Cybersecurity Predictions for 2019 vs. What Actually Happened
The end of the year is always a great time to reflect on what happened in the past 12 months. Did things go the way we had anticipated? If not, what lessons were learned? By doing so we can make smarter decisions for the following year.
So, what was predicted for 2019 and what actually happened? Let’s take a look.
Ransomware, a type of malicious software designed to block access to a computer system until a sum of money is paid, has been the leading cyber threat for the past few years. Whereas cryptojacking, a type of cyber attack in which a hacker hijacks a target’s processing power to mine cryptocurrency on the hacker’s behalf, has only been a threat since late September of 2017. A midyear report from Wired in 2018, stated that cryptojacking had 35% share of all web threats. That being said many people predicted that number to continue rising into the next year and eventually surpass ransomware as the leading cyber threat.
So, did cyrptojacking overthrow ransomware as the leading cyber threat in 2019?
What actually happened: Many reports for 2019 predicted a decline in ransomware attacks, yet this was not the case. The McAfee report reveals that ransomware incidents increased by 118% during the first quarter of 2019! A very different outcome than what was predicted.
Aside from ransomware, cryptojacking was also on the rise in 2019. In the first half of 2019, it rose by 9% compared to the last half of 2018. Although an increase in cryptojacking for 2019 was predicted correctly the number one cyber threat for 2019 was social hacking. According to Security Magazine, 93% of all data breaches investigated in 2019 were due to social engineering such as phishing attacks.
You might also like: 4 Reasons Why Cybersecurity is More Important than Ever
With an increase in cyber attacks one would assume that organizations would combat these attacks by upping their cybersecurity budgets to defend against them. However, until recently cybersecurity spending was not a top business concern and consequently did not receive proper funding at many organizations large and small.
So, did organizations take cybersecurity spending seriously in 2019?
What actually happened: Cybersecurity spending was expected to rise by 8.7% from last year according to Gartner. Overall, spending has increased worldwide on cybersecurity in 2019. The areas that have seen the most growth in spending are on information security products and services, spending to implement recent privacy laws, and on GDPR-related consulting and services. Thankfully, organizations are beginning to realize the importance of cybersecurity and are starting to implement budgets to properly reflect their security needs.
Cybersecurity Spending Worldwide in 2019:
Security Services = $64.2 Million
Infrastructure Protection = $15.3 Million
Network Security Equipment = $13.2 million
(Source: RSA Conference)
No longer are the days that cybercriminals only go after large companies, in today’s world cybercriminals are equal-opportunity attackers. That means SMBs are not exempt from an attack and they too need to take cybersecurity seriously.
So, will SMBs take a proactive approach to handling cybercrime?
What actually happened: Even though we saw an ever-increasing rise of cyber-attacks in 2019 some SMBs are still not convinced. Out of a report from Fundera, 66% of small businesses say they are concerned or extremely concerned about cyber security risk, yet 47% of them say they have no understanding of how to protect themselves against cyber-attacks. And still in 2019 with 43% of cyberattacks made against SMBs 54% of small businesses think they are too small for an attack. So maybe this prediction isn’t entirely true. We can only hope SMBs rethink their cybersecurity strategies for the following year and put more emphasis on the importance of defending and protecting against cybercriminals.
As the EU rolled out the GDPR we expected to see similar privacy laws in the United States. With more and more concerned consumers, it now seems like our duty to hold companies responsible for how they use and protect our personal identifying information (PII). There have been far too many breaches where millions of records of PII have been exposed. We can’t let this carry on and need to demand more of companies collecting and using our information for more privacy and control over our own information.
So, has anything been done to better protect consumer privacy and data?
What actually happened: Currently, the U.S. is one of the few developed nations that does not have complete consumer data protection laws along with an independent agency to apply them. Instead, consumers rely on the FTC to safeguard our privacy, which is not a great option as so little is being done thus far. As of recently this could be changing, so not a true prediction for this year (Let’s see how this will play out in 2020.). So far, the California Consumer Privacy Act has been passed and will go into effect following 2019. Along with that, YouTube will begin complying with the Children’s Online Privacy Protection Act (COPPA) by stopping personalized ads on children’s content and requiring content creators to specify whether their content is made for children.
See also: Understanding the Proposed Changes to the Safeguards Rule and Who It Affects
Out of these four cybersecurity predictions for the year, one and half of them came true. I’m only counting half for prediction #3 since well…it’s only half true. With 2020 right around the corner I know one thing is true, cyber attacks will not be going away and those SMBs who continue to push off cybersecurity will see themselves in a lot more danger than if they just took the steps to adopt a cybersecurity approach for the new year.
Stay tuned for our 2020 predictions to come in January! (Hit the subscribe button so you don’t miss it.)