Security 2019 Predictions (Part 3)
Security 2019 Predictions (Part 3)
5G, cloud, social media, IoT all open new threat vectors creating more demand for data privacy.
Join the DZone community and get the full member experience.Join For Free
Given the speed with which technology is evolving, we thought it would be interesting to get IT executives' predictions for what's on tap in 2019. Here are more thoughts on how security will evolve in the coming year:
The Equifax hack demonstrated how easy it is to hack into organizations who don’t update their software regularly. I believe, this became a very common datapoint SecOps use to explain why it can’t just be “DevOps” and there needs to be a “DevSecOps” element in the environment.
2018 saw cryptomining surpass ransomware as the most popular cybersecurity threat. Cryptocurrencies and cloud create the perfect storm from a cybersecurity perspective, meaning that anti-mining defenses should be an integral part of any cloud security plan.
Given that major cryptocurrencies’ value stays strong, I believe we will continue seeing the trend of using any possible resource to generate as much crypto coins as possible. This is why I believe major security providers should treat cryptocurrency related attacks as a first-class citizen and not as something that should be covered as part of general defense mechanisms. For example, it is easy to masquerade a crypto mining software in a way that it will be hard to differentiate from regular software so that it will not be detectable by any regular security tools. One must develop a specific set of tools to detect such behavior. I think enterprise customers are especially vulnerable since they usually have environments with high computational potential exposed to the Internet through proprietary applications. In such cases, one must run crypto-threat aware detection and protection tools within the environment to make sure no one exploits the company’s computational resources for crypto mining.
Data privacy goes federal and password management gets easier. Data privacy legislation in the U.S. will have a dramatic influence on the tech industry and the clients we serve in 2019 and beyond. Taking a cue from our European counterparts, new GPDR-like legislation has already passed in states like California and Vermont – the Federal level is likely next.
Organizations and individuals alike are clamoring for ways to securely exchange messages and large files with employees, customers, prospects and partners in a simple, fast, and auditable way. This trend will continue in 2019 and beyond as new technologies, new methods, new legislation, and new challenges arise around protecting data and individual privacy online.
As new cyber threats continue to emerge, organizations will look to protect more systems while reducing the complexity associated with the implementation and management of current security solutions.
Security will become even bigger in 2019. With more and more systems coming in the cloud and with IoT, there will likely be business and regulatory drivers that push security even further into the enterprise and make companies see that it is truly a cost of doing business.
State-sponsored cyber attacks will take center stage and governments must be prepared. Thanks to artificial intelligence (AI) and machine learning (ML), these attacks are continuous and able to adapt and scale at an alarming rate – meaning companies relying on technology alone will not be enough to thwart attacks. In 2019, governments must take charge and provide guidance in a concerted and uniform way to ensure they are not just helping to protect themselves from state-sponsored cyber warfare but setting the standard for businesses.
CISOs become essential. According to ISACA’s 2017 State of Cyber Security Study, only 65 percent of global organizations have a chief information security officer (CISO). In a post-GDPR era, it’s essential that organizations have someone dedicated to aligning risk, compliance, and security. In 2019, expect hiring of a CISO in every organization to become the norm.
2018 saw several new data privacy regulations either be proposed or enacted, including GDPR and the California Consumer Privacy Act. In 2019, as companies continue to prove to be poor stewards of customer information, more regulations for protecting sensitive consumer data will be planned and enacted around the world.
Year-end cyber predictions often focus on specific threat categories and whether or not to expect an increase or decrease in their activity. 2019, however, promises a more fundamental shift in the cyberthreat landscape, for example, the impact of social media as an exploding vector for malicious activities and the implications for businesses protecting their assets. Cybersecurity is not an IT problem, it is far wider than just "computers" and the threats ahead in 2019 will make this painfully obvious.
Businesses will need to start preparing for how they will leverage 5G to gain a competitive edge. Across almost every vertical, increasing network bandwidth and speed while lowering latency, can improve efficiencies at nearly every department level. But while businesses can be near certain about how they can effectively apply 5G to improve operations, predicting what security threats will come is going to present a significant challenge for IT. With IoT growth posing huge unknown risks to enterprises with the introduction of 5G, businesses will increasingly need to invest in both technology and employee training in order to prepare for the next generation threat landscape. What’s more is that 5G will not only give rise to new threats, but it will also provide cybercriminals with new opportunities to carry out attacks that we have seen grow in popularity over the years with greater force and impact. With this in mind, even an organization that “does everything right” to combat threats posed by 5G could still be impacted just as easily as those that are less security savvy.
Risk management is going to become an extremely critical topic for both the public and private sector next year. As a nation, we are facing complex geopolitical issues and state-sponsored attacks targeting our businesses and government on an enormous scale. Large financial institutions and Silicon Valley companies have already experienced billions of dollars in losses due to decisions being made without effective Enterprise Risk Management. Data is both an asset and a liability and next year we are going to see the regulatory environment become even more complex around data governance, which will see Enterprise Risk Management become a huge priority for the c-suite and board.
In the world of increasing database governance, driven in large part by GDPR, the role of the DBA will evolve to focus more on the performance, monitoring and governance of the database - inclusive of security and compliance. When thinking about the protection of personally identifiable information (PII) under GDPR, this is inherently a database issue, and it’s an absolutely critical one. In 2019 and beyond, DBAs will need to be able to demonstrate their value to the organization by fulfilling the role of gatekeeper and compliance expert and ensure they are protecting PII at every stage and maintaining appropriate access control to that information.
Managing privacy will be the new normal, like securing data or paying taxes. Privacy will continue on a similar path to the evolution of cybersecurity. The number of breaches and privacy-related incidents will continue to rise, up and to the right. This rise will be comprised of peaks and valleys. Like with security, a standard of constant privacy will become the new normal. For example, while many organizations treated GDPR as a project, with a finite end, compliance is a continuous exercise that requires the same focus and vigilance as security or taxes.
Ethics will become increasingly important to data-driven innovation. Once a focus only in health care, research, and highly regulated organizations, GDPR and similar laws are driving businesses across sectors to consider ethics by showing that the benefits they claim that new tech and other innovations will bring do not outweigh the potential for data misuse and other risks. While companies may start with a check-the-box compliance exercise, in 2019 the more innovative players will look to differentiate themselves from their competition by setting up ethical review committees, ethics teams, and data ethics officers to formally consider the implications of algorithms and machine learning on customer trust and business outcomes.
Consumers will exercise their right to privacy. In 2019, consumers will become more aware of and better understand the rights and mechanisms that regulations like the GDPR have made available to them to manage and protect their data. As a result, we will see consumers become more engaged and active in controlling their privacy settings, such as sharing less information, unsubscribing from marketing communications and requesting copies of their data or that companies delete their data entirely from marketing databases.
To be or not to be - 2019 privacy laws at a glance. In 2019, Privacy Shield, the EU-U.S. data sharing agreement currently under review, will stand. A U.S. federal privacy law will be much discussed but not passed. The trade deal replacing NAFTA - USMCA - will drive new discussions around cross-border data sharing between the U.S., Canada, and Mexico. A handful more states in the U.S. will seek to adopt state privacy laws such as the California Consumer Privacy Act, and 2-3 states will pass one. The EU will agree upon and issue standards for GDPR certification, creating another rush to comply with the standard. The multitude of country-specific privacy laws in Asia will continue to increase and splinter across the region.
GDPR enforcement could close down businesses and slow sales. Most people associate GDPR enforcement with heavy fines levied against organizations. However, enforcement can be much worse than onerous financial penalties. An advertiser was recently forced to cease operations in an entire European market as a result of a GDPR violation. In 2019, we will continue to observe that failure to comply with privacy regulations will have a devastating impact on a company’s operations as much as its checkbook. Companies that don't meet GDPR and other privacy and security requirements will lose business to competitors who do.
Privacy regulations will drive innovation and differentiation. Privacy regulations, as the new realities of the world, will force companies to reexamine their approaches to developing innovative and differentiated products and services. As an example, regulations like GDPR are forcing marketers and advertisers to reevaluate how they use customer data. The organizations that embed compliance into their entire product development processes - aka privacy by design - will be able to clearly differentiate against their competitors by offering compelling value to their customers.
Privacy technologies available at any price point. As more privacy regulations are adopted, both GDPR and local laws, we will see a rapid expansion of the number of privacy technology vendors in the market. With the increased sophistication of privacy technologies, a small company located anywhere globally will now have access to solutions at a price point that fits them and makes it worth their while to comply with a law such as the California Consumer Privacy Act to reach even more customers.
The CCPA is the second chance for the CPO and DPO to become strategic company executives. There is significant overlap between the California Consumer Privacy Act (CCPA), which applies to any company conducting business in California, and GDPR. Companies that took the important steps to comply with GDPR are already ahead of the game and will have a relatively clear path to meet the requirements of CCPA, while the companies that did not, will be under the gun to comply by the July 2, 2020 deadline. This is a second chance for Chief Privacy Officers (CPO) and Data Protection Officers (DPO) at companies that missed the opportunity with GDPR to position data privacy as a strategic function within the organization.
Opinions expressed by DZone contributors are their own.