Digitisation and the increasing connectivity provided by the Internet of Things (IoT) bring enormous opportunities, but also unforeseeable risks and serious vulnerabilities that can be exploited by new forms of cybercrime. In Germany alone, two in three companies fall prey to hacker attacks every year. TÜV SÜD explains the cybersecurity threats that companies should watch out for in 2019.
“Cybercriminals are rapidly developing and adopting new forms of attack to hack into the networks of companies and critical infrastructure. Given this, ongoing investment in cybersecurity is crucial to keep up with technological development”, says Andy Schweiger, Managing Director Cyber Security Services at TÜV SÜD. “TÜV SÜD is a third-party partner delivering the necessary technical expertise, helping customers to use the opportunities offered by digitisation.” According to TÜV SÜD's cybersecurity experts, the following nine trends are on the agenda for 2019:
1 – Data protection and GDPR: Once is as good as never
The implementation of the EU General Data Protection Regulation (GDPR), which came into force on 25 May 2018, still poses a major challenge for many companies. After the first fines were issued in November 2018, companies are facing increasing pressure to up their investments in IT security. They should no longer rely on isolated, interview-based data-protection audits; integrated monitoring calls for a systematic approach to be adopted. Sustainable data protection requires ongoing investment in
2 – Social engineering: People are the weakest link
Many companies use sophisticated technological methods, such as threat intelligence services and penetration tests, to identify IT vulnerabilities – but unfortunately neglect their staff's IT-security training. However, “social engineering” has long become a standard weapon in every cybercriminal’s arsenal. Take “CEO fraud”, for example, which involves impersonation of the CEO as the alleged sender of a deceptively realistic phishing email. Dedicated information, education and training, such as offered by TÜV SÜD, help to at least mitigate this risk. Social engineering scams are relatively easy to set up, and will continue to rise in 2019.
3 – The rise of “Shadow IT”: Pull the plug
Investment in new IT landscapes or company acquisitions represent complex and often very challenging projects. In this situation, companies often forget to disconnect equipment that is obsolete or no longer needed. Running on unsupported operating systems and missing security patches, this old equipment, known as “shadow IT”, offers convenient gaps for cybercriminals to hack into company networks. Risks can be minimised by continuously monitoring the security of the IT infrastructure and clearing out outdated equipment and Software.
4 – Smart factories: Integrate security right from the start
To use the opportunities offered by the Industrial Internet of Things (IIoT), companies invest in connected production facilities. Security should be integrated in this process right from the outset, as later protection of these connected facilities against cyberattacks is a complex- and cost-intensive process. According to the Federal Office for Information Security (BSI), roughly 70 per cent of all companies in Germany were targets of hack attacks in 2017. Vulnerability scans and in-depth security assessments, such as those offered by TÜV SÜD, help companies to assess the security status of their industrial facilities.
5 – Overcome language barriers: Promoting communication between experts and executives
More and more companies are moving cybersecurity up to the status of management issue. Given this, cybersecurity is becoming a focal topic not only for IT managers, but increasingly also for C-level management in operational business. However, executives and IT experts often speak different languages and adopt vastly different perspectives on many issues. In this case, communication that is appropriate for the respective target group is helpful. Otherwise, communication problems may delay the necessary investments in IT security.
6 – Cryptomining vs. ransomware: Mining, not damaging
According to Bitkom, the German tech industry association, in 2016 and 2017 losses of 43 billion euros caused by malware were suffered by German companies alone. In 2019, experts expect a stronger tendency towards cryptomining. Instead of involving damage or theft of data, cryptomining uses a company's IT infrastructure for CPU-intensive mining of cryptocurrencies without the knowledge of the infrastructure owner. Security by design, which considers the security requirements for software and hardware right from the design and development phase, is one possible solution for avoiding security gaps later on.
7 – Cybercriminals also use artificial intelligence
Cyberattacks are increasingly implemented with the use of machine learning and artificial intelligence. Pattern matching, i.e. checking values against known patterns, is no longer enough to ward off these attacks. Given this, companies should focus on identification of anomalies and also use artificial intelligence (AI) in their cybersecurity efforts. By taking this approach, they can identify unusual activities at an early stage.
8 – Cloud security: Secure encryption
In a Bitkom survey, 57 per cent of the CEOs and IT officers surveyed said that they considered storage of their company data in the public cloud to be “very secure” or “relatively secure”. Encrypted cloud storage, like that offered by TÜV SÜD and its subsidiary, Uniscon, is the solution offering the highest level of security and conformity with data protection regulations. Data transfer and storage are encrypted and cannot be accessed, not even by the cloud service Provider.
9 – Nation-state attacks
Large-scale professional cyberattacks launched by hackers working for a government will continue to rise in 2019. Given this, the software vendor's country of origin should be a factor in purchase decisions for cybersecurity software. As a third-party partner, TÜV SÜD supports companies in their quest for the best possible solution.
Further information on cybersecurity is available at https://www.tuv-sud.com/industries/digital-it-services.
Cybersecurity seminars offered by TÜV SÜD Akademie can be found at: https://www.tuv-sud.com/activity/training.
Note for editorial teams: The high-resolution photo is available for download here: vertical format [ JPG 3939 kB ]/ landscape format [ JPG 5386 kB ]
Press-contact: Sabine Krömer