliance, Omega Healthcare Management Services
“2019 will see a rise in cyber war from adversaries who are focused on specific industries and governments. Target of this war will be information and data. Security errors and mistakes can bring down legacy organizations to bankruptcy.” Sridhar Govardhan, Head – Cyber Security, Wipro
“Ransomware attacks are expected to be back with a big bang. New crop of malware variants is being tried out by cyber criminals, which will be devastating and can cripple both governments and businesses alike; will inflict severe damage and command a huge ransom demand. Unsecured Internet of Things (IoT) devices and networks that are growing exponentially are also very vulnerable. They would be compromised for use as proxies for routing malicious traffic that could be used for unlawful activities. Imagine the havoc that would be caused to patients if connected and implanted medical devices (Internet of Medical Things) are infiltrated with a virus that causes a DDoS attack.” Ganesh Viswanathan, SVP – Quality & Compliance, Chief Information Security & Privacy Officer, Quatrro
“Like in the last couple of years, data protection and protection of sensitive/confidential information would be of a complex problem to deal with. Preventing and combating data breaches and ransomware attacks would remain one critical cybersecurity threat with the potential to unsettle the world.” Meetali Sharma, Corporate Risk, Compliance & Security Leader, SDG Software India Pvt. Ltd.
Rapid adoption of cloud and SaaS services is bringing in risks that are difficult to measure and control. Integrating them into existing governance framework is important. When workload is moved to multiple cloud environments, controlling access, data and securing infrastructure is a big challenge. Infosec maturity of SaaS services is an important aspect, especially in FinTech where many of them operate by capturing sensitive information.” Gopakumar Panicker, CISO, Aditya Birla Finance
“Local insider threat is the most prominent one. To counter this, it is required to secure that gate completely. Investment shall be required from a process and technology perspective.” Aditya Khullar, Tech Security Leader, Paytm
“Identity threat will be a huge threat going into 2019. We are living in digital world with integrated technologies & APIs. We want all our applications to work with single identity like Google or Facebook. Our most applications like Gmail, Facebook, Twitter, Android phones, prepaid wallet (PayTM, Free charge, Airtel Money), which are linked with one account. If there is an attacker/group of attackers who wants to target the individual/state/country, they can find the most popular and try to break in to the system to gain the access to the information. Also, 2019 is a year where cyber espionage will be a big threat to the industry.” Fal Ghancha, CISO, Aegon Life Insurance
“The challenge that continues in 2019 is lack of basic cyber hygiene and lack of visibility. To tackle this, we are initiating security management center to thwart cyber hygiene issues.” Mihir Joshi, AVP and CISO, DSP BlackRock
“Currently, APT is one of the most critical cybersecurity threats that has the potential to unsettle the world because if we consider APT attacks during Q3 & Q4 in year 2018, total 17 APT attacks were executed, out of which 4 APT attacks during Q3 and 13 APT attacks during Q4. So, by considering the increased number of APT attacks during Q4 and the intentions of APT Threat Actors, Aerospace & Defense Organizations, Government Agencies, Energy sectors (Power Grids & Nuclear Plants), and Oil & Gas Industries will stay among the top targets and will have hardest time to deal with mass APT attacks during the year 2019.” Rahil Karedia, Threat Intelligence & Threat Research Specialist, Network Intelligence (I) Pvt. Ltd.
(Image Courtesy: www.information-age.com)