The past 12 months have been a maze of cyber security challenges, ranging from the almost constant data breach headlines to the introduction of that little thing called GDPR
Now, as 2019 comes rushing up to greet us, what can we expect to see dominating the industry? Below are just a few of the predictions we’re making…
IoT Security and Regulation
IoT will continue its rapid expansion with over 50% of businesses incorporating IoT into their operations in 2019 for economic advantages, market competitiveness, and differentiation. IoT-enabled device innovation will continue to outpace the security built into those devices and Federal government regulation will continue to fall short in defining the laws and fines required to affect change. State-level regulations will be enacted to improve the situation, but will likely fall short in impact, and in many cases, only result in a false sense of consumer confidence with respect to the security of these devices.
Breach Disclosure and Risk Profiles
There are more U.S. breach notifications laws than Baskin Robbins ice cream flavors, and the inconsistency of these laws will continue to cause confusion and compliance challenges for companies throughout 2019. We will see an increase in fines levied and potential jail time for those who do not meet the expectation of these measures. States like California, Rhode Island, and Massachusetts have all been very aggressive in their enforcement of these laws, a trend likely to be closely followed throughout the next year.
Many organisations struggle with the lack of clarity of breach disclosure definitions and expectations. States that create notification laws that include defined processes will help organisations be better prepared and compliant to disclosure strategies in the event of a breach. This will promote more strategic thought processes for recording and reporting incidents and will reinforce that it is no longer enough to quickly notify on a breach incident, they will also need to accurately identify the full impact of the event. Going forward, organisations will be expected to fully understand how widespread the attack was, how deeply the attacker penetrated, and how to set the right controls in place to prevent their return.
Companies will need to start looking at security differently, moving beyond IT risk management and into digital risk management. It’s no longer just about protecting a particular asset, server, or endpoint, it’s about protecting the entire business and maintaining a competitive advantage. More companies will need to take a closer look at their security risk profiles and assess whether the controls they have in place will scale to facilitate the needs of an interconnected on-demand business, while ensuring the protection of their networks.
Suppliers and Third-Party Contractors as a Growing Vulnerability
We will see an increased focus on supply chain risk, which will result in higher expectations and more complex cybersecurity assessments of suppliers and third-party contractors in 2019. There was a record number of breaches in 2018 that were driven by suppliers and contractors. A trend we must reverse. To fix this issue, we will see an increased focused on certifications and compliance with suppliers for their services. As attackers continue to exploit vulnerabilities within these third-party organisations, companies will need to take measures to certify and verify them and to prove they can be trusted.
Cloud & Shared Security Models
Cloud will become an increased target in 2019 as adoption grows and attackers increasingly exploit weaknesses in shared security models. Cloud providers will protect the infrastructure platform with an increased awareness of hardware-based attacks, however the lack of understanding about how best to secure data in and access to the cloud will leave room for errors and misconfigurations. Adoption of technologies like CASB and deception will grow significantly as organisations seek new security controls designed to address these challenges.
Over the next year we will see an increased focus on internal and external information sharing, along with better incorporation of communication plans that include community notifications of advanced threat activity. In order to better automate information sharing, there will be an increased focus on the quality and reliability of threat intelligence that will provide the confidence in alerts that has been previously missing. For example, more companies will embrace more native integrations in their platforms and the concept of Security Orchestration, Automation and Response (SOAR) as a framework that helps defenders will be increasingly adopted to fuel collaboration across markets and industries.
Throughout 2019 and beyond, defenders must be able to think and operate like an attacker by understanding the attack paths and methods that will be used to exploit them. Companies will need to recognise that they cannot be passive and that defence should not begin after an attack has begun. Strategic thinking will shift to that of an “active defence”, which will include gaining better understanding of one’s adversary and being able to create pre-emptive measures that empower security teams to outmaneuver and derail their attackers.
About the Author
Carolyn Crandall is Chief Deception Officer, Attivo Networks. Attivo Networks is an award-winning leader in deception technology for inside-the-networkdetection, analysis, and accelerated response to cyber attackers. Throughout history, deception hasbeen used for successfully battling human opponents. It is now actively deployed for offense-basedcyber-warfare, changing the game on attackers, and efficiently deceiving attackers into revealingtheir presence.