Five Tech Trends Driving Cyber Security

Writing in Forbes, Bob Bruns, CISO of leading business anaytiscs firm Avenade has picked out the the five things that he thinks will play a pivotal role in Cyber Security in 2019.

1. Analytics and Automation
The intelligent enterprise of the future will use artificial intelligence (AI) and machine learning to evolve, mature and even disrupt current business practices to get more effective results. 

Cybersecurity is an area that is ripe for the machine learning evolution where we can take massive sets of data, analyze them, and take action in an automated way or recommend action through insights and patterns developed over time. 
Protecting against ransomware is a good example of this and is an area that is maturing quickly, as organisations will use AI to identify attempted attacks and problem-solve ways to proactively protect themselves before they even get to the targeted person(s).

2. Cloud and Hybrid Environments
Security concerns used to keep organisations out of the cloud. Now, security is one of cloud’s strongest selling points. There are many reasons for this, including, the sheer ability for these large providers to invest at a magnitude and pace that few consumer companies might be able to. Many companies simply can’t afford to keep up. 

Another reason is the ability of big providers to aggregate and make use of massive sets of data to identify and address threats. Effective machine learning requires significant amounts of data, and nobody has access to more data than aggregate providers of cloud services. 

On the other side of this, it also creates aggregated risk and a higher-profile target, which obviously needs to be managed through leading and innovating.

Hybrid environments do create some complexity here as well, which is likely where most companies are today. This will be a continued focus for organisations in the coming year. We need hardware to work seamlessly with software across a variety of platforms to move data securely. 

That means embedding security controls into applications and data to secure them inside and outside the organisation. Building in security from the start should be the default will be a key skill for anyone developing in or managing hybrid environments.

3. Identity
Preparation for the General Data Protection Regulation (GDPR), the EU’s strict set of regulations on handling personal data, exposed some gaps and opportunities for organisations to develop more robust security practices. 
While GDPR is aimed at protecting people’s personal information and identities, individuals remain vulnerable, largely due to our reliance on passwords. We need to evolve beyond passwords to create a new perimeter and safeguard around one’s identity. Imagine how eliminating passwords would change hackers’ ability to do harm or compromise a person’s identity.
Biometrics will be a key next step, and it's a form of technology we as consumers are already used to. Many of us are already using our fingerprints or our faces to unlock our smartphones. But in 2019, I think we'll see the need to think beyond that and include other control points like using contextual controls such as location to determine if someone is really who they say they are.

4. Securing IoT
As we see the Internet of Things (IoT) as a top priority across many businesses, we need to think carefully about how we secure devices and information. There are now electric toothbrushes that track the way you brush and provide analytics sensors to improve your brushing habits.
While you might think no one is really going to do anything nefarious with your tooth-brushing habits, this is still an IoT device that can be compromised through a variety of means, including required firmware updates, which could give bad actors a front door to other information.

According to Symantec, the number of IoT attacks increased 600% in just one year, from 2016-2017, and that risk will likely continue to accelerate. 

The relevance also changes when you think about applications on your phone and how a breach in one app could expose all sorts of personal or private information. 

We need to secure applications and data. Embedded security might be the answer here, too, and I expect to see some major movement in the secure-by-design space across the IoT industry.

5. Regulatory Vigilance
The previous four items are about protecting ourselves and our businesses, but we are also seeing a growing trend of governments stepping into the cybersecurity arena with an agenda of their own. Europe has GDPR. 

China is likely to come up with its own regulations on data privacy and security. Within the United States, while federal regulations seem unlikely in 2019, there is movement is afoot within state legislatures.

This year will probably bring the first wave of litigation around GDPR enforcement. Enterprises that are thoughtful and organised now with a strong governance, risk and compliance program to address the evolving regulatory environment will ultimately create time and capacity to focus on their customers and their core business.

In the end, cybersecurity is an area where the best interests of business, customers and government need to align. Together, we can continue to leverage the latest innovations to make the digital world a safe place to be.

Forbes:

You Might Also Read:

The Attack Surface Is Growing Faster Than Ever:

« British Cyber Security Strategy Is ‘Chaotic’
The EU’s Copyright Directive Risks Creating Two Internets »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

authen2cate

authen2cate

Authen2cate offers a simple way to provide application access with our Identity and Access Management (IAM) solutions for enterprise, small business, and individual customers alike.

National Defence Radio Establishment (FRA) - Sweden

National Defence Radio Establishment (FRA) - Sweden

The National Defence Radio Establishment (Försvarets Radioanstalt), is the Swedish national authority for Signals Intelligence, also providing Information assurance services to government authorities.

TrainACE

TrainACE

TrainACE, is a professional computer training school offering courses in information technology with a focus on Advanced Security training.

AAROH

AAROH

AAROH helps customers in Government, Law Enforcement, and Enterprises to identify, prevent, detect, resolve and protect from threats, crimes, breaches & fraud.

Romanian Accreditation Association (RENAR)

Romanian Accreditation Association (RENAR)

RENAR is the national accreditation body for Romania. The directory of members provides details of organisations offering certification services for ISO 27001.

MISP Project

MISP Project

The MISP threat sharing platform is a free and open source software helping information sharing of threat intelligence including cyber security indicators.

Griffeshield

Griffeshield

Griffeshield is a company specialised in new information technologies used to protect Intellectual Property.

Acceptto

Acceptto

Acceptto offers the first unified and continuous authentication identity access platform with No-Password.

Binary Security AS

Binary Security AS

Binary Security is a Norwegian information security consultancy company. We are specialists at application security, penetration testing and secure code reviews.

Pentesec

Pentesec

Pentesec is a security specialist offering professional services, managed security services and expertise within an extensive range of security technologies.

National Cyber Coordination & Command Centre (NC4) - Malaysia

National Cyber Coordination & Command Centre (NC4) - Malaysia

NC4 is established as a center for dealing with cyber threats and crisis at the national level in Malaysia.

Wickr

Wickr

Wickr's mission is to secure the world's most critical communications. Wickr provides the highest standard of encryption trusted by millions worldwide.

nsKnox

nsKnox

nsKnox is a fintech-security company, enabling corporations and banks to prevent fraud and ensure compliance in B2B Payments.

ProCheckUp

ProCheckUp

ProCheckUp is a London-based independent provider of cyber security services, including IT Security, Assurance, Compliance and Incident Response.

Ostrich Cyber-Risk

Ostrich Cyber-Risk

Ostrich Cyber-Risk is a risk management company that helps organizations reduce the complexity of identifying financial and operational risks related to your cybersecurity posture.

Trojan Horse Security

Trojan Horse Security

Trojan Horse Security are specialists in corporate security. Our services include: Comprehensive Cyber Security Analysis, Penetration Testing, Network Security and Security Audits.