If 2018 wasn’t challenging enough —with the first use of a deadly Novichok nerve agent anywhere— at the end of the year we experienced the growth of cyber terror and airport shutdowns due to drone interference. So what does 2019 hold for the security community in the UK? In the following, I will give my take on what the upcoming trends are likely to be.
AI-powered cyber attacks
The threat of a cyber attack is society-wide and the perpetrators continue to evolve and find new ways to threaten networks, businesses and personally identifiable data. The biggest threat we are likely to see from cyber attacks in 2019 comes to us via Artificial Intelligence or AI. This will be three-fold: the first is the threat to AI enabled business practices; the second, the criminal use of AI to break into networks; and the third is the use of AI to protect networks.
The internet of vulnerable things
Tied into AI fueled cyber attacks is the growth of the ‘attack surface’ through the proliferation of ‘internet of things’ devices. These always-connected electronics are highly vulnerable to cyber attack and this problem will exacerbate with the rollout of 5G data networks that are up to 1000 times faster than the current 4G technology.
The traditional ransomware and data-theft attacks will continue, but we will see a rise in manipulation attacks: data manipulation to create undue influence and potentially reputational damage.
State-sponsored cyber attacks create distrust
Threats are coming from all over, from the home-based ‘geek’ to state-sponsored agents as we saw with the cyber attacks, Wannacry and NotPetya. We are also seeing an increase in government wariness of allowing tech giants with potential Chinese government influence, such as Huawei and ZTE, from increasing their access to faster networks such as 5G. The clear takeaway from these attacks is that state actors pose a threat on not just enterprise businesses but also SME.
Election interference and punishment
State-driven election interference using data targeting is being investigated and 2019 will likely be the year that the consequences of those investigations will become public. As a result, there will be a bigger emphasis on the potential of information being used as a weapon designed to cause a reputational effect in the industry. Public relations will probably move a little more towards the centre of risk mitigation activities.
Lack of drone preparedness at airports
When Gatwick Airport, situated just outside of London, closed for 36 hours after reports of drone interference, security concerns over drone use made a big comeback. The UK Civil Aviation Authority Drone Risk Assessment of January 2018 makes no mention of the use of drones to deliberately disrupt a working airfield and this lack of concern resulted in an inadequate amount of equipment to deal with the threat. EasyJet airline, which was working out of Gatwick, said the incident cost them £15 Million but the full cost of the incident hasn’t been calculated yet.
A scare at the London Heathrow Airport in January was managed in less than an hour with only one runway closed, but the incident highlighted the very real threats that drones pose to the safe operation of airports. After several incidents in the Middle East, the Emirates Authority for Standardisation and Metrology (ESMA) estimated the cost of closure at $100,000 per minute. Drone-detection technologies will very quickly fall into the cost-effective category.
Terror potential is at an all-time high
There weren’t as many successful terror attacks in 2018 as there were in 2017. However, the threat hasn’t gone away and in the words of Andrew Parker, the head of the UK Security Service MI5, the threat has reached “unprecedented levels.” This is reflected in the growth of active investigations from 500 in 2018 to 700 towards the end of the year with 3000 active suspects and another 20,000 on a terror watch list.
With ISIS-held territory in Syria and Iraq almost eliminated, it would be easy to assume the terror threat was waning. Not the case says Vasco Amador of the cyber-intelligence company, Global Intelligence Insight, who track extremists online. “In recent months we have seen a relaunch of so-called ISIS cyber capability that used to be called the ‘United Cyber Caliphate’ and has been rebranded as the ‘Caliphate Cyber Shield’ with new leadership and new energy. The groups they operate online have thousands of active followers across the globe,” he said.
The final threat
The final security threat we must watch out for in 2019 falls into the bracket of the unknown. If the last few years have taught us anything, it’s that the next big security threat will be hard to predict. 2019 will certainly be an interesting year.