With more than 20 years of experience in the defense, financial, technology and professional services industries and a keen understanding of the threats at work, Vericlave’s Chief Revenue Officer Chris Gray offers 10 cybersecurity predictions for 2019.
Technological Factors – While technology is designed to make things easier, faster and more productive, it’s developing at an alarming pace and not with security in mind. In some cases, technology is a threat, and in others it’s necessary to manage the threat.
- Heavier Integration of Blockchain: Blockchain has gone from small talk to organizations purposefully securing multiple verticals to ensure peer-to-peer payments are readily available and risk averse. This record-keeping technology will continue to become more heavily integrated into day-to-day business activities, initially focused in the financial area.
- Data Decisions Driven by AI and Machine Learning: Data is the new oil, and in order to handle mass quantities of data effectively, we need smarter, more efficient mechanisms through which to understand them. The use of these technologies, combined with as-needed data lakes and rapid analysis, are here to stay. It is rapidly moving from visionary status to ubiquitous, often behind the scenes, leading to an increase in data-driven decisions. The pervasive nature of these new technologies will require even stronger security practices to ensure their correct operation.
- New Guidance and Regulations Around IoT Security: IoT/IIoT/IAS/ICS systems are still on the rise, but the means used to secure them, while growing more sophisticated, still lag desperately compared to where we need them. Expect new guidance, regulations and standards as well as a myriad of vendor “solutions” to take advantage of these issues.
- 6x Cloud Performance and Integration: Cloud services, much like the AI and machine-learning area, have become the way we do things. Cloud-enabled services will continue to multiply without any apparent effect upon or awareness from end users, presenting new threats. This will continue to drive into the market, supporting the current 6x cloud and traditional infrastructure spend cycle. However, the implication of cloud integration further broadens the attack surface and raises more questions regarding root of trust than traditional on-premise computing. It also requires greater security to protect against internet-facing vulnerabilities, and potential insider attack from other cloud “tenants” and cloud provider staff.
- Full Lifecycle Incident Response (IR) Plans: Tied into the AI and machine-learning area, IR tools are becoming increasingly capable of pulling from diverse data sources to detect, triage, respond and mitigate incident events. This process is beginning to benefit from machine capabilities to move beyond human speed limitations, similar to the automation workflows used in operations. To that end, IR plans are becoming a necessity for organizations wanting to stay ahead of cybercrime and manage any recourse. Without a well-thought-out IR strategy and competent technologies to back it up, small and large entities alike will feel an impact that could make recovery difficult, if not impossible, should they experience an attack.
Malicious Actors – With technology doing anything but slowing down and more and more activities moving online, opportunities for cybercrime will only intensify.
- Continuation of Nation State Hacks: We have seen a definite rise in KNOWN nation state hacking activities over the last few years. This has hit a point where it has become expected, and sadly, it will become more frequent and potentially more damaging.
- Increased Ingenuity by Hackers: Hackers will take advantage of the technology-obsessed and advanced climate we live in and look for new ways to compromise networks that have never been considered or expected. Machine-enabled expertise and speed will make for a more automated and capable hacking community. This will also include increasing subtle breach activities and the continued use of Ransomware.
Laws – Laws and standards are intended to protect organizations and consumers, but can pose unforeseen threats and financial burdens to executives as they work to comply with aggressive and sometimes misplaced security regulations.
- Unpredictable Responses to Cyber Insurance Claims: While coverage is more mainstream now, organizations haven’t experienced many real “hurricane” level events that lead to massive criminal payments. This may make for rough initial responses as the insured realize that it is not the panacea that they had hoped and they are still left to remedy costly attacks.
- Rise in Cyber Laws and Regulations: With increasingly skilled hacks, more prevalent nation state activities and an increasingly unstable political structure, organizations should expect a rise in the creation and enforcement of cyber laws and regulations. We are also approaching one year into General Data Protection Regulation’s (GDPR) enforcement phase, and enforcement activities will lead to extended court battles and rapidly rising costs.
Skilled Labor, or the lack thereof, remains an issue.
- Lack of Labor/Skills/Personnel: We hear about the talent gap daily, and it will continue throughout the year with a potentially staged boomerang effect — as companies face skill shortages, they will push for greater investment in automation. This will, potentially, solve the labor market skill shortage in a reverse fashion, drastically reducing the number of skilled personnel needed quickly.