John Williams, Product Manager at Node4:

“In April of this year, the UK’s National Crime Agency named DDoS attacks as the joint leading threat facing businesses, alongside ransomware. Because of this, security spending in this area will likely continue to be a big priority next year. However, for continued protection and overall resilience through 2019, a combination of initiatives will be necessary; working with a strategic IT partner can help organisations of any size conduct comprehensive testing and analysis of vulnerabilities to ensure the best levels of prevention against potential threats.”

.

Naaman Hart, Managed Services Security Engineer at Digital Guardian:

“In 2019, Business Email Compromise will continue.  Companies will traditionally target their employees with security awareness training about not opening suspicious emails or links but how many train their staff to refuse a direct command from senior staff?  The art of “Whaling” aims to compromise a senior staff members email and then use that to instruct junior staff to make payments to bank accounts of fraudsters.  Because these attacks are succeeding and they’re very lucrative they will continue to attract more groups willing to try their methods.

It’s time that businesses thought about applying security to their business practices as IT security tools are not infallible against human behavior.  As an example, train your staff to require third party validation for any financial transaction or introduce payment procedures requiring multiple sets of independent eyes.  Malicious individuals are abusing the fact that junior staff implicitly trust their seniors and that they fear for their jobs if they do not act quickly as instructed.  You must put in place processes and beliefs that when unordinary requests come through they should be questioned.”

Rich Campagna, CMO at Bitglass:

“The numbers don’t lie – more and more companies around the world are adopting cloud-based tools like Office 365, G Suite, AWS, Salesforce, and Slack. In 2018, the percentage of organizations using at least one cloud-based tool reached 81 percent worldwide. While this number will continue to rise in 2019, most companies will not deploy security measures appropriate for protecting data in the cloud, resulting in the vast majority of cloud security failures being the customer’s fault. Recent Bitglass research found that only one in four organizations in 2018 had deployed single sign-on (SSO), the most basic requirement for protecting data in the cloud. If cybersecurity continues to lag behind cloud adoption, then 2019 is sure to be filled with a massive number of data breaches.”

Stephen Gailey, Solutions Architect at Exabeam:

“2019 seems as if it will be the year of analytics, machine learning and AI.  These tools are already available, though their take up has often been delayed by a failure to match these new capabilities with appropriate new workflows and SOC practices.  Next year should see some of the pretenders – those claiming to use these techniques but actually using last generation’s correlation and alert techniques in disguise – fall away, allowing the real innovators in this field to begin to dominate.  This is likely to lead to some acquisitions, as the large incumbents, who have struggled to develop this technology, seek to buy it instead.  2019 is the year to invest in machine learning security start-ups demonstrating real capabilities.”

Rupert Spiegelberg, CEO at IDnow:

“Artificial intelligence will continue to drive digitization in many industries next year. This development is facilitated by three factors: the research and development of artificial intelligence technology is offering highly sophisticated application possibilities for the collection, processing and evaluation of data; international regulatory standards are opening up business opportunities across national borders for digitally-based businesses – the Payment Services Directive 2 (PSD2) for European finance is an example of this. And thirdly, AI-driven services are also increasingly accepted by end users.  Live chat services, or the use of virtual assistants, is becoming a natural part of everyday life for more and more people, although this brings with it increased customer expectations for high quality service levels.

‘Now Economy‘ companies now face the challenge of providing their digital customers with a convenient, seamless service, from onboarding to checkout, while remaining cost-effective and in-line with industry and national legislation. In 2019, we will see how both startups and established companies leverage the power of AI technology to develop new digital business models.”

Todd Kelly, CSO at Cradlepoint:

“In 2019, as the network security industry develops better detection and defense solutions, traditional fixed perimeter-based approaches to network security will evolve. More people and things are living outside these walls, and the walls built around data centers and branch offices are often penetrated from within by employees using unsecure personal devices and shadow IT deployments. The new WAN landscape next year will demand an elastic edge to extend protection beyond physical and static infrastructure for people, mobile and connected devices on the move.”

.

Garry McCracken, VP Technology at WinMagic:

“In today’s world of hyper-converged infrastructures (HCIs) and virtualisation, workloads are now virtual, dynamic, mobile, scalable and vulnerable – all of which makes maintaining data security a much more demanding proposition.  I predict that 2019 will be the year when we see the first serious hypervisor attack.  Hypervisors and other cloud service provider-controlled infrastructure needs to be hardened to give security conscious enterprises the confidence that they remain in control of their data. One problem technically for Full Drive Encryption is that when running on a virtual machine with keys in the virtual memory, it’s possible that a hypervisor could take a snap shot of the memory of the virtual machine, and make a copy of the disk encryption keys.  The solution is to use the hardware based memory encryption that not even  a compromised hypervisor could access in plain text.”

Matthew Brouker, Group Product Director at Six Degrees:

“The threats posed by cyber criminals continue to grow in frequency, sophistication and success; the Cabinet Office estimates the cost of cyber-crime to the UK economy to be £27 billion (source). We’re seeing organisations come to the realisation that traditional IT security measures like firewall and antivirus are ineffective in preventing cyber-attacks unless they are deployed as part of a wider cyber security strategy. In 2019, I expect more organisations to build out their multi-layered security approaches that combine security solutions with robust processes and targeted staff training programmes in order to enhance their overall security postures.”

Nigel Tozer, Solutions Marketing Director at Commvault:

“In 2019, trust is going to be at a premium. People are fed up of data breaches – no-one likes to think of their personal data in the hands of cyber-criminals, let alone financial details such as payment card information. Businesses really need to win trust on two fronts with their customers; they need to feel reassured that their data is available when they need it but still kept securely, and they also need to trust companies not to abuse their data. Achieving this will require organisations to take a hard look at how they manage and protect their customer’s data, and ensure they have the right policies and processes in place to earn and maintain this trust.”

Experts Comments

December 16, 2021
Craig Ramsay
Senior Solution Architect
Omada

Intelligent unification will be a major trend in 2022 in the Identity Management space – in other words, a meaningful convergence of technologies and identity disciplines. Now, more than ever, organizations have a plethora of solutions at their disposal. Maximizing the capabilities and information available to provide a unified and holistic view of identities, their access, and the contexts through which they have the access will be crucial in reducing identity related risk. By breaking down

.....Read More

Intelligent unification will be a major trend in 2022 in the Identity Management space – in other words, a meaningful convergence of technologies and identity disciplines. Now, more than ever, organizations have a plethora of solutions at their disposal. Maximizing the capabilities and information available to provide a unified and holistic view of identities, their access, and the contexts through which they have the access will be crucial in reducing identity related risk. By breaking down these siloes and sharing information across these boundaries adapting to new identity challenges as they arise will become easier. 

 The sharp uptick in cloud adoption and SaaS offerings will continue across the board, which will make it easier for organizations to increase the services they’re consuming. With this trend in mind, any solution providing Identity Management and/or Identity Governance capabilities must provide versatile configurability to integrate and scale with the future and changing needs of businesses. Combining this configurable flexibility with increased identity analytics means we will start to see intelligent unified governance platforms that enable huge reductions in manual effort in implementing, managing, and interacting with Identity Management processes. 

 This shift to more and more autonomy in these processes is another trend I envisage growing throughout 2022. Right now, Identity Management is stuck in a hybrid of manual and semi-autonomous actions. Whilst there will always be a need for some level of human decision making when it comes to the most critical applications and sensitive data, a unified approach to identity will greatly reduce manual effort. This will be realized through increased automation and intelligent decision support where automation is not suitable.

  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.