Research over the past few months has picked up a number of core trends that will continue to develop in 2019. Predictions are like making a five course meal with only the ingredients from your pantry; most will be horribly wrong, and the few you get right will either be through luck or the skills you already process.
But without being overly cynical, the myriad research firms, consultants and thought leaders tend to agree on the follow six IT Security Trends for 2019.
IT Security Management needs to form part of C-Level Business Language:
Executives are becoming increasingly aware that the risk associated with cyber-attacks goes beyond data-loss, having real-life impact on the company’s reputation. We are often alerted to the global hacks impacting the biggest brands (think Facebook, Maersk, Equifax). Yet, almost daily, I have seen an increase in reports of companies of varying degrees of size and sector coming under threat, causing a ripple effect in market sentiment (and stock prices!)
IT security management can no longer be seen as the role of a team hidden away in the IT division; it needs to be pervasive throughout the business. The CISO or Head of IT Security needs to learn to adapt and speak the language that business understands, not get caught up in technical jargon. Business initiatives need to be linked to security strategy in order to avoid becoming another headline.
*Note: This clip is from Fox News
Cyber criminals are have shifted their modus operandi to ransomware, hijacking systems and paralysing organisations for instant profit. It’s not just data under threat though. The pervasiveness of IoT has opened the gateway to ransomware, potentially downing power grids, manufacturing plants or entire office buildings. Another trend is the rise of cryptomining hacks, slowly suffocating IT infrastructure while churning bitcoin into the criminal’s wallet.
According to several reports, ransomware damages are expected to exceed $11 Billion in 2019, which is a massive increase from the $5 Billion churned in 2017. The entire organisation needs to consider where their vulnerabilities are, whether human or technology related, and not only essential technical backup, but also educate employees and customers as to their vulnerabilities. Ransomware attacks are only going to increase in number and sophistication, and education is key to mitigating these threats.
GDPR / POPIA Compliance:
The continuing rise of data breaches has forced local and global companies to comply with complex regulatory statutes with a direct impact on IT. GDPR has come into effect (as of May 25, 2018), and we’re still hanging around for POPIA. Regardless, in 2019, companies will come under scrutiny for non-compliance – it is believed that as much as 80% of multinationals may fail to comply with GDPR and other data protection regulations. Companies will not only need to develop a data governance strategy, but also implement it. Irrespective of the sophistication of security, data management, integrity and protection is key – and this is where IT security teams, data teams and the rest of the business need to be on the same page.
The biggest threat to IT security management is not so much around technology, but the lack of humans on the front line. As much as AI/machine learning software can learn from previous threats, the flip-side of the coin shows hackers using similar technologies to launch attacks. This ranges from sophisticated chatbots to a full bombardment of assaults debilitating IT systems. Already, accordingly to a 2018 report, 87% of US cybersecurity professionals are using AI – we don’t have the data from the other side, but most sophisticated attacks are more than likely automated and self-learning.
More companies are moving to the cloud, more threats are coming on multiple platforms (internal data, IoT systems, social media etc), and IT security offices are under strain to find and train the right staff. Machine Learning will become part and parcel of off-setting the skills/talent shortage; the South African market is under more pressure than most to attain/retain the right people. Upskilling IT security teams in AI/ML in 2019 will be of the utmost importance.
Security in the Cloud:
An increasing number of organisations will move all IT to the cloud in 2019. There are benefits to IT security as many security products are more agile and better at detecting threats and many legacy systems. Cloud services providers are building in network firewalls, secure web gateways and web application firewall platforms; when negotiating your new cloud system, this needs to be first and foremost in discussions.
In a digital world, an integrated approach is possible, breaking down silos and leveraging multi-layered solutions. Consider the pros and cons of centralised and decentralised architecture aligned with business outcomes; both can come under threat, both have advantages. Clarity around procurement and implementation is vital; again this is a group approach, the CISO or Head of IT Security cannot be left out of the decision making.
Now that we’ve got our heads around blockchain (for the most part), the use of blockchain as a security tool is gaining a lot of traction. Although it may not be a game-changer for all companies in 2019, expect to see more case examples of this decentralised system being used for transactions, data integration and identity management. The advocates of blockchain hail it for three core values: blockchain is decentralised; blockchain offers encryption and validation; blockchain is impossible to hack.
As much as blockchain security remains a trend for 2019, expect to see a lot more experts chiming in; the opportunity is to learn what it is and isn’t possible. For some, blockchain will become the default for ensuring the integrity of transactions and data. For others, it will be a nice-to-read.
Join the conversation at CISO Africa to gauge if these trends hold form. The conference runs from 19-21 February 2019 at the Maslow Hotel, Sandton. You can book your seat here.