XQ Cybersecurity Predictions for 2019

It’s that time of the year where we take a look at what some of the cybersecurity trends might be in 2019.

2018 was the year of the mega breach, and you can read our two-part overview of the last 12 months here and here.

We asked the experts at XQ what they think will be some of the new and continuing trends we’re likely to see in the year ahead.

The full force of GDPR

Introduced in May, the European Union’s (EU) GDPR regulation has yet to be utilised to its full extent. In 2019, this is likely to change.

With organisations of all sizes continuing to suffer data breaches, it is inevitable that one will eventually face the full extent of GDPR. If a breached organisation is found not to be GDPR compliant, a data breach could cost them either $25 million or 4% of their annual revenue.

Discover how CyberScore™ can help you evidence your efforts to be GDPR compliant here.

Brexit could be exploited

With the UK set to leave the EU in March and depending on how it leaves, there could be a lot of uncertainty amongst businesses and governmental organisations. Where there is confusion, the cybercriminals will seek to take advantage.

This is most likely to occur through an increase in the number of phishing and spear phishing campaigns seeking to exploit businesses caught up in any potential confusion.

Continuation of supply chain attacks on smaller companies –

As larger organisations (hopefully) continue to improve their cybersecurity cybercriminals and hackers will likely turn their attention to the perceived weak links in supply chains to strike at them.

With supply chains often including dozens (if not hundreds) of SME members the number of attacks against them is likely to increase. SMEs tend to have smaller budgets devoted to cybersecurity, have less employees skilled in cyber defence and often have poor cyber awareness throughout the business.

Cybercriminals are opportunists just like any other and will exploit any weaknesses they can find. If effective defences are in place and the cybersecurity basics followed, a SME can reduce the risk of attack as the criminals will likely move onto to an easier target.

The big risk to the organisation at the top of the supply chain, however, is in ensuring that each link in the chain is as secure as they can be. This is a big challenge, but with new automated services such as CyberScore™, it is a challenge that can be met.


Increased attacks on and via IoT devices due to increased popularity and usage –

An obvious one. With the increased usage of smartphones and the rising usage of internet-connected devices its only natural that cybercriminals turn their attention to exploiting them. With many online transactions taking place using smart devices cybercriminals will increase their efforts to exploit any vulnerabilities they may find.

With more and more IoT devices coming online we can also expect to use larger and larger botnets and an increase in the size and scale of DDoS attacks. In the race to reach the marketplace first, many IoT devices lack in terms of security features making them vulnerable to malicious actors.

An increase in the number of smart vehicles

From fridges to trainers the number of IoT devices continues to boom, so it’s only natural that car manufacturers have increased the number of vehicles that are connected to the internet along with all the risks that entails. With self-driving cars filled with the latest gizmos, this trend of internet-connected vehicles is only going to grow.

Continuing rise of Business email compromise (BEC) & spear phishing attacks–

The number of BEC attacks against businesses of all sizes will continue to increase in 2019. Social engineering techniques combined with spear phishing email campaigns continue to dupe scores of victims regularly. As the saying goes ‘if isn’t broken, there’s no need to fix it’. The best way to tackle the threat is to educate employees of all levels in cyber security best practice and to encourage a cyber aware culture.

A report by Agari’s cyber intelligence division shows just how large and organised criminal gangs are when it comes to launching such campaigns. During their investigation into the gang, they identified a list of more than 50,000 corporate officials that had been created over a five-month period in 2018 and used to prepare for future BEC phishing campaigns.

image 2

An increase in the number of cyber attacks carried out or coordinated by A.I. -

So, we’re unlikely to reach world ending Sky Net levels of danger from A.I in 2019, but we could see an increase in the number of cyber attacks carried out using it.

With A.I set to be the next big thing we could see them being launched in a similar way to the IoT devices. Companies will be racing one another to be first to reach the marketplace and as a consequence cybersecurity is likely to take something of a backseat. As a result, the first A.I products might not be as secure as they should be.

A report released in February 2018 titled The Malicious use of Artificial Intelligence warns that A.I is likely to be just as revolutionary for the cybercriminals as it will be for cybersecurity professionals. The malicious use of A.I could threaten the cybersecurity of organisations through criminals training machines to hack or socially engineer victims at human or superhuman levels of performance.

Increasing requirement from government for Cyber Essentials Plus

Following the Scottish governments push to get every one of its suppliers to adopt Cyber Essentials and Cyber Essentials Plus we could see the wider UK government follow suit. With a recent report showing that business leaders want the government to do more about cyber security, this is looking increasingly likely.

The message still won’t get through –

There have been countless articles, infographics and videos made about cybersecurity and in particular the importance of implementing the cyber basics. These same messages have been repeated countless times over the years, and still, we see organisations falling victim to cybercrime because they didn’t implement those basics. You can be assured that 2019 will be no different and we’re sure to see more hacks and data breaches as a result of easy to fix vulnerabilities.

For further reading visit –

 The Biggest Data Breaches of 2018 Part 1

The Biggest Data Breaches of 2018 Part 2

Cybersecurity is everyone’s responsibility, not just the tech experts

Follow us on FacebookTwitter and LinkedIn