BSI predicts cybersecurity trends for 2019

21 January 2019

BSI’s global centre of excellence for Cybersecurity and Information Resilience has forecast three key emerging trends across the cybersecurity landscape for 2019.

1. ePrivacy Regulation and related international standards

As organizations continue to grapple with the implementation of the GDPR, a new EU regulation will set additional rules to protect privacy and confidentiality in electronic communications. The ePrivacy Regulation will repeal the current ePrivacy Directive and is anticipated to come into force late 2019. The ePrivacy Regulation aims to guarantee the rights laid down in Article 7 of the Charter of Fundamental Rights of the EU, which guarantees the right to a private life and private communications.

Stephen O’Boyle, Global Head of Cybersecurity and Information Resilience Services at BSI said: “The proposed sanctions associated with breaching this new regulation indicate its significance, as with the GDPR, organizations will be expected to pay 4% of their total worldwide annual turnover or a fine of up to €20 million. However, unlike the GDPR, this future ePrivacy Regulation will come with significantly more complex requirements, including architectural compliance and integration. The International Organization for Standardization (ISO) and IEC add weight to the claim that the ePrivacy Regulation is fast-approaching, as they prepare for the publication of the new ISO/IEC 29101 ‘Privacy Architecture Framework’ and ISO/IEC 19086-4 Cloud computing; Service Level Agreement (SLA) framework; Part 4: Components of security and of protection of PII. In 2019, it will be vital that all Information Technology and board level professionals acquaint themselves with this new regulation.”

2. Upsurge in malware

Once considered to be more robust operating systems than their competitors, BSI identifies Linux and MacOS cyber-attacks as another key area for growth in 2019, with the volume of Linux malware reported to have tripled since 2016[1].

Stephen O’Boyle explains: “A commonly held belief that these operating systems are less susceptible to cyber-attacks, could expose the systems to challenging situations. This perception is counterproductive as it means fewer security controls are implemented and, more troublingly, given the reported rise in Linux-based attacks, many Internet of Things (IoT) devices and many web-based systems use Linux operating systems, which could lead to an increase in security breaches if this trend continues to grow. Subsequently, a re-evaluation of security requirements is needed to maintain cybersecurity.”

BSI also highlights crypto mining malware as a significant area which will experience a surge. ‘Cryptojacking’ is a relatively new term which refers to the remote use of malware to take over a computer’s resources and uses them for cryptocurrency mining without a user’s explicit permission.

“The upward trend involving the unauthorised use of individuals’ IT assets to mine digital currencies will persist, however these attacks will move away from being browser-based and instead will originate within your operating system. This underscores our concern surrounding the integrity and resilience of operating systems - securing these cannot be taken for granted. That is why we advise organizations to perform periodic testing to identify and evaluate evolving malware threats,” says Stephen O’Boyle.

3. Critical infrastructure as key targeted sector

In 2019, critical infrastructures will continue to be involved in the cyberwarfare geopolitical landscape but will probably be subjected to more disruptive and offensive cyber-attacks.

Stephen O’Boyle explains: “The rise of state sponsored investment in cybersecurity will continue as a trend, largely in response to the offensive strategies of a select few nations. To counter this growing threat to international relations, the deadline set by EU regulators for the adoption of the Directive on security of Network and Information Systems (NIS Directive) will hopefully push member states to implement best practice surrounding the security of their essential services.”

“The increase in laws and regulations will require high levels of expertize in 2019. Malware attackers and phishing campaigns will continue to be present, characterized by augmented persistence and undetectability. Targeted sectors such as critical infrastructure will remain a primary target in the geopolitical landscape of cyberwarfare. The innovation of technology will continue to be accompanied by unanticipated cyber risks. When it comes to cybersecurity, preparation is vital and forecasting upcoming threats, fixing vulnerabilities and mitigating risks are essential steps in strengthening an organization’s cybersecurity posture,” concludes Stephen O’Boyle.

ENDS

Notes to editors:

To download a copy of the report, please visit https://www.bsigroup.com/en-GB/our-services/cybersecurity-information-Resilience/Resources/Whitepapers/emerging-trends-2019/

BSI Cybersecurity and Information Resilience provides a range of solutions to help organizations address their information challenges covering cybersecurity, information management and privacy, security awareness, compliance and testing. For more information visit bsigroup.com/cyber-ie

BSI will be holding the inaugural BSI International Cyber Resilience Exchange on 26 March 2019, for more information visit: bsicyberexchange.com

[1] https://www.av-test.org/fileadmin/pdf/security_report/AV-TEST_Security_Report_2017-2018.pdf