2019 Cybersecurity Predictions

John Williams, Product Manager at Node4:

“In April of this year, the UK’s National Crime Agency named DDoS attacks as the joint leading threat facing businesses, alongside ransomware. Because of this, security spending in this area will likely continue to be a big priority next year. However, for continued protection and overall resilience through 2019, a combination of initiatives will be necessary; working with a strategic IT partner can help organisations of any size conduct comprehensive testing and analysis of vulnerabilities to ensure the best levels of prevention against potential threats.”

.

Naaman Hart, Managed Services Security Engineer at Digital Guardian:

“In 2019, Business Email Compromise will continue.  Companies will traditionally target their employees with security awareness training about not opening suspicious emails or links but how many train their staff to refuse a direct command from senior staff?  The art of “Whaling” aims to compromise a senior staff members email and then use that to instruct junior staff to make payments to bank accounts of fraudsters.  Because these attacks are succeeding and they’re very lucrative they will continue to attract more groups willing to try their methods.

It’s time that businesses thought about applying security to their business practices as IT security tools are not infallible against human behavior.  As an example, train your staff to require third party validation for any financial transaction or introduce payment procedures requiring multiple sets of independent eyes.  Malicious individuals are abusing the fact that junior staff implicitly trust their seniors and that they fear for their jobs if they do not act quickly as instructed.  You must put in place processes and beliefs that when unordinary requests come through they should be questioned.”

Rich Campagna, CMO at Bitglass:

“The numbers don’t lie – more and more companies around the world are adopting cloud-based tools like Office 365, G Suite, AWS, Salesforce, and Slack. In 2018, the percentage of organizations using at least one cloud-based tool reached 81 percent worldwide. While this number will continue to rise in 2019, most companies will not deploy security measures appropriate for protecting data in the cloud, resulting in the vast majority of cloud security failures being the customer’s fault. Recent Bitglass research found that only one in four organizations in 2018 had deployed single sign-on (SSO), the most basic requirement for protecting data in the cloud. If cybersecurity continues to lag behind cloud adoption, then 2019 is sure to be filled with a massive number of data breaches.”

Stephen Gailey, Solutions Architect at Exabeam:

“2019 seems as if it will be the year of analytics, machine learning and AI.  These tools are already available, though their take up has often been delayed by a failure to match these new capabilities with appropriate new workflows and SOC practices.  Next year should see some of the pretenders – those claiming to use these techniques but actually using last generation’s correlation and alert techniques in disguise – fall away, allowing the real innovators in this field to begin to dominate.  This is likely to lead to some acquisitions, as the large incumbents, who have struggled to develop this technology, seek to buy it instead.  2019 is the year to invest in machine learning security start-ups demonstrating real capabilities.”

Rupert Spiegelberg, CEO at IDnow:

“Artificial intelligence will continue to drive digitization in many industries next year. This development is facilitated by three factors: the research and development of artificial intelligence technology is offering highly sophisticated application possibilities for the collection, processing and evaluation of data; international regulatory standards are opening up business opportunities across national borders for digitally-based businesses – the Payment Services Directive 2 (PSD2) for European finance is an example of this. And thirdly, AI-driven services are also increasingly accepted by end users.  Live chat services, or the use of virtual assistants, is becoming a natural part of everyday life for more and more people, although this brings with it increased customer expectations for high quality service levels.

‘Now Economy‘ companies now face the challenge of providing their digital customers with a convenient, seamless service, from onboarding to checkout, while remaining cost-effective and in-line with industry and national legislation. In 2019, we will see how both startups and established companies leverage the power of AI technology to develop new digital business models.”

Todd Kelly, CSO at Cradlepoint:

“In 2019, as the network security industry develops better detection and defense solutions, traditional fixed perimeter-based approaches to network security will evolve. More people and things are living outside these walls, and the walls built around data centers and branch offices are often penetrated from within by employees using unsecure personal devices and shadow IT deployments. The new WAN landscape next year will demand an elastic edge to extend protection beyond physical and static infrastructure for people, mobile and connected devices on the move.”

.

Garry McCracken, VP Technology at WinMagic:

“In today’s world of hyper-converged infrastructures (HCIs) and virtualisation, workloads are now virtual, dynamic, mobile, scalable and vulnerable – all of which makes maintaining data security a much more demanding proposition.  I predict that 2019 will be the year when we see the first serious hypervisor attack.  Hypervisors and other cloud service provider-controlled infrastructure needs to be hardened to give security conscious enterprises the confidence that they remain in control of their data. One problem technically for Full Drive Encryption is that when running on a virtual machine with keys in the virtual memory, it’s possible that a hypervisor could take a snap shot of the memory of the virtual machine, and make a copy of the disk encryption keys.  The solution is to use the hardware based memory encryption that not even  a compromised hypervisor could access in plain text.”

Matthew Brouker, Group Product Director at Six Degrees:

“The threats posed by cyber criminals continue to grow in frequency, sophistication and success; the Cabinet Office estimates the cost of cyber-crime to the UK economy to be £27 billion (source). We’re seeing organisations come to the realisation that traditional IT security measures like firewall and antivirus are ineffective in preventing cyber-attacks unless they are deployed as part of a wider cyber security strategy. In 2019, I expect more organisations to build out their multi-layered security approaches that combine security solutions with robust processes and targeted staff training programmes in order to enhance their overall security postures.”

Nigel Tozer, Solutions Marketing Director at Commvault:

“In 2019, trust is going to be at a premium. People are fed up of data breaches – no-one likes to think of their personal data in the hands of cyber-criminals, let alone financial details such as payment card information. Businesses really need to win trust on two fronts with their customers; they need to feel reassured that their data is available when they need it but still kept securely, and they also need to trust companies not to abuse their data. Achieving this will require organisations to take a hard look at how they manage and protect their customer’s data, and ensure they have the right policies and processes in place to earn and maintain this trust.”