The Internet of Things opens new IT security holes for cyber criminals. Tim Berghoff, security evangelist at G DATA, deals in his blog post with IT security in medium-sized businesses for the year 2019. His core statements:
- criminals will spy on their victims more closely.
- The EU GMO will be effective.
- Loss amounts in online banking will increase.
Cyber attacks on industry:
The manufacturing industry is becoming an increasingly attractive target for attacks. Anyone who wants to render a company in this sector incapable of acting quickly attacks the supply routes. If, for example, a supplier is attacked by malicious software, the company runs into delivery difficulties and may risk contractual penalties. The manipulation of production goods can also be lucrative here – in the past, for example, there have repeatedly been cases in which brand-new smartphones with malware were delivered to the end consumer.
New attacks require better technologies
Especially in the business environment there is a lot of money to be made for criminals. Therefore, more and more work is put into the development of powerful malware. The criminals also try to bypass behavior-based defense mechanisms of antivirus programs, for example by not trying to settle permanently on a system immediately after it is launched.
Criminals spy on their victims exactly
There will also continue to be a lot of movement in the area of criminal business models, especially when it comes to attacks against corporate networks, for example with Ransomware. If attackers have so far often relied on mass, class is becoming increasingly important. Although we expect the number of individual cases to fall, the amount of damage per case will increase drastically in some cases. The highest ransom demanded in 2018 was already half a million euros.
The GDPR will have an effect
Reports on actual sentences imposed on the basis of the basic data protection regulation will increase in the coming months once the first trials have been completed and the first judgments handed down. For example, a Portuguese hospital has already been fined 400,000 euros because too many employees had access to certain patient data in the case in question. The hospital in question officially has 296 doctors, but there were more than 900 user accounts with corresponding authorisations.