Cybersecurity isn’t just a buzzword. It’s all that stands between us and identity thieves, deployers of commerce-halting ransomware, and hostile foreign adversaries. And, as we rely more and more on computers to run everything from our daily planner to national energy grids, cybersecurity must get better — it has to. Several connected trends will play a role in improving the quality of cybersecurity.
These industry insiders tapped into their experience to provide us insight into the foremost trends shaping the cybersecurity sector. Here’s what they have to say:
1. Noam Erez, CEO of XM Cyber
“One of the most important trends is also one of the simplest; hackers abusing a lack of IT hygiene. According to Gartner, “By 2025, more than 85% of successful attacks against modern enterprise user endpoints will exploit configuration and user errors rather than make use of advanced malware.” Hackers are moving away from developing sophisticated new zero day exploits to focus instead on taking advantage of poor IT hygiene to move laterally in the organization without being noticed. Hackers can leverage misconfigurations, user errors, and lack of strong credentials spread across machines. This aspect of IT security should not be overlooked as it is has a huge impact on an organization’s security posture.”
2. Matan Or-El, co-founder and CEO of Panorays
“Cybersecurity trends will include the following:
A. IoT devices. Hackers can already target these smart devices to steal information, photos, data and other personal info. There will undoubtedly be more solutions aimed at preventing such attacks.
B. The cloud. As data moves to the cloud, security products will need to adapt.
C. The human factor. This will remain the most attractive attack vector, so solutions mitigating risk from customers and employees, including phishing awareness and multi-factor authentication, will continue to gain traction.
D. Compliance. Following the rise of GDPR and CCPA, compliance to data privacy regulations will become an even bigger issue, and we will see more solutions addressing this.
E. Artificial intelligence. As AI continues to evolve, there will be more opportunities to understand possible attacks and vulnerabilities.
F. Third-party security. With third-party breaches continuing to increase, there will be even more of a demand to increase security across the supply chain; leading to more reliable, rapid and comprehensive vendor vetting and monitoring.”
3. Jon Rolfe, Group Cybersecurity and Risk Manager at Ventia
“With the 2018 GDPR EU regulation, Notable Data Breach Schemes now in force in many countries and numerous privacy breaches from major services including Marriott Hotels, Facebook, eBay and Yahoo, privacy is becoming a major considering for corporates and individuals alike. We are approaching a turning point where corporates now have to seriously consider the value and sensitivity of the data they use to support their businesses, and consumers may start questioning the information they are freely giving away, as well as frustration with password overload and continued account and privacy breaches.”
4. Marzena Fuller, the CSO of SignalFx
“Machine learning will continue to shape the security tools landscape. If tools and ML models are developed correctly, they allow security teams to identify and triage security alerts effectively. Companies also must be prepared to continuously conduct global searches for security talent to address the technical skills gap.”
5. Andrew Peterson, CEO of Signal Sciences
“The rise of DevOps and cloud is one of the most significant trends shaping cyber security and has completely changed the industry’s perspective and approach to security. By adopting DevOps, teams are changing code and launching new versions of software faster than ever. Security needs to be real-time and accurate. You have to know what attackers are doing to your live, production systems.
Additionally, the shift to the cloud is an ongoing journey for most enterprises. Today, many enterprises typically have some applications in the cloud, others in data centers, and still others somewhere in between. It becomes increasingly important to have security solutions that are infrastructure-agnostic and deployable in any application stack while integrating with current workflows and operations processes.”
6. Brian NeSmith, co-founder and CEO of Arctic Wolf
“The cybersecurity talent shortage continues to hinder businesses working to improve their security posture, and businesses are embracing services to overcome the cybersecurity talent shortage. There are lots of new cybersecurity tools on the market, but tools require people to deploy, operate and tune the tool. Services provide a way to overcome the cybersecurity talent shortage.”
7. Frances Dinha, CEO of OpenVPN
“1. Cloud Access Service Broker (CASB)
2. Container/workload security and API security
3. Identity as a Service (IaaS)
4. Zero Trust Networking”
8. Yoni Kahana, VP of Customers at NanoLock Security
“Barely a week goes by without a news report of yet another security breach at a major company or government agency: the increase in security concerns stem from a growing number of threats on outdated systems that haven’t evolved to meet the sheer volume of connected devices. Legislators across the globe have begun to understand the severe risks that cybersecurity attacks pose on crucial infrastructure and are beginning to respond with legislation and guidance that attempts to address and generate awareness of these risks. A new standard for security must be set to tackle these consistent cyber threats head-on.”
9. Sarbari Gupta, PhD, CISSP, CISA, President & CEO of Electrosoft Services
“In 2019, government and industry organizations are looking to manage the cyber risks introduced through their supply chains. They also are looking to leverage advanced technologies such as artificial intelligence, machine learning and block chain to improve the efficiency and efficacy of cyber risk management efforts.”
10. Jason Mical, Cybersecurity Evangelist at Devo Technology
“Many trends are shaping cybersecurity in 2019, from more sophisticated attackers to the growing complexity of multi-cloud environments. However, two trends are driving the current narrative:
1. IT complexity is increasing due to DevOps driving the rapid development and deployment of new applications across distributed systems. This complexity and the broader defense service makes ML and automation a must in most enterprises.
2. Fortune 1000 and 2000 companies are unable to handle the data volume, number of new data sources, or the speed of incoming data streams, forcing these organizations to miss out on the insights that may prevent the next breach.”
11. Shlomi Gian, Chief Executive Officer, CybeReady
“There are a few trends shaping current cyber security efforts. One is the lack of skilled employees, a shortage that is bound to last for the next couple of years. Another is the rise of supply chain attacks, where organizations find themselves reliant on third parties’ security. In an economy built on connectivity and reliability on other vendors, this new attack surface, coupled with the lack of security personnel, influences both the security products landscape and the roles and responsibilities of security teams. The greatest challenge for vendors is to be able to provide solutions that pack expertise inside their products, allowing security teams to operate in a lean framework, doing more with less. Lastly, as reported by multiple sources, hackers will keep using the weakest link (humans) as the most common communication vehicle to penetrate enterprises. With a 60 percent increase last year, phishing email attacks are at an all-time peak.”
12. Simon Harman, Co-founder of Loki
“The increased sophistication of decentralized networks and applied cryptography is set to have a profound effect on cybersecurity in 2019. These technologies can drastically reduce the number of avenues of attack for would be hackers and mitigate the risk of a security breach by removing the possibility of a network having a single point of failure. The continued popularity of blockchain technology is also likely to continue changing the face of cybersecurity in the future. Blockchain technology itself cannot be readily used to make online interactions more secure. However, the blockchain can serve to support self-regulating distributed networks, like Loki, spreading the control and responsibility of routing and storing data.”
13. Dan Hubbard, Chief Product Officer at Lacework
“The primary trend is a shift away from resource-specific solutions. Right now there are a huge number of vendors who are focused on limited parts of the development and/or runtime environments; things like endpoints, networks, applications, etc. The major trend will be towards anomaly and threat detection that sees security as intrinsic to everything happening across all the data and digital activities a company is responsible for.”
14. Stephen Gailey, Head of Solutions Architecture at Exabeam
“This year seems as if it will be the year of analytics, machine learning and AI. These tools are already available, though their take up has often been delayed by a failure to match these new capabilities with appropriate new workflows and SOC practices. This year we have seen that it is the year to invest in machine learning security start-ups demonstrating real capabilities.”
15. Bryan Becker, Product Manager at WhiteHat Security
“The recent breaches in 2019 have shown the industry just how dangerous single sign-on (SSO) can actually be. SSO can become a trade-off of security for convenience that I expect more and more organizations to begin to question the value of. I also think nation-state sponsored cyberattacks have continued to arise this year and will continue indefinitely into the future.It’s basically free hunting season, with no repercussions at the moment, so from an adversary’s point of view: ‘why not?”
16. Todd Kelly, Chief Security Officer at Cradlepoint
“Even while the network security industry introduces more effective detection and defense solutions, traditional fixed perimeter-based approaches to network security will quickly become obsolete in 2019. More people and things are living outside these walls, and the walls built around data centers and branch offices are often penetrated from within by employees using unsecure personal devices and shadow IT deployments. The new WAN landscape next year will demand an elastic edge toencompass endpoints of people, mobile and connected devices, and even vehicles that are in the field, deployed within third-party environments, and on the move.”
17. Mike Fong, founder and CEO of Privoro
“The smartphones of individuals within governments & enterprises who deal with high-value information are a huge target for threat actors at the nation-state level. Sophisticated attackers possess capabilities for remotely hijacking a smartphone’s cameras & microphones to listen in on private conversations or look in on private environments. Smartphones can’t be trusted with sensitive information spoken or displayed in their presence and existing options for mitigating this threat are ineffective (microphone plugs) or draconian (smartphone bans). Information is an invaluable asset to any organization and protecting it is quickly becoming a paramount concern for security professionals the world over.”
18. Steve Tcherchian, CISSP, Chief Product Officer, XYPRO Technology Corporation
“Compliance and Regulations, Data Protection, and Intelligent data. Businesses are becoming digital data-driven. The more information we can gain from our data, the more we will be able to make intelligent decisions and monetize it. For this to succeed, we need to generate more data, rely on input sources never seen before, all feeding data at rates never measured before. This volume enables more intelligent information to be gleaned.”
19. Ryan Webber, Vice President of Enterprise Mobility at SOTI
“The era of desktop computing is dead. For enterprises today, smartphones and tablets are a mainstay – more mobile devices are being used for more business functions than ever before. But their ubiquity, portability, and precarious security make them easy targets for cybercriminals. Furthermore, companies across diverse industries – from transportation and logistics to retail and healthcare – are investing in mobile technology to streamline operations, increase employee and customer satisfaction, reduce costs and more. The only downside of mobility for the enterprise is the increased cybersecurity risk that comes along with it. As mobile security is not always top-of-mind for organizations, the proliferation of more connected ‘Things’ in IoT will only increase their vulnerability to cyber attacks.”
20. Joshua Davis, Director of Channels at Circadence
“From a workforce point of view, organizations will become more aware of the lack of cyber workforce readily available and that there is a strong need to increase the number of people entering the cyber workforce. Hopefully, this new bill passed by the Senate will help remedy this issue. Additionally, individuals who weren’t in security or conventional IT, will start moving more in the direction of the cybersecurity workforce.
From a threat point of view – Ransomeware, Ransomware, Ransomware! Attackers continue to have success with Ransomeware cyberattacks and people continue to pay the money, so I’d predict that in 2019 we’re going to see an increasing amount of these cyber attacks.”
21. Mike Stamas, co-founder of GreyCastle Security
“The rise of regulations, like GDPR, HIPAA, and CCPA, is forcing organizations to focus on the fundamentals of cybersecurity, like identify their data and risk owners. In the case of GDPR, it has brought marketing into the conversation and has placed significant regulatory responsibility on the organization’s marketing team, because the way companies used to market to individuals in the EU is no longer legal. GDPR is forcing companies to change the way they do business, from a marketing perspective, by forcing them to put up disclaimers on their websites, have actionable opt-out clauses, and make sure those they are marketing to have the right to be forgotten.”
22. Idan Udi Edry, CEO of Trustifi
“A trend in 2019 that has and will continue to shape the space is email encryption. As we continue to see email breaches break the news, it’s important companies and individuals are aware of the vulnerabilities that are present. The latest email breach, the Microsoft Breach, which impacted over 80 million users, shows us just how vulnerable these systems are. The problem is, the trend has previously been under-protection. The remainder of 2019 needs to focus on setting up those encryption softwares and systems to decrease the trend of email breaches.”
23. Mike Ahmadi, VP or Transportation Security at DigiCert
“I believe 2019 will be a year where we see legislators take a more active role in holding organizations accountable for a lack of due diligence.”
24. Dirk Morris, Founder & Chief Product Officer, Untangle
“2019 will bring more malware attacks, especially to small and medium businesses (SMBs). Ransomware and phishing attacks are specifically targeting SMBs as they lack the IT staff and security solutions to effectively ward off these hacking attempts. In fact, Untangle’s 2018 SMB IT Security Report revealed that less than 30 percent of SMBs surveyed have a dedicated IT security professional on staff. Budget constraints are the biggest challenge for SMBs, with most having a budget of less than $5,000 a year for IT security. While cloud security services are growing in enterprise businesses, SMBs often struggle with adapting to this new technology service, due to lack of knowledge, trust and cost. SMBs should do their research and look for solutions that fit their business needs and budgets to ensure network security and compliance.”
25. Jeff Capone, CEO and Co-Founder of SecureCircle
“2019 will see the rise of data-centric approaches to cybersecurity. Organizations need to move away from end point, file, disk, network, and application centric solutions. Data moves in and out of devices, networks, and clouds. Data security should follow the data.”
26. Victor Congionti, Co-Founder and CEO of Proven Data
“We see more organizations taking an initiative to reduce their risk of business email compromise with efficient training and education. Phishing continues to grow and become a serious cyber threat, and as such we have seen much more proactivity when it comes to email security and our approach to keep these platform secured. Major breaches in Microsoft’s O365 have been a result of poor access management and security settings, and businesses can learn from the mistakes of others by implementing better cybersecurity now.”
27. Marty Wachocki, Lead Developer and Partner at Propel Technology
“Businesses are finally starting to take cybersecurity seriously and investing in it. That includes hiring MSSPs and Cybersecurity vendors to run audits on their network, purchasing UTM firewalls, requiring MFA for confidential data, and setting up disaster recovery solutions.”
28. Attila Tomaschek, Cybersecurity Researcher at ProPrivacy
“One of the most important cybersecurity trends of 2019 is that companies are working towards increased data security for consumers. Data protection regulations, such as the EU’s recently instituted GDPR, are being rolled out around the world and forcing a much greater degree of accountability on companies with regards to the scope of data they collect, for how long they retain the data, and with whom they share the data under what circumstances. Companies are shifting their focus towards protecting the data privacy of their customers and securing their systems to ensure that consumer data is properly protected from various cyber threats.”
29. Troy Kent, Threat Researcher at Awake Security
“We are increasingly seeing attackers attempting to blend in and thus stay off the radar of stretched thin security teams. This is through so called “living off the land attacks” that use existing IT supported tools like Microsoft Office, PowerShell or Python for malicious purposes as well as by masquerading sophisticated attacks as run off the mill commodity malware. For instance, in the grand scheme of security priorities, analysts often ignore cryptomining as a nuisance at best, but in reality, it is trivial for an attacker to use that activity to mask data theft from an organization.”
30. Austin Norby, Director of Cyber Initiatives, Blue Star Software
“One of the trends I’m the most familiar with is cybersecurity training. I believe cybersecurity training is going to increase in the next 5 years with a slow but increasing trend this year. With Offensive Security acquiring investor funding, Cybrary hosting training online, HackTheBox
with hands-on practice, and I’m sure SANS is growing bigger every year (no data, just speculation), the cyber training space is really starting to grow. Additionally, the Federal Cybersecurity Reskilling Academy has started and will hopefully take off as we are definitely in need of a larger qualified cybersecurity workforce. I think this trend will really take off and overcome some of the universities’ degrees in cybersecurity OR they will reform their degrees to be more like the current cybersecurity training – specifically, hands-on, in-depth, with additional emphasis on independent cybersecurity research.”
31. Morey Haber, CTO, CISO at BeyondTrust
“Privileged attack vectors will continue to be the number one root cause of breaches for both consumer and business data. While Gartner has acknowledged that Privileged Access Management is the top security priority for 2019, many organizations are still in denial of their privileged account risks, which frequently stem from poor password management hygiene. 2019 has already see even more high-profile breaches. Organizations must discover and manage their privileged accounts because the attack vector is not going away anytime soon, and ugly newspaper headlines will continue to plague boardrooms.”
32. JB Aviat, Co-Founder, CTO of Sqreen
“We are seeing a shift towards actionable insights and a strong desire to reduce the noise that is present in cybersecurity. There is so much data available to security teams, and they’re motivated more and more to find solutions that will help them prioritize and decide the best courses of action based on this data. On the developer side, security has been a gap in what developers monitor today. They have monitoring tools for performance, errors, etc., but not for security. A trend we see is a growing desire to have this same monitoring functionality for security.”
33. Sam Stelfox, Security Engineer at Minim
“Smart home adoption is shaping cybersecurity by increasing the attack surface in homes (now an average of 10 connected devices and growing).
Thousands of cheap connected devices are hitting the market with no built-in security or ability to upgrade them. Higher-end devices from makers such as Nest, Amazon, and Apple have gotten the message and have top-notch security on their devices; however, the weak spots for their hosted services are their online accounts, as we’ve seen in recent headlines.”
34. Satish Abburi, founder of Elysium Analytics
“Real-time handling of potential risks through machine learning models will explode: this will shrink the famous Ponemon statistic of 206 days to discover a threat by a big number.
I think the number of malware threats released will increase by 30 percent. But more worrisome, the sophistication of the threats will increase by an equal amount.”
35. Marcus Chung, CEO of BoldCloud
“In 2019 business must work to strengthen their cyber security posture with proactive cyber hygiene measures. With the flood of ransomware, targeted threats, malware and phishing attacks especially, the potential revenue hits that today’s businesses face are staggering. Loss of productivity, compromised or stolen data, and unreasonable ransom payments are just a few of the impacts companies risk without a proactive strategy for good cyber hygiene. If companies take a weak or defensive-only security approach, many SMBs & SMEs may not be able to absorb the cost of a successful attack and be forced to shutter their operations.”
This story was initially published on DisruptorDaily.com.