What is the year 2019 in IT?
2019 passed under the sign of IS – and this is not a narrow view of industry representatives, the number of information security incidents has grown so much that everyone really started talking about them.
Firstly, leaks rattled. Over the year, experts counted 5183 reports of “sinks” worldwide, totaling 7.8 billion lines. This is the worst year in the history of leaks. The compromise of 1.2 billion “sets” of personal data, including the full profiles of Facebook, Twitter and LinkedIn users, discovered at the end of November, was record-breaking.
The trend has affected Russia. In the summer of 360 thousand records, including the personal data of politicians and large businessmen, were in the public domain due to gaps in state hospitals. At the same time, Russian Railways lost data on 706 thousand employees – and publicly admitted a leak in the media. In October and November, news about the discharges from Sberbank rattled: the bank officially confirmed the compromise of the data of 5 thousand customers, journalists and experts announced 60 million. At the same time they reported a leak of information about 9 million customers of Beeline’s wired Internet and the compromise of the FTS base for 20 million people .
In addition, it became apparent that leaks are the main “feed base” for scammers. Following the loud “plums”, there were more frequent reports of attacks by social engineers, both against individual users and entire organizations. And the attacks have become more technological. For example, in 2019, for the first time, telephone fraud was recorded using a trained neural network to fake a voice. Under the guise of the director general of an international company, the scammers called the head of a foreign branch and convinced them to transfer 243 thousand dollars to them.
Secondly, they talked a lot about vulnerabilities – and the inaction of manufacturers who are in no hurry to fix them.
Intel distinguished themselves, who received a report from researchers about holes in the security of processors back in 2018, and managed to eliminate them only by the end of 2019. Vulnerabilities allowed attackers to extract sensitive data from PCs, laptops, and cloud servers, including passwords and encryption keys. The company first announced victory over the problem in May, but information security experts quickly indicated that the patch covers only part of the gaps. So by November I had to release a second batch of edits and put up with reputational losses.
But the biggest story is with BlueKeep zero-day vulnerabilities (CVE-2019-0708), which affected older versions of Windows, and BlueKeep-2 for new OSes. Microsoft had to release patches even for long-unsupported versions. This is an important precedent – the manufacturer rarely cares about the safety of old products.
Other significant updates include the synchronous initiative of Google Chrome and Mozilla Firefox. Popular browsers in the new versions received a function that allows you to check whether user data has been compromised. Programs compare them with the databases of leaked logins and passwords published on the network, and in case of a match, they automatically inform about the danger.
As for releases, the 2019th was not struck by breakthroughs. The market moved along well-worn paths: it increased the data transfer speeds (5G and 6th generation Wi-Fi according to the 802.11ax standard), the speed and volume of their processing (BigData, machine learning, deep analytics).
At the same time, the promising premieres of past years have not been "fired": uncertainty in regulation interferes, legislators do not have time to introduce new concepts into the legal field. For example, it is not clear who is to blame if people suffer from unmanned vehicles. Nowhere in the world there are technical standards and legislative framework for the implementation of the blockchain – as a result, the technology is “stalled”, the business cannot massively use its advantages. Investments in such projects are falling.
But there is a downside. Due to the fact that the “fashion” for certain IT solutions was formed 2-3 years ago, now customers and vendors know what they need from each other. For example, we released File Auditor, the first domestic DCAP solution for data protection, and transferred DLP service to cloud servers in response to customer needs.
It is undeniable that the “figure” began to confidently penetrate previously uncharacteristic areas. And the pace of space – especially in terms of the introduction of IoT and Internet services. In this situation, data volumes grow exponentially, and with them the number of vulnerabilities and threats. By the way, this was discussed at the Gartner IT Symposium / Xpo 2019 in Barcelona. Thus, the main trend of the coming decade will be the increase in the number of possible attack vectors on AI, clouds, microservices and “smart” spaces. In this regard, information security will inevitably strengthen its position – at least. And as a maximum, it will become one of the 10 strategic areas in IT for the coming years.
The good news is that both digital and information security literacy will grow at the same time. This need was formed under the pressure of numerous threats, but the trend is certainly positive. It is up to the professional community: IT companies should invest in educational projects, and information security specialists in other businesses should spare no time in training colleagues.