The Year Ahead: Cybersecurity Predictions for 2019
A new year is upon us, and 2019 looks to be just as exciting as 2018, with ample opportunities for organizations to improve their security stance. Cybersecurity teams and experts will continue to fight some familiar foes that have caused trouble over the past few years, as well as new threats that may also come to the fore. Read on to find out what challenges are in store for 2019, in addition to a few bright spots on the horizon.
Familiar Foe for 2019: Malware Continued
Malware will continue to threaten every sector, with malicious entities becoming increasingly sneakier and more sophisticated. Old threats like phishing will remain a major source of infections. Malicious actors are making large strides in masking what they are doing by mimicking logs, websites, and messaging. Gmail, Facebook, and Docusign are just a few of the applications that have been mimicked in recent history. These phishing scams can greatly affect organizations, as individuals often use the applications for day to day business or check personal accounts on their business workstations.
Similar to 2018’s rise in cryptojacking, skimming is expected to leap in popularity. Skimming malware steals the credit card data of customers paying for something on a website. For example, over 7,000 online stores using the e-commerce platform, Magneto, were hit by skimming malware last year.
Training employees on what to look for, as well as ensuring that proper antivirus software is being utilized, will be critical in order to stay safe in 2019.
Familiar Foe for 2019: Insider Threats
Insider threats, both malicious and accidental, will still plague enterprise organizations this year. According to a survey completed by Cybersecurity Insiders, over 50 percent experienced an insider attack in the last twelve months.
However, there is some good news. The same survey indicated that the majority of organizations are beginning or already have programs in place to help reduce insider threats. Additionally, this issue is being viewed as a high priority problem to solve at a governmental level. The National Insider Threat Task Force (NITTF) in the United States recently released the Insider Threat Program Maturity Framework, which aims to take federal agencies past the minimum standards for protecting themselves against insider attacks.
Familiar Foe for 2019: Shared Responsibility of Cloud Security
Cloud adoption is only growing, with Gartner analysts predicting that cloud computing will be a $300 billion business by 2021. Unfortunately, there is still a lot of misunderstanding surrounding the shared responsibility model.
Contrary to popular belief, security and compliance are a shared responsibility between the cloud provider and the end user. Responsibility levels vary depending on providers and types of clouds, but there is no model in which a sole entity has responsibility for the entire cloud. Most of the issues seen in cloud security so far have been from the end user side, and Gartner predicts that as cloud adoption grows, at least 95 percent of cloud security failures will be the fault of end users.
What’s New in 2019: Data Privacy Enactments
The enactment of the GDPR in the European Union was just the beginning for data privacy policies. Many U.S. states have already followed suit, like California and the California Consumer Privacy Act (CCPA), which goes into effect in 2020. Though not as far reaching, states like Colorado and Vermont have also enacted legislation that tightens regulations around data use and disclosures. States that are not enacting such policies will still have to make changes, simply due to the interstate nature of businesses.
What’s New in 2019: Faster Rate of Response and Prevention
Attackers aren’t the only ones becoming more sophisticated. Security experts are constantly improving software and coming up with new ideas to prevent attack. Security software is increasingly integrating artificial intelligence and machine learning to better understand the differences between normal and abnormal behaviors. Antivirus solutions are increasingly able to catch unknown viruses before they cause damage by recognizing the behaviors of one. Employing SIEM solutions to quickly detect and correlate issues from across the network gains valuable time for security analysts to get in front of the problem.
Preventative measures are also improving. With passwords becoming increasingly less secure, Privileged Access Management solutions are limiting access by distributing privilege based on job roles. Moving away from the idea of a superuser ensures that a single user does not have complete control over an environment.
What’s New in 2019: Improved Cybersecurity Knowledge and Training
As the threats to businesses, governments, and individuals evolve, the struggle to recruit qualified cybersecurity personnel also continues. Simply put, the explosive growth of the cybercrime industry has the white hats playing catchup in some areas. There is a serious gap in the amount of people needed to fill open security positions and the amount of talent available to fill them. According to the Cybersecurity Workforce Study by (ISC)², the gap of cybersecurity professionals has reached almost three million globally.
However, there are some new ideas being utilized to bridge the gaps. As mentioned above, technology is rapidly improving, allowing existing IT teams to become more efficient and effective. Additionally, vendor consolidation has led to stronger portfolios of products with streamlined integrations and dashboards.
Finally, educational institutions are beginning to recognize the need for more training, and are adding cybersecurity degrees or courses to their programs, as well as developing advanced degrees for even more specialized cybersecurity fields. These initiatives may not immediately close the gap in 2019, but will ensure that the future of cybersecurity looks all the brighter.
Learn the gaps in your security environment and how to close them with our free security scan and expert advice.