Thursday, December 13, 2018

Cybersecurity Predictions for 2019

The cybersecurity trends that have characterized 2018 are likely to continue in 2019, including the increasing sophistication of adversaries and threats, organizations moving from passive defense to taking more proactive security postures, the widening cybersecurity skills gap, and the evolution of cybersecurity technologies to adapt to the new challenges. Beyond the big picture, here are the 2019 predictions from cybersecurity experts in the industry:

The popularity of containers will undoubtedly accelerate. But we’ve seen this all too frequently; speed is good for business, bad for security. Security isn’t given the attention it needs and containers can fall victim to loose security management. In 2019, we’ll see smart enterprises build containers into their overall security posture and ensure they are using the right processes and tools for development while adhering to security principles. We can expect that to become gospel for companies who really “get it” in terms of effective container strategies. They will realize that there’s no such thing as fast development without security.
Dan Hubbard | Chief Product Officer at Lacework

In 2019, defenders will increasingly think and operate like an attacker by understanding the attack paths and methods that will be used to exploit them. Companies will need to recognize that they cannot be passive, and that defense should not begin after an attack has begun. Strategic thinking will shift to that of an “active defense”, which will include gaining better understand of one’s adversary and creating pre-emptive measures that empower security teams to outmaneuver and derail their attackers.
Carolyn Crandall | Chief Deception Officer at Attivo Networks

Security, especially across multiple cloud and in combination with on-premise, will continue to be top of mind. Additional awareness of both insider and external threats will be combined with effective tools that balance protection and usability. More CISOs will peer with CIOs as opposed to reporting to them. Further, mainstream enterprises will look beyond just getting their apps to work in the cloud. They will move to the next phase of optimizing performance, manageability, and security as part of a true multi-cloud deployment, where they have critical workloads both on-premise as well as within one or more public clouds.
Brajesh Goyal | Vice President, Engineering at Cavirin Systems

Cryptomining will prove increasingly costly for corporations in 2019. This threat is often ignored as being merely a nuisance but is easy for cyber attackers to quickly develop and use to steal corporate secrets or breach the broader organization. Warning signs of these kinds of attacks often blend in seamlessly with business-justified activity, making it hard for stretched-thin security teams to focus on. This year has already seen an alarming amount of malicious cryptomining activity and we can expect the next evolution of crypto attacks to focus on more than just that.
Rahul Kashyap | President & CEO at Awake Security

Cyber-Sea-Air & Land, in that exact order, will become our priority of focus driving the need for the collaboration of private and public sectors to combat the rapidly evolving capabilities of threat actors. This focus is pivotal to protecting our citizens’ identity and privacy. Joint Information and Identity Secure Network (JIISN) to provide a better way to exchange identity information without compromising user data and lowering friction for the legitimate user is what will be required for the future, starting now.
Shahrokh Shahidzadeh | CEO at Acceptto

Regulatory frameworks will continue to drive security maturation for companies. Specifically, the European GDPR regulations will force companies to take a complete inventory of data they control or process, as well as map out their complete Internet presence. Many companies don’t have a full grasp of where data is used within their infrastructure nor their complete web presence, i.e. – *all* of their internet accessible point of entry. GDPR will force that issue.
Greg Reber | Partner at Moss Adams

Smart Devices Will Challenge Data Integrity. Organizations will adopt smart devices with enthusiasm, not realizing that these devices are often insecure by design and therefore offer many opportunities for attackers. In addition, there will be an increasing lack of transparency in the rapidly-evolving IoT ecosystem, with vague terms and conditions that allow organizations to use personal data in ways customers did not intend. It will be problematic for organizations to know what information is leaving their networks or what is being secretly captured and transmitted by devices such as smartphones, smart TVs or conference phones. When breaches occur, or transparency violations are revealed, organizations will be held liable by regulators and customers for inadequate data protection.
Steve Durbin | Managing Director at the Information Security Forum

Recently we’ve seen an increase in attacks in the software supply-chain and we expect to see this trend continue in 2019. Unlike traditional malware, cryptomining malware aims to have minimal visible side effects. This allows attackers to target the supply chain and hopefully go unnoticed for extended periods of time. This greatly increases their reach by compromising anyone using that technology instead of having to attack each organization individually. Given the prevalence of automated updates of software, it’s impossible for most organizations to fully monitor their upstream software supply chain, but by monitoring cryptographic related traffic at the gateway it is easy to spot suspicious activity.
Dirk Morris | Chief Product Officer at Untangle

Cloud security will align strongly with traditional security measures. While cloud adoption has improved organizational agility, reduced products’ time-to-market, and leveled the playing field with respect to computational power, it has also resulted in disparate environments that security teams struggle to monitor on a regular basis. This is especially true if the security teams are isolated from other teams that deal with DevOps, cloud infrastructure setup, and product development. During incident response, it’s also tough to reconcile cloud asset data with data from traditional security tools. Security vendors and organizations have both realized this, which is why product interconnectivity will grow and security teams will be able to coordinate actions across both cloud and on-premise environments from a small number of consoles.
Rishi Bhargava | Co-founder at Demisto

In 2019, email and stolen privileges will continue to be the primary method of bypassing organizations’ security to inhibit services, disrupt productivity, steal sensitive data or conduct financial fraud. Heightening security to limit impact and risk of emails and privileges should be the top priority for organizations to reduce their vulnerability to cyberattacks. By controlling inbound email content and implementing a least-privilege strategy, you can significantly reduce cyber risk. Cyber weapons have been in development by several governments for years and many have begun secretly engaging in attacks against other countries, spawning near-war scenarios. As the world has become somewhat callous to the threat of nuclear arms, cyber weapons have enabled countries to disrupt citizen societies and political stability. In 2019, we will likely see governments reveal their offensive cyber capabilities and demonstrate their power to cause social and political harm without ever even crossing borders.
Joseph Carson | Chief Security Scientist at Thycotic

Organizations need to be prepared for more sophisticated attacks in 2019. As no company can be 100% secure there must be clarity on acceptable levels of risks and investment in the fundamentals of cyber hygiene – knowing, on any day, what assets you’re protecting, how they’re controlled, and how they’re vulnerable – will crucially help protect against the vast majority of future attacks.
Nik Whitfield | CEO at Panaseer

 

The post Cybersecurity Predictions for 2019 appeared first on Cybersecurity Insiders.


December 13, 2018 at 08:07PM

0 comments:

Post a Comment