Watch Out!

For These Top 5 Cyber-Threats

The 5 Biggest Cyber-Security Challenges in 2019

As we become more digitally connected, the more vulnerable we are becoming. Anything that is connected is a target. The number of breaches in 2018 reached staggering proportions. With a multitude of new attack vectors, 2019 promises to be worse. Here are 5 threats you need to know.

Social Engineering Attacks

Cyber-criminals are increasingly using sophisticated tools – including Artificial Intelligence – to troll the web for information that corporations and employees are inadvertently posting on their social media sites. This information will likely become a new threat vector in the new year where this information is exploited in phishing and spear-phishing attacks.

Questions you should be asking are:

  • What is our social media threat profile?
  • Who is monitoring it?
  • What tools are available for such monitoring?
  • What are our social media use policies? How do we implement them?

Supply Chain Attacks

As corporations continue to harden their own perimeters and attack surfaces, criminals are increasingly looking at the vulnerable supply chain where risks are not completely understood. Increasingly, the vendors in that supply chain will be regarded as part of the company’s own vulnerability and risk profile. Criminals will increasingly exploit the supply chain to gain access to critical information about corporations.

Questions you should be asking are:

  • What sensitive information am I sharing with my vendors?
  • How do I assess the risk of each vendor?
  • What tools and services can I use to effectively control the threats posed by such a risk?

IoT and Infrastructure Attacks

The proliferation of cheap and insecure devices that comprise the Internet of Things (IoT), coupled with the legacy systems that control our Infrastructure, are combining to create a perfect storm in the New Year. Ransomware is likely to be higher as criminals hold companies, cities and even countries hostage as they take over and compromise such systems. Attribution will be very difficult thus providing cover to criminals and nation states.

Questions you should be asking are:

  • How are IoT and infrastructure devices impacting my risk?
  • Who is managing and controlling those threats?
  • What are the remediation protocols and policies that will help me control breaches?

Identity and Mobile Authentication

As we understand the limitations of passwords and identity management moves increasingly to the cloud, mobile device authentication is likely to explode. At least initially, expect some of this transition to be exploited, particularly where insecure approaches are used. Facial recognition and biometrics are still undergoing rapid development and have not reached a true trusted-state.

Questions you should be asking are:

  • How will I control access and authentication across a myriad of devices, almost all connected to the internet, and with a varying degree of trust?
  • What kind of biometric and MFA (multi-factor-authentication) solutions are appropriate for my environment?
  • What cloud-based solutions will I use to allow access to sensitive information?

Rise of Zero-Day Threats and Polymorphic Attacks

The most common attacks in the past year were exploits of zero-day threats where unpatched new vulnerabilities were used to compromise critical assets. In the case of "Polymorphic Attacks", the code used for the exploit changes rapidly and automatically to prevent effective management and remediation. In 2019, expect this to continue at a high rate. The high demand for software, complicated by the time pressures to be agile, result in many more undiscovered vulnerabilities.

Questions you should be asking are:

  • What will I do if zero-day vulnerabilities are discovered for a mission-critical system? Will I take it offline? Or allow it to function, knowing that it may be compromised?
  • Which security vendors and products will I trust for effective triage in case of polymorphic attacks?
  • What is the status of my systems for known vulnerabilities? Who manages this?
  • Do you have cyber-insurance?


There is no 100 per cent protection against cyber-attacks. However, you can reduce risks tremendously by constantly informing about new threats and questioning your security strategy.

  • Managed Security, IT Market
  • Cyber-Threats, Cyber-Attacks

Reageer op dit artikel

Laat een reactie achter om ons te laten weten wat je van dit onderwerp vindt!

Laat een bericht achter


Blog Editorial Team

Trend Scouts

IT Trends and industry-relevant novelties

Related Articles

Meerlagen EDR (XDR)
  • 30 juli 2020
  • William Jansen
  • Managed Security, Cybersecurity
  • Security, Endpoint Management

What's next: Meerlagen-Endpoint Detection and Response (XDR)

In zijn vorige blog “Next-Gen”- EDR gaf William Jansen de verschillen aan met Endpoint security, SIEM en de uitdagingen met standalone EDR-oplossingen. Nu gaat William in op de trend richting Managed Detection and Response, Cross Layer…

Endpoint Detection and Response (EDR)
  • 12 juni 2020
  • William Jansen
  • Cybersecurity, Managed Security
  • Security, Cyber-Threats, Endpoint Management

Kennis is macht, inzicht met Endpoint Detection and Response geeft kracht.

Vaak is een endpoint device de belangrijkste ingang die gebruikt wordt door cyberaanvallers. Endpoint Detection and Response is een toolset voor opsporen, voorkomen en detecteren van bedreigingen. Lees meer hierover in de blog van William Jansen.

  • 20 mei 2020
  • Jurgen Hannink
  • Managed Security
  • Office 365, Security, Hacking, Cyber-Crime, Ransomeware, Authenticatie

Veilig werken in de cloud

Steeds meer bedrijven stappen over naar de cloud. Toch zien we vaak een discussie ontstaan rondom security, back-up en data-verwerking in Office 365.