Five Tech Trends Driving Cyber Security

Uploaded on 2019-04-03 in TECHNOLOGY--Developments, FREE TO VIEW

Writing in Forbes, Bob Bruns, CISO of leading business anaytiscs firm Avenade has picked out the the five things that he thinks will play a pivotal role in Cyber Security in 2019.

1. Analytics and Automation
The intelligent enterprise of the future will use artificial intelligence (AI) and machine learning to evolve, mature and even disrupt current business practices to get more effective results. 

Cybersecurity is an area that is ripe for the machine learning evolution where we can take massive sets of data, analyze them, and take action in an automated way or recommend action through insights and patterns developed over time. 
Protecting against ransomware is a good example of this and is an area that is maturing quickly, as organisations will use AI to identify attempted attacks and problem-solve ways to proactively protect themselves before they even get to the targeted person(s).

2. Cloud and Hybrid Environments
Security concerns used to keep organisations out of the cloud. Now, security is one of cloud’s strongest selling points. There are many reasons for this, including, the sheer ability for these large providers to invest at a magnitude and pace that few consumer companies might be able to. Many companies simply can’t afford to keep up. 

Another reason is the ability of big providers to aggregate and make use of massive sets of data to identify and address threats. Effective machine learning requires significant amounts of data, and nobody has access to more data than aggregate providers of cloud services. 

On the other side of this, it also creates aggregated risk and a higher-profile target, which obviously needs to be managed through leading and innovating.

Hybrid environments do create some complexity here as well, which is likely where most companies are today. This will be a continued focus for organisations in the coming year. We need hardware to work seamlessly with software across a variety of platforms to move data securely. 

That means embedding security controls into applications and data to secure them inside and outside the organisation. Building in security from the start should be the default will be a key skill for anyone developing in or managing hybrid environments.

3. Identity
Preparation for the General Data Protection Regulation (GDPR), the EU’s strict set of regulations on handling personal data, exposed some gaps and opportunities for organisations to develop more robust security practices. 
While GDPR is aimed at protecting people’s personal information and identities, individuals remain vulnerable, largely due to our reliance on passwords. We need to evolve beyond passwords to create a new perimeter and safeguard around one’s identity. Imagine how eliminating passwords would change hackers’ ability to do harm or compromise a person’s identity.
Biometrics will be a key next step, and it's a form of technology we as consumers are already used to. Many of us are already using our fingerprints or our faces to unlock our smartphones. But in 2019, I think we'll see the need to think beyond that and include other control points like using contextual controls such as location to determine if someone is really who they say they are.

4. Securing IoT
As we see the Internet of Things (IoT) as a top priority across many businesses, we need to think carefully about how we secure devices and information. There are now electric toothbrushes that track the way you brush and provide analytics sensors to improve your brushing habits.
While you might think no one is really going to do anything nefarious with your tooth-brushing habits, this is still an IoT device that can be compromised through a variety of means, including required firmware updates, which could give bad actors a front door to other information.

According to Symantec, the number of IoT attacks increased 600% in just one year, from 2016-2017, and that risk will likely continue to accelerate. 

The relevance also changes when you think about applications on your phone and how a breach in one app could expose all sorts of personal or private information. 

We need to secure applications and data. Embedded security might be the answer here, too, and I expect to see some major movement in the secure-by-design space across the IoT industry.

5. Regulatory Vigilance
The previous four items are about protecting ourselves and our businesses, but we are also seeing a growing trend of governments stepping into the cybersecurity arena with an agenda of their own. Europe has GDPR. 

China is likely to come up with its own regulations on data privacy and security. Within the United States, while federal regulations seem unlikely in 2019, there is movement is afoot within state legislatures.

This year will probably bring the first wave of litigation around GDPR enforcement. Enterprises that are thoughtful and organised now with a strong governance, risk and compliance program to address the evolving regulatory environment will ultimately create time and capacity to focus on their customers and their core business.

In the end, cybersecurity is an area where the best interests of business, customers and government need to align. Together, we can continue to leverage the latest innovations to make the digital world a safe place to be.

Forbes:

You Might Also Read:

The Attack Surface Is Growing Faster Than Ever:

« British Cyber Security Strategy Is ‘Chaotic’
The EU’s Copyright Directive Risks Creating Two Internets »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Code Decode Labs

Code Decode Labs

Code Decode Labs provides consulting for IT Technology, Cyber Security, Advanced Defense & Policing Technologies, Intelligent Networks, and Information Security.

Cradlepoint

Cradlepoint

With Cradlepoint customers leverage the speed and economics of wired and wireless Internet broadband for branch, mobile, and IoT networks while maintaining end-to-end visibility, security and control.

Cyber Resilient Energy Delivery Consortium (CREDC)

Cyber Resilient Energy Delivery Consortium (CREDC)

CREDC performs multidisciplinary R&D in support of the Energy Sector Control Systems Working Group’s Roadmap of resilient Energy Delivery Systems (EDS).

Innovative Solutions (IS)

Innovative Solutions (IS)

Innovative Solutions is a specialized professional services company delivering Information Security products and solutions for Saudi Arabia and the Gulf region.

Recruit.net

Recruit.net

Recruit.net allows job seekers to instantly find millions of jobs from thousands of web sites with a single search.

CYDES

CYDES

CYDES is the first event in Malaysia to showcase advanced solutions and technologies to address cyber defence and cyber security challenges for the public and private sectors.

DDOS-Guard

DDOS-Guard

DDoS-GUARD is one of the leading service providers on the global DDoS protection and content delivery markets.

Keeper Security

Keeper Security

Keeper is a leading enterprise password manager and cybersecurity platform for preventing password-related data breaches and cyberthreats.

NexGenT

NexGenT

NexGenT have combined military-style training with decades of network engineering and cyber security experience into an immersive program to get people into cyber security fast and effectively.

Deutsche Gesellschaft für Cybersicherheit (DGC)

Deutsche Gesellschaft für Cybersicherheit (DGC)

As a leading provider of cyber security, DGC supports companies in taking advantage of the opportunities offered by the digital transformation – and in minimizing the associated risks.

AI Spera

AI Spera

AI-Driven Cyber Threat Intelligence Security. AI Spera provides real-time intelligence to empower your security competences in all aspects of the business.

Cytidel

Cytidel

Cytidel is a vulnerability and risk management platform that utilises threat and business intelligence to help IT Security teams.

RIoT Secure

RIoT Secure

RIoT Secure AB is a technology enabler within the IoT industry - created with a vision to ensure security technology exists in the foundations of software development for IoT solutions.

Enterprise Strategy Group

Enterprise Strategy Group

Enterprise Strategy Group, a division of TechTarget, is an IT analyst, research, validation, and strategy firm that provides market intelligence and actionable insight to the global IT community.

MadWolf Technologies

MadWolf Technologies

MadWolf’s mission is to deliver enterprise-quality managed services and focused applications to organizations operating in the non-profit, association and international development sectors.

Cyber Grant

Cyber Grant

Cyber Grant excel in designing cybersecurity solutions for data protection. Our approach and vision, centered on ease-of-use, establish us as a benchmark in the industry for safeguarding information.