Every year is challenging in the cybersecurity businesses. Likewise, for all new age businesses and existing incumbents, the end of the year is always a time to review what went right and what went wrong. Nowadays, it's mostly the latter but that's not necessarily a bad thing. The coming year will see many businesses face tougher security challenges as attackers use more advanced technologies for attacks. Here are some of the top cybersecurity predictions for 2019.
Smarter and Tougher Attacks on Businesses
Each year, we are seeing a significant advancement in technology in the security market. While that is good news, the flip side is that even attackers are getting access to similar technology and launching even more sophisticated attacks.
In 2019, businesses will continue to be increasingly vulnerable because of a variety of reasons:
• More sophisticated tools, tactics, and procedures enhance threat actors’ abilities, resulting in attacks that are more organized, difficult to predict and prevent, and of much greater magnitude.
• Third-party integrations used by many businesses in their web and mobile applications present numerous vulnerabilities but those integrating them aren't necessarily aware.
• Absence of real-time monitoring and response leads to greater damages.
• Lack of CISO empowerment reduces his/her critical role in fraud prevention, reputation protection, compliance, and enforcement.
In order to solve this problem, it is essential to invest in more targeted threat intelligence as well as more sophisticated detection and response systems and, if need be, outsourced, expert managed security services.
Physical Security and Cybersecurity Will Continue to Merge
In a world of IoT devices, the division between cybersecurity and physical security is fading away fast. While physical security is at least 15 years behind cybersecurity in terms of sophistication, smart organizations are lumping the two together.
Everything from your laptop and your fridge to cars and wind turbines can be connected to the internet today. By 2020, more than 25% of identified enterprise attacks will involve IoT, though IoT will account for only 10% of IT security budgets. Hence, 2019 will see more investment and growth in merging physical and cybersecurity and IoT security is going to lead this segment.
More Consolidation in the Market
BlackBerry’s purchase of cybersecurity firm Cylance is just the latest example of stepped up M&A activity in a year that also included AT&T’s purchase of AlienVault and Spunk’s acquisition of Phantom Cyber. The cybersecurity market is ripe for consolidation. There are many secueity companies that are experts at specific small niches but larger companies and enterprises with budgets are looking to work with one security vendor with all capabilities. While that is difficult to find today, larger companies and funded startups are starting to use M&A as a method of inorganic business growth as well as improvement in their product portfolio.
Security Operations Center to be more "Next-Gen"
We recently wrote about what makes a successful Security Operations Center. Experts looking at 2019s cyber security environment are predicting that the “next-gen” SOC will dominate. What this means is that security teams will start using more sophisticated technologies to detect, respond, and resolve cybersecurity threats versus relying on SIEM alone.
2019 will be a year where CIOs and CISOs will look at SOCs differently. Growing responsibilities for CIOs, CISOs and CTOs will push the need for a Security Operations Center with a larger budget and definitely more sophistication.
In 2019, companies will:
• Go over and beyond the SOC itself, appreciating more and more the point of view of a managed SOC that provides what a SIEM-based SOC by itself cannot in terms of effective detection and response.
• Move from the hyped-up AI and machine-learning technologies, which have yet to prove their value. Companies will rather focus on detection, orchestration, and automation, which demonstrate ROI very quickly.
• Adopt Managed Detection and Response operations that are more focused on advanced threats and compliance.
Growing Security and Privacy Concerns Will Drive Increased Legislative and Regulatory Activity
The European Union’s mid-2018 implementation of the General Data Protection Regulation (GDPR) will most likely be just a stepping stone to numerous other regulations and privacy initiatives. Apart from the EU and US, we'll also be seeing many legislative bodies in growing economies take steps to build their first serious privacy legislations.
Canada has already enforced GDPR-like legislation, and Brazil recently passed new privacy legislation similar to GDPR, due to enter into force in 2020. Australia and Singapore have enacted a 72-hour breach notice inspired by the GDPR, and India is considering GDPR-inspired legislation.
It is essential to set up regulations and legislations that do not end up being counterproductive for businesses and security vendors. Overly broad regulations might end up prohibiting security companies from sharing information in their efforts to identify and resolve threats.