2018 was a bad year for higher education cybersecurity after experts revealed education institutions had the weakest digital protections out of 17 vulnerable industries.
Moreover, while universities are falling behind on their security plans, the cyber underworld is evolving and consolidating, according to the McAfee Labs 2019 Threats Predictions Report.
“We have witnessed greater collaboration among cybercriminals exploiting the underground market, which has allowed them to develop efficiencies in their products. Cybercriminals have been partnering in this way for years; in 2019 this market economy will only expand. The game of cat and mouse the security industry plays with ransomware developers will escalate, and the industry will need to respond more quickly and effectively than ever before,” writes Raj Samani, chief scientist and McAfee fellow for advanced threat research, in an introduction accompanying the report.
So, what does 2019 have in store when it comes to cyberthreats? Here are three security concerns universities should turn their attention to quelling in the coming year.
1. Universities Should Watch Out for AI Threats
Artificial intelligence has much to offer universities in terms of efficiency and automation of tedious tasks, but cybercriminals see opportunity in the technology as well, particularly when it comes to evasion techniques, which enable the criminals to avoid detection and circumvent security.
“We expect evasion techniques to begin leveraging artificial intelligence to automate target selection, or to check infected environments before deploying later stages and avoiding detection,” explain McAfee researchers in the 2019 Threat Predictions Report.
This AI-based malware will stack up on top of the already plentiful list of evasion techniques the cyber underground employs today, including new techniques spotted in 2018, such as botnets and cryptomining.
A possible antidote is AI-based and other next-generation cybersecurity tools, which are making use of emerging technology in order to detect and ward off increasingly sophisticated threats.
2. Cloud Security Is Essential as Campus Migrations Continue
As the adoption of cloud-based email and other applications takes off, cloud security will become an even larger concern in the new year, particularly because, according to McAfee, 21 percent of data stored in the cloud is sensitive. Bad actors search out, in particular, when cloud or credentials have been misconfigured.
“As workload migration accelerates to the public cloud, security risk professionals will need to get more actively involved in their DevOps team’s processes, so they can automate the application of governance and compliance controls,” explains Tim Jefferson, vice president of Public Cloud at Barracuda Networks. “It’s not about dictating what tools the team uses, but verifying that controls are being met and helping the builders build securely.”
Jefferson expects, as a result, to see more teams embracing automation that can help to “continuously monitor cloud security and remediate problems automatically.”
3. Be Sensitive of Voice-Controlled Digital Assistants
Voice-controlled digital assistants are entering campus dorms and classrooms, revolutionizing how teachers and students interact. But, as with any new technology, they also represent a new threat vector.
“This opportunity to control a home’s or office’s devices will not go unnoticed by cybercriminals, who will engage in an altogether different type of writing in relation to the market winner, in the form of malicious code designed to attack not only IoT devices but also the digital assistants that are given so much license to talk to them,” McAfee researchers note in the report.
This ability to monitor and control infected Internet of Things devices, such as digital assistants, smartphones and routers, could literally invite bad actors in.
“Infected IoT devices will supply botnets, which can launch DDoS attacks, as well as steal personal data,” the McAfee researchers note. “The more sophisticated IoT malware will exploit voice-controlled digital assistants to hide its suspicious activities from users and home-network security software. Malicious activities such as opening doors and connecting to control servers could be triggered by user voice commands (“Play music” and “What is today’s weather?”). Soon we may hear infected IoT devices themselves exclaiming: “Assistant! Open the back door!””