A Look into 2019: Cyber Threat Trends

A Look into 2019: Cyber Threat Trends

A lot happened in 2018 - especially on the cyber security side of things.

A lot happened in 2018 - especially on the cyber security side of things. We had some of the biggest data breaches in history in terms of just how many people were affected by the damage put forth by cyber criminals around the world on companies like Facebook and Marriott. 

In an effort to educate ourselves for the future, I decided to ask the experts from The Chertoff Group, a global security advisory firm that enables clients to navigate changes in security risk, technology and policy, to write out a comprehensive list of predicted cyber trends in 2019. They broke it down between cyber threats, cyber policy and cyber market. 

Cyber Threat Trends


If the recent and explosive growth of ransomware is an indication of anything, it is that criminal organizations will continue to employ malware for profit. Cryptojacking, otherwise known as “Cryptomining malware”, uses both invasive methods of initial access, and drive-by scripts on websites, to steal resources from unsuspecting victims. Cryptojacking is a quieter, more insidious means of profit affecting endpoints, mobile devices, and servers: it runs in the background, quietly stealing spare machine resources to make greater profits for less risk. Due to its ease of deployment, low-risk profile, and profitability TCG posits that this trend will continue to increase in 2019.

Software subversion

While exploitation of software flaws is a longstanding tactic used in cyber attacks, efforts to actively subvert software development processes are also increasing. For example, developers are in some cases specifically targeted for attack. Malware has also been detected in certain open source software libraries. As software code becomes more complex and dynamic, the opportunities for corruption increase as well. In 2019, we will see a continued increase in the use of third-party applications or services as the “back channel” into networks through the corruption of third-party firmware/software (and updates thereof); such back channels can bypass traditional protective and detection capabilities in place to prevent externally-based incidents and infecting the corporate network.

Rise in attacks to the cryptocurrency ecosystem

“Why do people rob banks? That’s where the money is.” Use of cryptocurrencies for everyday transactions is becoming commonplace, and we will continue to see a related rise in attacks against individuals and organizations who use cryptocurrency as an increasingly standard element of their business operations and transaction options.

Cyber Policy Trends

(Slow) Domestic Movement on Data Privacy and Security Legislation

High profile breaches and implementation of GDPR and California’s Consumer Privacy Act will help to drive domestic efforts on comprehensive data security and privacy legislation, though a divided Congress and limited interest from the White House is likely to slow progress. Expect additional states to follow California’s lead if Congress fails to take action, regardless of lawsuits filed by technology companies or the Department of Justice.

Cyber threats and influence operations

Fear, uncertainty and doubt continue to build around the cybersecurity of state and local election technologies and will only continue to grow as the U.S. looks to the Presidential and general elections in 2020.

Heightened incident disclosure expectations (SEC, etc.)

  • The European Union General Data Protection Regulation (GDPR) became enforceable on May 25, 2018. GDPR includes a requirement that organizations must report a personal data breach within 72 hours after becoming aware of it. Likewise, the New York State Department of Financial Services (DFS) has imposed a requirement that firms subject to its jurisdiction notify DFS 72 hours after determining that either of the following two events has occurred: (1) a breach of personal data breach or (2) events that have a “reasonable likelihood of materially harming any material part of the normal operation(s)” of the regulated entity. These timeframes significantly accelerate reporting timeframes, putting pressure on organizations to mature incident response and resiliency capabilities to be able to meet these new mandates. 
  • Separately, on February 21, the SEC released updated guidance on public company cybersecurity disclosure requirements under Federal securities laws. The guidance focuses on two topics: (1) the importance of maintaining comprehensive cyber policies and procedures, particularly on timely disclosure of material cyber risks and incidents, and (2) the application of insider trading prohibitions to material cybersecurity risks and incidents. Recent incidents at Yahoo, Uber and Equifax have served as forcing function for government and public companies to take a harder look at breach disclosure norms. A threshold disclosure question is one of materiality – i.e., if there is a “substantial likelihood that a reasonable investor would consider the information important in making an investment decision or that disclosure of the omitted information would have been viewed by the reasonable investor as having significantly altered the total mix of information available.” While the Commission provides that “[w]e do not expect companies to publicly disclose specific, technical information about their cybersecurity systems,” there is an expectation that public companies should “disclose the extent of its board of directors’ role in the risk oversight of the company, such as how the board administers its oversight function and the effect this has on the board’s leadership structure.” A key question is thus how senior management and Boards are advancing their understanding of cyber risk such that they can make informed judgments about materiality. Vulnerability equities process

The Vulnerabilities Equities Process (VEP) “balances whether to disseminate vulnerability information to the vendor/supplier in the expectation that it will be patched, or to temporarily restrict the knowledge of the vulnerability to the USG, and potentially other partners, so that it can be used for national security and law enforcement purposes, such as intelligence collection, military operations, and/or counterintelligence.” The exposure and subsequent exploitation of NSA’s Eternal Blue has amplified calls to address the vulnerability equities issue by tilting the scale increasing towards disclosure.

CISA and lingering private sector resistance

The Cybersecurity Information Sharing Act was passed to improve cybersecurity through enhanced information sharing on cybersecurity threats between the public and private sectors. Although it offers liability protections for the private sector, many large companies continue to be reticent to share sensitive, potentially risk-reducing information with peers and the government.

Ambiguity remains for the Lines of Defense

Organizations continue to struggle to define and implement effective First and Second Lines of Defense. While there is a general consensus that First Line consists of information security operations and Second Line is responsible for cyber risk oversight, security practitioners, risk managers and regulatory bodies are not consistently aligned on the practical implementation of these concepts. Ambiguity in this area can have significant organizational and risk mitigation implications.

Cyber Market Trends

Threat emulation to measure effectiveness (ATT@CK)

Organizations are embracing the MITRE ATT&CK model with a slew of new products and services to provide better, granular modeling related to threat tactics, techniques and procedures (TTPs). 2019 will see an increase in products and services that can model threat actor campaigns and suggest mitigation strategies and/or validate people, process, and technologies in place that address these TTPs. [INTERNAL TCG: Example of tool optimization/testing for effectiveness (Verodin, AttackIQ, Darklight, etc.)]

Identity solutions moving to the cloud

Historically organizations have preferred to manage their identity tools and services, especially Active Directory and privileged account management, onsite due to the sensitive nature of the information (“crown jewels”) as well the general importance in protecting the information to maintain business operations. Organizations are increasingly moving to cloud-based IAM solutions to compliment cloud-based application security capabilities. IAM movement to the cloud continues the security product migration first seen by endpoint detection and response products and being adopted across whole segments of the security industry.

Authentication through mobile devices will explode

Acceptance and use of biometrics, facial recognition, QR codes, etc. via mobile devices will increase as organizations and users gain trust that these approaches provide additional security to currently “insecure” elements at places like voting booths, for DMV registration, etc. Greater acceptance trending is also linked to the proliferation of converged physical-cyber security in identity proofing – i.e., need to use facial recognition at facility turnstiles, access WiFi via devices, etc.

Customers will increasingly focus on effective risk management as a differentiator

The operational impacts of notPetya to FedEx and a data breach to Equifax were not just expense items – in both cases, customers voted with their feet and the companies lost revenue. Moreover, Equifax had been certified as against several information security standards (e.g., PCI). Customers will thus not only increasingly look for assurance that service providers have cybersecurity programs in place but will also be looking beyond compliance-based measures to proof of actual effectiveness.


  • 12 Commercial Crime Sites to Do Your Research

    12 Commercial Crime Sites to Do Your Research

    Understanding crime statistics in your industry and area is crucial for making important decisions about your security budget. With so much information out there, how can you know which statistics to trust? Read Now

  • Boosting Safety and Efficiency

    Boosting Safety and Efficiency

    In alignment with the state of Mississippi’s mission of “Empowering Mississippi citizens to stay connected and engaged with their government,” Salient's CompleteView VMS is being installed throughout more than 150 state boards, commissions and agencies in order to ensure safety for thousands of constituents who access state services daily. Read Now

  • Live From GSX: Post-Show Review

    Live From GSX: Post-Show Review

    This year’s Live From GSX program was a rousing success! Again, we’d like to thank our partners, and IPVideo, for working with us and letting us broadcast their solutions to the industry. You can follow our Live From GSX 2023 page to keep up with post-show developments and announcements. And if you’re interested in working with us in 2024, please don’t hesitate to ask about our Live From programs for ISC West in March or next year’s GSX. Read Now

    • Industry Events
    • GSX
  • People Say the Funniest Things

    People Say the Funniest Things

    By all accounts, GSX version 2023 was completely successful. Apparently, there were plenty of mix-ups with the airlines and getting aircraft from the East Coast into Big D. I am all ears when I am in a gathering of people. You never know when a nugget of information might flip out. Read Now

    • Industry Events
    • GSX

Featured Cybersecurity


New Products

  • ComNet CNGE6FX2TX4PoE

    The ComNet cost-efficient CNGE6FX2TX4PoE is a six-port switch that offers four Gbps TX ports that support the IEEE802.3at standard and provide up to 30 watts of PoE to PDs. It also has a dedicated FX/TX combination port as well as a single FX SFP to act as an additional port or an uplink port, giving the user additional options in managing network traffic. The CNGE6FX2TX4PoE is designed for use in unconditioned environments and typically used in perimeter surveillance. 3

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame. 3