Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Experts Q&A: A 2019 Review of Cybersecurity and What to Expect

It’s been another lap around the sun for the cybersecurity industry, filled with great technological developments and monstrous security incidents that once again saw the theft and exposure of millions of records.

If you recall, to wrap up 2018 we caught up with SpiderLabs experts to get their take on the cybersecurity events of the year, but most importantly, we wanted to test their forethought and have them share what they believed the cybersecurity industry could be in for in 2019. Midway through the year we checked back in to see how the predictions held up, and it was pretty impressive to note that many became a reality.

As 2019 is behind and the road to 2020 seems like a far stretch ahead, we once again checked back in with some folks from the elite SpiderLabs team at Trustwave to get their thoughts on what’s taken place, but most importantly, what 2020 could have in store for us.

Let’s get started.

Looking back at the developments in cybersecurity in 2019, what stood out to you the most?

Mark Whitehead, Vice President, Americas:  I found it interested how much providers are baking security more into normal everyday products. Some of the world-leading software and service providers have put a huge emphasis on security. While that is the case for well-funded organizations, ones that weren’t so fortunate were IoT device makers. This is a space that organizations will continue to struggle with in years to come. They will also get highlighted more this year as wireless providers turn on more 5G services. The consolidation and simplification of offerings was another item I predicted in 2019. We will continue to see this trend as organizations and security providers race to shorten dwell time.

Ed Williams, Director, EMEA: The amount and scale of data breaches were significant in 2019.  No sector seems to have been unaffected by this either, we’ve seen financial data breaches, organizations in the entertainment field, technology healthcare and even government. What’s worrying is that it isn’t always hackers who are manipulating environments, we often see misconfigurations from organizations that are leaving services and data on the internet, which are unsecured. 

Matt Lorentzen, Principal Security Consultant: I think the biggest development for me was around a renewed focus on the external attack surface. 2019 saw some critical bugs in VPN software and also in Microsoft Remote Desktop protocols. This again highlighted to me that the perimeter does not fall into the “setup and forget” category and we cannot assume that the products and services we expose are always going to have a known state of security. Bugs will continue to exist and be discovered and once publicly available, organizations are in a race against time.

Based on the conversations you’ve had with security leaders surrounding their challenges in 2019, are there any common themes that come to mind?

Mark: I am surprised in 2019 how visibility is still something organizations struggle with. Visibility into where their data goes, legacy systems causing risk, shadow IT, and attacks not normally highlighted in a traditional prevent, detect, respond workflow. IT departments still like to avoid databases and assessing the risk. Which is counterproductive due to the rich data they often contain. Also, organizations still struggling to put all the pieces together to be resilient to cyber attacks is notable. We’ve had numerous Red Teams where organizations had all the technology you could hope for, with our SpiderLabs testers thinking the deck is stacked against them, only to be able to breach them pretty quickly. A few of those examples were right after they had selected reputable MSSP or their in-house teams had acquired cutting edge technology. 

Ed: Gaining and measuring security maturity at an enterprise level is a very common theme.  First of all, how are organizations gaining a degree of maturity across their estate and secondly how do they measure this maturity.  When we discuss this with clients we always go back to the basics, ensure you have robust asset management, regular vulnerability scanning, pen testing of assets both external/cloud and internal/on-prem.  Once this cycle is mature, look to add red teaming to test the people, process as well as the technology to ensure that detection and response are working as intended.

Matt: I would say that most leaders I speak to have made a transition to the cloud and now they want to understand the attack surface. They know that by adopting a cloud-centric strategy they have made the business more agile, flexible and available. These decisions also have the effect of expanding the ingress points sometimes in ways that the business has no control over. 

Last year we accurately predicted an uptick in cryptojacking, complexity surrounding available security solutions and the use of modular malware. Looking ahead at 2020, what do you anticipate from the threat landscape?

Mark: Cloud attacks will continue to plague organizations as they have many cloud providers and various on prem solutions working together. These will not necessarily be technologically advanced. As detection and response of traditional attack vectors get more focus, I predict we will see an uptick in physical attacks. 5G wireless adoption will drive this as well. Sometimes it is just simple and cheaper to fly someone out vs develop and modify a payload.

Ed: From what I’ve seen in 2019, I believe data breaches will once again be prominent.  As I said last year, I’ll repeat again this year, make sure you have the basics covered and for ‘any’ external authentication service, ensure you have MFA (multi-factor authentication).

Matt: I expect to see a continued rise in supply chain attacks. Organizations that are investing in security programs are moving forward but the nature of business is collaborative and therefore you have limited control over how secure entities within your supply chain are. This can serve as a blind spot that can be exploited by attackers who are goal orientated and not bound by scope.

Learn more about how the elite Trustwave SpiderLabs team can help your organization bolster its defenses.

Marcos Colón is the content marketing manager at Trustwave and a former IT security reporter and editor.

Latest Trustwave Blogs

Mining Operations: Critical Cybersecurity Threats & Trends Revealed

Cybersecurity professionals often point out that threat actors do not differentiate when choosing a victim. To an attacker, a hospital is as useful a target as a law firm or even a mining operation....

Read More

Phishing: The Grade A Threat to the Education Sector

Phishing is the most common method for an attacker to gain an initial foothold in an educational organization, according to the just released Trustwave SpiderLabs report 2024 Education Threat...

Read More

Unlocking Cyber Resilience: UK’s NCSC Drafts Code of Practice to Elevate Cybersecurity Governance in UK Businesses

In late January, the UK’s National Cyber Security Centre (NCSC) issued the draft of its Code of Practice on Cybersecurity Governance. The document's goal is to raise the profile of cyber issues with...

Read More