Could 2019 be a turning point for enterprise cybersecurity?
From the largest DDoS attacks ever seen and record-breaking numbers of data breaches, to the implementation of the General Data Protection Regulation (GDPR) in May, 2018 will be remembered as an extraordinary year for the cybersecurity industry.
With hackers developing increasingly sophisticated ways to attack enterprises every day, one of the most important lessons from this year is how crucial it is to stay one step ahead of cybercriminals at all times. In order to continuously protect company and customer data, businesses need to have an understanding of not only cybersecurity threats now, but also in the far future.
Although no one can say for certain what 2019 will bring, we can look to the past to understand the trends of tomorrow. As technology has evolved, it’s been accompanied by smarter, more malicious and much harder to detect threats. With the ever-increasing intelligence of bots, the increasing complexity of clouds and rising IoT risks, as well as the impact of data regulations, cybersecurity will dominate boardroom conversations.
- Keep your devices protected from the latest cyber threats with the best antivirus
- Browse public Wi-Fi securely with the best VPN
- This is everything you need to know about GDPR
With this in mind, here are eight trends that will make the year ahead as turbulent as the one just passed:
Cyber-attacks will grow – and go slow
Organisations will see an increase in cyberattacks but these will be “low and slow”, rather than “noisy” incidents such as DDoS attacks. Launched by botnets, “low and slow” attacks aim to remain under the radar for as long as possible, to steal as much data as they can.
Often these take the form of credential stuffing attacks, where stolen credentials are used to access associated accounts and steal further personal data such as addresses and payment details.
To protect themselves, businesses will need to adopt bot management solutions, which identify, categorise and respond to different bot types. The technology uses behaviour-based bot detection and continuous threat analysis to distinguish people from bots.
Bots will overtake human web traffic
As bots become more sophisticated, they will be responsible for more than 50% of web traffic. Already, Akamai has found that 43% of all login attempts come from malicious botnets – and this is set to increase as credential stuffing and “low and slow” attacks grow in popularity.
More sophisticated bots will become capable of accurately mimicking human behaviour online – making it harder for bot solutions to detect and block their activities. Effective bot management tools are crucial for addressing this threat. They are able to use contextual information, such as IP addresses and past user behaviour data (neuromuscular interaction), to determine whether a visitor is a bot or human and respond accordingly.
Multi-cloud strategies will complicate security management across platforms
Businesses adopting multi-cloud strategies will face increasingly complex challenges to ensure that security is consistently, and effectively, deployed across them all. With Gartner predicting that multi-cloud will be the most common cloud strategy next year, organisations that have successfully secured one cloud will need to replicate this across all their cloud portfolio to ensure that vulnerabilities are patched and nothing slips through the cracks.
With many businesses already experiencing ‘leaks’ or breaches of their single-vendor solutions, we expect companies to seek out cloud-agnostic security solutions to simplify deployment and management across the enterprise.
Consumers will continue to put convenience ahead of security
Even though awareness of the insecurity of IoT devices is growing, millions of consumers will continue to ignore the risks, purchasing and using devices that lack comprehensive security solutions – from fitness trackers to smart-home appliances.
This could swell the armies of bots, which are already being used to target enterprises. It’s predicted that by 2020 more than 25% of identified enterprise attacks will involve the Internet of Things (IoT), despite IoT accounting for only 10% of IT security budgets.
While some governments have begun to introduce security standards for connected devices, the industry is still a long way from providing adequate protection.
Asian markets will follow cybersecurity suit
Following the launch of GDPR last May, as well as PSD2 (revised Payment Services Directive) and wider security reform, the European Union has been a leader in advocating for stronger cyber regulations and this is likely to continue.
Some Asian countries have already started to follow suit, implementing their own regulations, and we expect their number to grow in 2019. As countries such as China flex their muscles as digital rivals to the West, issues around data regulation and protection are climbing government agendas. Notably, some Asian countries have resisted data regulations in the past, but high-profile breaches are encouraging a more proactive approach to data regulations.
Cybersecurity will be replaced by cyber resilience
In 2019, smart organisations will stop thinking of cyber security as a separate function of the IT department, and instead adopt it as a posture throughout the entire business.
Known as “cyber resilience”, this concept brings the areas of information security, business continuity and resilience together and intends to make systems secure by design, rather than as an afterthought. This helps organisations focus on their ability to continuously deliver business operations in spite of any cyber-attacks or incidents.
Zero Trust will march towards killing off corporate VPNs
For years, virtual private networks (VPNs) have been the mainstay of remote, authenticated access. However, as applications move to the cloud, threat landscapes expand, and access requirements diversify; the all-or-nothing approach to security needs to change.
Zero Trust, where each application is containerised and requires separate authentication, is stepping in to provide security fit for the 21st Century. In 2019, companies will increasingly turn to a cloud framework for adaptive application access based on identity and cloud-based protection against phishing, malware and ransomware, helping to improve the user experience and sounding the death knell for VPNs.
Blockchain technology will move from cryptocurrencies to mainstream payments
In the coming year, we expect to see more and more blockchain-powered payment platforms, with high scalability and speed, being adopted by brand-name banks and consumer finance companies.
A time for change
No matter what happens in 2019, it will certainly match, if not surpass, what we’ve seen this year. Regulations such as GDPR will remain a hot topic, as will concerns around cybercriminals discovering innovative ways to attack organisations. Furthermore, threats from bots are going to come to the forefront of the cybersecurity world as they become more sophisticated.
Business leaders need to do more to ensure cybersecurity is communicated from the boardroom to the rest of the organisation, helping staff understand the threats they face.
Perhaps, between the arrival of GDPR and increasingly large data breaches and DDoS attacks, 2019 will be the year we see this change.