The new General Data Protection Regulation, the scandals that Facebook or the IoT has staged the new year 2018 is about to say goodbye. And from the point of view of cybersecurity, we better prepare ourselves. The case of Facebook and Cambridge Analytica, as well as the Google gap and its decision to close its Google+ social network, shows that not even the biggest players in the industry are safe. If even they are not able to protect the privacy of users, who can do it?
“In response to this question, in which there is a huge wealth of personal and private information of the users that these services handle, it provokes that government agencies take note of how data is being processed and protected,” ESET notes in its report. Trends 2019: Privacy and intrusion in the global village ». Hence the need to exercise greater controls, as has happened with the new General Regulation of Data Protection of the EU (GDPR).
ESET specialists around the world insist that the underlying issues revolve around data protection and privacy. “It happens that, given that technology is constantly advancing, the impact on users’ practices and uses is also changing and mutating, which in turn causes cybercriminals to take an interest in new ways of taking advantage of it”, explain.
Thus, the experts list what are the main threats that will have to be faced in 2019.
IoT: Internet of Things
According to an IDC report, it is estimated that by 2020 there will be 80,000 million smart devices connected attendees in the home. “The reality is that as we move towards greater adoption in the use of IoT devices grouped under a domestic assistant, the risks to security and privacy increase, ” the experts say.
From ESET they advise that if you are going to buy an Alexa, Google Home, Amazon Echo, Apple HomePod or another similar assistant, «you must be aware of what personal data they capture and share».
We have already seen how cybercriminals have used IoT devices to carry out denial of service attacks, “but as more devices are connected and integrated into everyone’s lives, attackers will continue to explore their characteristics to detect other vulnerabilities. (they have already done so with thermostats, security camera systems, children’s toys, vehicles, etc.) and thus carry threats such as fraud, “ransomware” or cryptocurrency mining.
In California, USA, they have passed a law that will require, starting in 2020, that all IoT devices marketed in the market must be configured with unique passwords.
2018 has been the year in which users have become more aware of how their personal data is in the hands of the big technology companies, who handle them at their whim. Does not anyone remember that Facebook put at risk the accounts of 90 million users?
In this sense, the new year will be starring two major: Facebook and Google. “These companies have accumulated gigantic user bases, along with overwhelming amounts of personal data about them, which should be protected from unauthorized access,” they say from ESET.
Although many people have decided to move away from Mark Zuckerberg’s social network, they have not really done so. And is that as they point out from ESET, those same people are spending more time now on Instagram, Messenger, and WhatsApp, applications that are owned by Facebook.
We will see if in 2019 the big technology companies really do something and show that they take privacy seriously enough so that there are no significant gaps, although ESET researchers believe that 2019 will be the year in which users seek alternatives to the traditional platforms.
The reason d’être of the new General Data Protection Regulation has a lot to do with cybersecurity, whose objective is to control access to information to avoid being exposed without authorization, as the experts remember.
The new regulation has been launched this year but its effectiveness will begin to see it in 2019 when the first fines really start to arrive.
The machines will continue to dominate the world. And it depends on the use that is made of them, it can be good or bad. The cybercriminals will continue to carry out attacks and if it is with the least possible effort, in order to obtain a great benefit, the better.
“Probably, the attackers financed by the State begin to use more complex tools to achieve their objectives”, the experts point out, so they will use the most complex tools to distribute ” malware “.
In this sense, “machine learning” is a great ally for researchers within the “malware” industry but it is also a very valuable tool for attackers.
There are three areas, the report points out, that seem to be more subject to the assistance of “machine learning”: the acquisition of the objective, the exploitation of the victim and the protection of resources to prevent their destruction. That is to say, automatic recognition is the key to finding vulnerable targets to be exploited to the fullest. But machine learning also helps them to perfect their attacks. “We can all think of the attempts at ‘phishing’ or scam that we received and that contained great grammatical errors,” the experts recall. However, “machine learning” can help them increase effectiveness in this field.
“Criminals could use web crawlers to track victims while visiting sites or get information from data vendors, also known as” Data Brokers, “to build profiles. This could lead to fraud and phishing attempts to be much more personal and compelling. “