Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityCybersecurity News

Threats to Look Out for in 2019 – How to Protect Mid-Tier Enterprises from Tomorrow’s Known and Unknown Cyberattacks

By Dmitriy Ayrapetov
Cybersecurity Leadership Images
December 24, 2018

This year was laden with cybersecurity challenges pertaining to “opportunistic attackers” and attempts to compromise individuals’ computers for credentials and financial information harvesting. In 2019, new technologies and channels will come to market, opening up additional threat vectors for hackers to explore and attack. As businesses prepare for 2019, below is a list of cyber risks that could impact mid-tier enterprises and their employees, as well as a list of proactive tips for circumventing these potential threats.

Phishing Will Remain King

Although far from novel, phishing or Business Email Compromise (BEC) will remain the primary method of attack in 2019. Hackers could deploy this method as a targeted attack or as an opportunistic “wide net” type attack. Phishing attempts have become more sophisticated over time and can appear to come from one’s bank, asking them to verify bank information after a recent trip, or an email that appears to be from one’s supervisor asking them to download and sign an important company-wide document.

In general, clicking on links in emails is extremely dangerous, especially links that you weren’t expecting or do not recognize. Moving into 2019, be extremely cautious of clicking on links that are sent via email from both known and/or unknown sources.

Preventative Strategies:

  1. Verify with the sender (when possible) that they are the person that sent you the link if you don’t recognize the domain on the link and are not expecting said an email.
  2. Treat all email links to documents or sensitive login pages as suspect. Links should be automatically tested with sophisticated sandboxes for phishing and/or malware attacks before landing in users’ inboxes. This is best done with sophisticated email security technology (i.e. technology that tests not only signatures and links but attachments too).
  3. When in doubt, go to a company’s website directly rather than clicking on a link in an email.

Document/PDF Attacks Will Re-Emerge

Cybercriminals will leverage users’ trust in PDFs and Microsoft Office applications as a new attack vector. A typical attack involves either attaching documents to an email (that contain malicious content) or getting users to click on a linked document resulting in a download. Either way, the hacker’s goal is to get an individual to download a random “executable,” disguised as a normal document.  The reason this technique remains dominant amongst hackers is because it relies on something technology cannot fix – innate human curiosity. For example, people are likely to click on juicy-sounding attachments such as “Payroll2019.xlsx” or ones that play on people’s fears such as “JohnDoe_IRS_Police_Warrant_Open_Immediately.docx.”

Preventative Strategies:

  1. Pay attention to the newest versions of Adobe Acrobat and Microsoft Office that has patched these issues and continue to update your computer with the newest versions as a safeguard to protect your computer and your data when opening attachments and/or documents.
  2. Conduct an in-depth analysis of all incoming documents. Treat all documents (via emails, browser downloads and email links) as executables and, when possible, run all downloadable documents through a security software that has sandboxing analysis.

Password Reuse Needs to be Reworked

Due to onerous password complexity requirements, people often re-use similar and predictable passwords across professional and personal websites and portals. In many cases, threat actors can hack into badly designed and/or badly protected password databases on a 3rd tier website and capture full user credentials that can later be used to gain access into personal emails as well as corporate systems. 

Preventative Strategies:

  1. Implement cloud-based single sign-on with two-factor authentication for your personal and company websites and databases. Users will be thankful for the convenience and this will eliminate password reuse.
  2. Eliminate password complexity requirements as well as 8-character password limits. In fact, earlier this year, NIST reversed their stance on regular password rotation as a “best practice” and now recommends creating longer passwords without crazy requirements. 
  3. Integrate cloud-based, SaaS-facing identity management platforms into your company’s cyber-infrastructure strategy to better regulate individuals and devices.

Disconnect Connected Devices

More and more devices (i.e. cars, thermostats, light bulbs, Google Home/Alexa, phones, etc.) are being hyper-connected with little to no oversight. With the insurgence of IoT-based attacks threatening consumers’ privacy, information and identities in 2018, companies need to be mindful of being too-interconnected.

Preventative Strategies:

  1. Do not allow employees to connect “personal IoT” devices to your sensitive networks. Segmented-off guest WiFi networks may be ok for such devices. Physical jacks in the finance department might not be ok.  
  2. Educate employees on the risks and threats associated with linking a majority of one’s account information to smart technology products.

To better prepare one’s company and employees for the above cyberattacks, look to implement cybersecurity processes and strategies that are both layered, automatic and dynamic. Consider leveraging a mix of devices and controls, including: next-generation firewalls, email security solutions, real-time cloud sandboxing, secure mobile access controls, etc. Once deployed, these tips, technologies and tools could potentially eliminate 90 percent of your company’s overall threat surface in 2019.

 

KEYWORDS: cybersecurity Internet of Things passwords phishing

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Dmitriy ayrapetov hs
Dmitriy Ayrapetov is the Executive Director of Product Management at SonicWall. Prior to this position, Dmitriy held product management and engineering roles at SonicWall and at enKoo Inc., an SSL VPN startup acquired by SonicWall in 2005. As a cybersecurity expert, he speaks at industry conferences including, RSA, Gartner Security Summit, Dell World and is a regular presence at SonicWall’s annual partner conference Peak Performance. Dmitriy holds an MBA from the Haas School of Business at U.C. Berkeley and a BA in Cognitive Science at UC Berkeley.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
close

1 COMPLIMENTARY ARTICLE(S) LEFT

Unlock the future of cybersecurity news with Security.
As a leader in enterprise security, we have you covered with the information to keep you ahead of the curve.

JOIN TODAY

Already Registered? Sign in now.

Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • cyber5-900px.jpg

    The Biggest Cyber Threats to Watch Out for in 2019

    See More
  • Protecting from cyber attack

    Defense-in-depth protects against known and unknown cyber threats

    See More
  • cyber 3 responsive default

    Taking a Closer Look at Remote Workplace Fraud Vulnerabilities: How to Mitigate Escalating Threats

    See More

Related Products

See More Products
  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

  • 9780367221942.jpg

    From Visual Surveillance to Internet of Things: Technology and Applications

  • school security.jpg

    School Security: How to Build and Strengthen a School Safety Program

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!