Five Tech Trends Driving Cyber Security

Writing in Forbes, Bob Bruns, CISO of leading business anaytiscs firm Avenade has picked out the the five things that he thinks will play a pivotal role in Cyber Security in 2019.

1. Analytics and Automation
The intelligent enterprise of the future will use artificial intelligence (AI) and machine learning to evolve, mature and even disrupt current business practices to get more effective results. 

Cybersecurity is an area that is ripe for the machine learning evolution where we can take massive sets of data, analyze them, and take action in an automated way or recommend action through insights and patterns developed over time. 
Protecting against ransomware is a good example of this and is an area that is maturing quickly, as organisations will use AI to identify attempted attacks and problem-solve ways to proactively protect themselves before they even get to the targeted person(s).

2. Cloud and Hybrid Environments
Security concerns used to keep organisations out of the cloud. Now, security is one of cloud’s strongest selling points. There are many reasons for this, including, the sheer ability for these large providers to invest at a magnitude and pace that few consumer companies might be able to. Many companies simply can’t afford to keep up. 

Another reason is the ability of big providers to aggregate and make use of massive sets of data to identify and address threats. Effective machine learning requires significant amounts of data, and nobody has access to more data than aggregate providers of cloud services. 

On the other side of this, it also creates aggregated risk and a higher-profile target, which obviously needs to be managed through leading and innovating.

Hybrid environments do create some complexity here as well, which is likely where most companies are today. This will be a continued focus for organisations in the coming year. We need hardware to work seamlessly with software across a variety of platforms to move data securely. 

That means embedding security controls into applications and data to secure them inside and outside the organisation. Building in security from the start should be the default will be a key skill for anyone developing in or managing hybrid environments.

3. Identity
Preparation for the General Data Protection Regulation (GDPR), the EU’s strict set of regulations on handling personal data, exposed some gaps and opportunities for organisations to develop more robust security practices. 
While GDPR is aimed at protecting people’s personal information and identities, individuals remain vulnerable, largely due to our reliance on passwords. We need to evolve beyond passwords to create a new perimeter and safeguard around one’s identity. Imagine how eliminating passwords would change hackers’ ability to do harm or compromise a person’s identity.
Biometrics will be a key next step, and it's a form of technology we as consumers are already used to. Many of us are already using our fingerprints or our faces to unlock our smartphones. But in 2019, I think we'll see the need to think beyond that and include other control points like using contextual controls such as location to determine if someone is really who they say they are.

4. Securing IoT
As we see the Internet of Things (IoT) as a top priority across many businesses, we need to think carefully about how we secure devices and information. There are now electric toothbrushes that track the way you brush and provide analytics sensors to improve your brushing habits.
While you might think no one is really going to do anything nefarious with your tooth-brushing habits, this is still an IoT device that can be compromised through a variety of means, including required firmware updates, which could give bad actors a front door to other information.

According to Symantec, the number of IoT attacks increased 600% in just one year, from 2016-2017, and that risk will likely continue to accelerate. 

The relevance also changes when you think about applications on your phone and how a breach in one app could expose all sorts of personal or private information. 

We need to secure applications and data. Embedded security might be the answer here, too, and I expect to see some major movement in the secure-by-design space across the IoT industry.

5. Regulatory Vigilance
The previous four items are about protecting ourselves and our businesses, but we are also seeing a growing trend of governments stepping into the cybersecurity arena with an agenda of their own. Europe has GDPR. 

China is likely to come up with its own regulations on data privacy and security. Within the United States, while federal regulations seem unlikely in 2019, there is movement is afoot within state legislatures.

This year will probably bring the first wave of litigation around GDPR enforcement. Enterprises that are thoughtful and organised now with a strong governance, risk and compliance program to address the evolving regulatory environment will ultimately create time and capacity to focus on their customers and their core business.

In the end, cybersecurity is an area where the best interests of business, customers and government need to align. Together, we can continue to leverage the latest innovations to make the digital world a safe place to be.

Forbes:

You Might Also Read:

The Attack Surface Is Growing Faster Than Ever:

« British Cyber Security Strategy Is ‘Chaotic’
The EU’s Copyright Directive Risks Creating Two Internets »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Brit

Brit

Brit PLC is a market-leading global specialty insurer and reinsurer, focused on underwriting complex risks including cyber, privacy and technology.

CodeOne

CodeOne

CodeOne provides solutions for website and web app security.

Cybercrypt

Cybercrypt

Cybercrypt is a world leading system provider in robust cryptography. Protecting critical assets, applications and sensitive data.

Wallarm

Wallarm

Wallarm is the only unified, best-in-class API Security and WAAP (Web App and API Protection) platform to protect your entire API and web application portfolio.

SKKU Security Lab (seclab)

SKKU Security Lab (seclab)

SKKU Security Lab supports research and education in information security engineering. The lab is a part of the College of Software, Sungkyunkwan University.

International Data Sanitization Consortium (IDSC)

International Data Sanitization Consortium (IDSC)

IDSC is a group composed of individuals and companies dedicated to standardizing terminology and practices across the data sanitization industry.

Echosec Systems

Echosec Systems

Echosec Systems is a data discovery company delivering social media and dark web threat intelligence. Our web based security software delivers critical information for situational awareness.

RIT Global Cybersecurity Institute

RIT Global Cybersecurity Institute

At RIT's Global Cybersecurity Institute, we educate and train cybersecurity professionals; develop new cybersecurity and AI-based knowledge for industry, academia, and government.

CYBER.ORG

CYBER.ORG

CYBER.ORG's goal is to empower educators as they prepare the next generation to succeed in the cyber workforce of tomorrow.

Urbane Security

Urbane Security

Urbane Security is a premier information security consultancy empowering the Fortune 500, small and medium enterprise, and high-tech startups.

Sunartek Labs

Sunartek Labs

Sunartek are equipped with expert resources and advanced technology to identify cyber threats and prevent any breach, bypassing the security network of your organization.

Symbol Security

Symbol Security

Through situational learning, simulations, and a gamified user experience, Symbol strengthens the cyber awareness of employees and helps companies lower cyber risk.

Minorities in Cybersecurity (MiC)

Minorities in Cybersecurity (MiC)

MiC was developed out of a unique passion to help fill the gap that exists in the support and development of women and minority leaders in the cybersecurity field.

Conceal

Conceal

Conceal’s mission is to stop ransomware and credential theft for companies of all sizes by developing innovative solutions that provide social engineering protection in any browser.

Alchemy Security Consulting

Alchemy Security Consulting

Alchemy Security Consulting specialise in offensive and defensive cyber security. We find the weak link in your security so you can patch it up fast and avoid being hacked.

AuthX

AuthX

AuthX provides secure and seamless log-in capabilities through strong authentication and integrations.