Five Tech Trends Driving Cyber Security

Uploaded on 2019-04-03 in TECHNOLOGY--Developments, FREE TO VIEW

Writing in Forbes, Bob Bruns, CISO of leading business anaytiscs firm Avenade has picked out the the five things that he thinks will play a pivotal role in Cyber Security in 2019.

1. Analytics and Automation
The intelligent enterprise of the future will use artificial intelligence (AI) and machine learning to evolve, mature and even disrupt current business practices to get more effective results. 

Cybersecurity is an area that is ripe for the machine learning evolution where we can take massive sets of data, analyze them, and take action in an automated way or recommend action through insights and patterns developed over time. 
Protecting against ransomware is a good example of this and is an area that is maturing quickly, as organisations will use AI to identify attempted attacks and problem-solve ways to proactively protect themselves before they even get to the targeted person(s).

2. Cloud and Hybrid Environments
Security concerns used to keep organisations out of the cloud. Now, security is one of cloud’s strongest selling points. There are many reasons for this, including, the sheer ability for these large providers to invest at a magnitude and pace that few consumer companies might be able to. Many companies simply can’t afford to keep up. 

Another reason is the ability of big providers to aggregate and make use of massive sets of data to identify and address threats. Effective machine learning requires significant amounts of data, and nobody has access to more data than aggregate providers of cloud services. 

On the other side of this, it also creates aggregated risk and a higher-profile target, which obviously needs to be managed through leading and innovating.

Hybrid environments do create some complexity here as well, which is likely where most companies are today. This will be a continued focus for organisations in the coming year. We need hardware to work seamlessly with software across a variety of platforms to move data securely. 

That means embedding security controls into applications and data to secure them inside and outside the organisation. Building in security from the start should be the default will be a key skill for anyone developing in or managing hybrid environments.

3. Identity
Preparation for the General Data Protection Regulation (GDPR), the EU’s strict set of regulations on handling personal data, exposed some gaps and opportunities for organisations to develop more robust security practices. 
While GDPR is aimed at protecting people’s personal information and identities, individuals remain vulnerable, largely due to our reliance on passwords. We need to evolve beyond passwords to create a new perimeter and safeguard around one’s identity. Imagine how eliminating passwords would change hackers’ ability to do harm or compromise a person’s identity.
Biometrics will be a key next step, and it's a form of technology we as consumers are already used to. Many of us are already using our fingerprints or our faces to unlock our smartphones. But in 2019, I think we'll see the need to think beyond that and include other control points like using contextual controls such as location to determine if someone is really who they say they are.

4. Securing IoT
As we see the Internet of Things (IoT) as a top priority across many businesses, we need to think carefully about how we secure devices and information. There are now electric toothbrushes that track the way you brush and provide analytics sensors to improve your brushing habits.
While you might think no one is really going to do anything nefarious with your tooth-brushing habits, this is still an IoT device that can be compromised through a variety of means, including required firmware updates, which could give bad actors a front door to other information.

According to Symantec, the number of IoT attacks increased 600% in just one year, from 2016-2017, and that risk will likely continue to accelerate. 

The relevance also changes when you think about applications on your phone and how a breach in one app could expose all sorts of personal or private information. 

We need to secure applications and data. Embedded security might be the answer here, too, and I expect to see some major movement in the secure-by-design space across the IoT industry.

5. Regulatory Vigilance
The previous four items are about protecting ourselves and our businesses, but we are also seeing a growing trend of governments stepping into the cybersecurity arena with an agenda of their own. Europe has GDPR. 

China is likely to come up with its own regulations on data privacy and security. Within the United States, while federal regulations seem unlikely in 2019, there is movement is afoot within state legislatures.

This year will probably bring the first wave of litigation around GDPR enforcement. Enterprises that are thoughtful and organised now with a strong governance, risk and compliance program to address the evolving regulatory environment will ultimately create time and capacity to focus on their customers and their core business.

In the end, cybersecurity is an area where the best interests of business, customers and government need to align. Together, we can continue to leverage the latest innovations to make the digital world a safe place to be.

Forbes:

You Might Also Read:

The Attack Surface Is Growing Faster Than Ever:

« British Cyber Security Strategy Is ‘Chaotic’
The EU’s Copyright Directive Risks Creating Two Internets »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Latham & Watkins LLP

Latham & Watkins LLP

Latham & Watkins is an international law firm. Practice areas include Data Privacy, Security and Cybercrime.

Global Learning Systems (GLS)

Global Learning Systems (GLS)

Global Learning Systems provides security awareness and compliance training programs for employees that effectively promote behavior change and protect your organization.

PrimaTech

PrimaTech

PrimaTech provide process safety, cyber and process security, and risk management consulting, training and software for the process industries.

ClearDATA

ClearDATA

The ClearDATA Managed Cloud protects sensitive healthcare data using purpose-built DevOps automation, compliance and security safeguards, and healthcare expertise.

Careers in Cyber Security (CiCS)

Careers in Cyber Security (CiCS)

CareersinCyberSecurity is a leading global job board and career resource for Cyber Security, IT Audit, Technology Risk and Data Protection professionals.

IOTA Foundation

IOTA Foundation

The IOTA Foundation is a non-profit R&D organisation focused on developing the next generation of protocols for the connected world.

SecureAppbox

SecureAppbox

SecureAppbox provide solutions that protects the communication of sensitive data as well as advice on data security and compliance with GDPR.

Safetica

Safetica

Safetica Technologies is a Czech software company that delivers data protection solutions for businesses of all types and sizes.

Elemendar

Elemendar

Elemendar Artificial Intelligence reads cyber threat reports written by humans and translates them into industry-standard, machine-readable and machine-actionable data.

Penacity

Penacity

Penacity, LLC provides strategic consulting technology services and Information Security Services to commercial and government organizations.

CYE

CYE

Utilizing data, numbers, and facts, CYE helps security leaders know what business assets are at risk and execute cost-effective remediation projects for optimal risk prevention.

MrLooquer

MrLooquer

MrLooquer provide a solution to automatically discover the assets of organizations on the internet, determine the level of exposure to attacks and help to manage risk accurately.

Italtel

Italtel

Italtel is a multinational ICT company that combines networks and communications services with the ability to innovate and develop solutions for digital transformation.

Africa ICS Cyber Security Conference

Africa ICS Cyber Security Conference

Africa's largest ICS Cyber Security Conference and Expo. The only platform that will proudly present top level B2B and B2C networking opportunities.

NETRIO

NETRIO

If you are looking for a highly mature, exceptionally competent Managed Service Provider, NETRIO has solutions to keep your business running at warp speed with zero disruptions.

Jisc

Jisc

Jisc is a membership organisation working in partnership with the UK’s research and education communities to develop the digital technologies they need to teach, discover and thrive.