Two Cybersecurity Predictions for 2019
Naaman Hart, Managed Services Security Engineer at Digital Guardian, on what 2019 could have in store for the world of cybersecurity, threats, and vulnerabilities.
On why Windows 7, which Microsoft will stop support for in 2020, could cause headaches
Windows 7 will continue to be an issue. When Microsoft released Windows 10 it essentially gave it away for free to vast swathes of the globe. The hope was to disrupt the massive number of machines that were still running Windows XP – many of which were known to be part of one of the biggest botnet armies in the world. And then there’s Windows 7, which was scheduled to be ‘retired’ – until Microsoft announced that it will offer extended ‘security update’ support until January 2023.
The problem that this model will cause is that while there is pressure to move to newer and less vulnerability-ridden operating systems, companies will now further delay their migration. Microsoft has set the tone that a product released in July 2009 will be allowed to continue past its 13th Birthday. Windows XP was 14 when Microsoft tried to end its reign with Windows 10 so we have to wonder whether we’ve learnt anything from the problems a planet of Windows XP machines caused. While companies struggle to mitigate the effects of maintaining Windows 7 for another five years, they can count on having to defend against botnets built up of the same. If companies delay investing in their IT environments, they will find themselves defending against insider and outsider attacks made viable by the same operating system they’ve clung to so tightly."
The FBI said this year that the total value of Business Email Compromise (BEC) scam losses topped $12 billion. Will BEC scams continue to be a thorn in the side for companies?
"Business Email Compromise will continue. Companies will traditionally target their employees with security awareness training about not opening suspicious emails or links but how many train their staff to refuse a direct command from senior staff? The art of “Whaling” aims to compromise a senior staff members email and then use that to instruct junior staff to make payments to bank accounts of fraudsters. Because these attacks are succeeding and they’re very lucrative they will continue to attract more groups willing to try their methods.
It’s time that businesses thought about applying security to their business practices as IT security tools are not infallible against human behavior. As an example, train your staff to require third party validation for any financial transaction or introduce payment procedures requiring multiple sets of independent eyes. Malicious individuals are abusing the fact that junior staff implicitly trust their seniors and that they fear for their jobs if they do not act quickly as instructed. You must put in place processes and beliefs that when unordinary requests come through they should be questioned."