Cybersecurity has become a big deal.
With the proliferation of data breaches in the corporate world, in addition to all of the classic fears of malware, Trojans and viruses wreaking havoc on systems, executives and business leaders are concerned.
Techopedia asked some of today’s experts to look at what’s likely to happen with IT security in 2019. Here’s what we heard.
“Large companies spend a lot on cybersecurity, and what do they get? Equifax and Marriott. Small and medium-sized companies don’t invest in cybersecurity and the result can even be more disastrous where they go out of business … big corporations purchase a large number of security products. Many of these products do not work together. Some have a very low return on investment. While they are managing all of these products, they then miss out on doing some of the basics. … Small and medium-sized companies don’t necessarily have a security policy, strong password management, good patching cadence or cybersecurity training. These are the low hanging fruit that can help to prevent serious cybersecurity issues at their organization. … I expect that companies will continue … misallocation [of] resources for cybersecurity. Whether it is chasing the next great cybersecurity product or not taking basic precautions, 2019 will be the year of misaligned cybersecurity investment.”
— Rob Black – Founder and Managing Principal of Fractional CISO
“In 2019, we can expect to continue to see large-scale data breaches. While we continue to gain a deeper understanding of the importance (and implications) of data backup and security, so do hackers. In 2019, their level of sophistication will increase, resulting in far more destructive and intelligent breaches. Because of this, companies should start implementing security awareness training and hosting security awareness events so employees and businesses will better understand how to react in the face of a security breach. We will also see an emphasis on the ‘trust but verify’ mentality. From phishing frauds to spam phone calls, 2019 will see an increase in efforts to limit these infiltrations by encouraging verification of validity. … Additionally, we should also expect a rise in biometrics. Between connected cars, Google Homes and Amazon Echoes, companies are constantly listening and collecting data. Biometrics will become more prominent, given companies such as Google and Amazon store our voice and speech patterns.”
— Larry Friedman, Chief Information Security Officer at Carbonite
“Organizations need to get back to basics. They have a puzzle of multiple solutions and vendors, whose technologies are not coordinated. They need to reduce complexity in security operations by adding a single automated, orchestrated holistic solution.”
— Itay Yanovski, founder and SVP of Strategy at CyberInt
“After the sheer amount of [identity] theft in 2018, 2019 will be no different. Expect at least 3 more major hacks with over 1 billion accounts taken in the coming year. Corporations will pump as much budget as possible to prevent from being the next company in the news cycle. It still won’t be enough though, so expect some big company names in the news.”
— Mark Enzor, President of Geeks 2 You
“The biggest challenge we expect organizations to face in 2019 will be how to overcome the cybersecurity skills shortage and the growing demand for data security specialists. Using numerous siloed security solutions in tandem is still too complex for most organizations, especially when compliance mandates are getting stricter every year. … The increased use of artificial intelligence and machine learning in these solutions will hopefully lead to better reporting, alerting and analytical capabilities.”
— Aidan Simister, CEO of Lepide
“We believe that cybersecurity will become more intelligence-driven in 2019. In a world of fast-moving, automated attacks, intelligence is the key to being able to respond swiftly or even predictively, rather than reactively, to individual threats. Additionally, it will allow for the organization’s overall cybersecurity posture to change dynamically in response to the changing threat landscape … Machine learning will play a critical role in gathering intelligence. Moreover, machines will start making more of their own decisions and execute changes themselves to minimize an organization’s cyber-risk, based on this intelligence.”
— Matt Gyde, Group Executive – Cybersecurity at Dimension Data
“In 2019, expect to see cybersecurity focus more on insider threats than outsider threats. While we may think hacks and data breaches are caused by entities out there, they are in fact more commonly caused by unknowing employees who made a small mistake. Perhaps they fell for a phishing email. Maybe they logged onto public Wi-Fi with their work computer. Maybe they didn’t wipe their device before passing it along. Or perhaps they sent credentials to a fellow employee over unencrypted email. In 2019, expect to see businesses devote more resources and energy to enhanced employee cybersecurity training (especially with the onset of GDPR this past year).”
— Keri Lindenmuth, Marketing Manager, KDG
“In short, cybersecurity in 2019 is going to be less passive. Instead of putting the chair under the doorknob in an attempt to stop intrusion, the entire building will become armored and move around, pushing the defense into the face of intrusion. It will do so, however, invisibly and anonymously. The future of cybersecurity is being connected yet seeming apart. That is, if no one suspects all the pieces of working together, no one will see anything worth attacking.”
— Chris Mindel, Marketing Manager at Dexter Edward LLC.
“Healthcare will be the fastest growing sector for cybersecurity vendors overall. Also, data privacy/protection will be big in 2019. We saw the first GDPR fines in late 2018, and we see an emergence of dedicated solutions to come. We see more and more concern about GDPR and related data privacy legislation. As we see the first fines in Europe for organizations that failed to comply with GDPR, we believe that the budgets for technological solutions will emerge dramatically in the next couple of years and predict that this will be one of the hottest trends in 2019 (emerging startups in the cybersecurity industry).”
— Ofer Schreiber, Partner at YL Ventures
“Enterprises will increase their efforts to control employee communications channels. New labor laws and GDPR cross-border data transfer violations will cost organizations dearly in the year ahead, both in fines as well as reputation, if IT teams can’t segment and protect data by WHAT its level of sensitivity is, WHERE data access must be restricted, WHEN access is appropriate and WHO in the organization can see it. In 2019, we will see companies focus on this need in order to avoid data breaches, legal and regulatory violations and reputation-deflating public disclosures.”
— Aaron Turner, CEO of Hotshot Technologies
“I think (the big advance in 2019) will be EDR/MDR (endpoint detection and response/managed detection and response). EDR and MDR are pretty much the same thing – EDR is the tool and MDR is the tool, but with someone managing it. Not too many businesses use or have heard of EDR so why do I think it will be big for 2019? Simply put, cybersecurity. Companies cannot ignore security these days. EDR is a next-level tool that if anything/anyone gets past your standard blocking tools (firewall, anti-virus/anti-spyware, anti-spam, and other systems in place), it monitors real-time activity and alerts on anything it sees out of the norm and can stop it. No current blocking tool is perfect, but EDR is essential for companies that are concerned with knowing proactively if there is a breach. EDR could have mitigated the recent Marriott security breach which was just discovered. Someone was in their network stealing data for 4 years and no one discovered it. Crazy. I’m sure they had anti-virus, firewalls and alike in place. I would expect if they had EDR, the rogue activity would have been flagged when their system first saw the odd behavior on their computer/server and it would have been stopped immediately.”
— John C. Ahlberg, Chief Executive Officer – Waident Technology Solutions
“2019 may be a turning point in the world of cybersecurity. Between an explosion in connected devices, increasingly bold threat actors, and the ever-increasing number of headline-grabbing data breaches, there are many paradigms that will shift over the next year. One of the most compelling changes will be the active role taken by legislators to create robust security and privacy regulations, much in the model of the EU’s GDPR. Not only will privacy play a central role, but as we continue to understand the importance of cybersecurity to our national security, we will see increased regulation in businesses of all sizes to adopt cybersecurity regulations, much like the recent DoD cybersecurity requirement for contractors. While the technical elements of security are ever changing and interesting, the role of regulation is critical to ensuring a mature response to a changing environment. While we are unlikely to get everything right on the first go, it is important to engage other stakeholders in the conversation, not merely technical and business experts.”
— Benjamin Dynkin, cybersecurity attorney and founder of Atlas Cybersecurity
“In the age of GDPR and more data security governance, there are going to be critical benchmarks enterprises will have to meet including data leak prevention and data integrity. There are many tools out there and there are strict criteria that must be adhered to or as we have seen with the big players like Facebook and Google, there will be huge fines levied against them. Technology trends upcoming will see a lot more private and hybrid clouds set up especially in the government, healthcare and financial sectors.”
— Jackie Rednour-Bruckman, CMO – MyWorkDrive
“Biobehavioral authentication will [come] of age. The significant security, privacy and usability shortcomings of the current consumer and enterprise identity management systems require a paradigm shift away from usernames, passwords and other forms of temporal, binary and biometrics controls. This type of transformation is warranted today through a combination of multi-modal and contextual controls that continuously and accurately protect your identity and privacy even if your online credentials are already compromised.”
— Shahrokh Shahidzadeh, CEO at Acceptto
“In 2019 we’re going to see security engineering and automation enter the mainstream with enterprise IT. The dynamic nature of enterprise cloud operations has outstripped the ability of humans to ensure systems are secure – at least not without sacrificing agility and efficiency. Expect to see cloud security move beyond manual checklists, monitoring, and alerts as it embraces new approaches like automated remediation of cloud misconfiguration and policy-as-code validation checks before systems go into production. Forward-thinking CISOs understand that ‘shifting left’ isn’t just about security, but about enabling innovation and staying competitive.”
— Phillip Merrick, CEO at Fugue