CyberSecurity Predictions for 2019

In 2019, defenders will increasingly think and operate like an attacker by understanding the attack paths and methods that will be used to exploit them. Companies will need to recognize that they cannot be passive and that defense should not begin after an attack has begun. Strategic thinking will shift to that of an “active defense”, which will include gaining better understand of one’s adversary and creating pre-emptive measures that empower security teams to outmaneuver and derail their attackers.

Security, especially across multiple cloud and in combination with on-premise, will continue to be top of mind. Additional awareness of both insider and external threats will be combined with effective tools that balance protection and usability. More CISOs will peer with CIOs as opposed to reporting to them. Further, mainstream enterprises will look beyond just getting their apps to work in the cloud. They will move to the next phase of optimizing performance, manageability, and security as part of a true multi-cloud deployment, where they have critical workloads both on-premise as well as within one or more public clouds.

AI for security is recognized as over-hyped and ineffective for sophisticated attacks; cyber technologies are more focused on lateral movement detection strategies due to disenchantment with UEBA/data-rich solutions providing slow time-to-value; GDPR compliance will lead to greater regulatory guidance on cybersecurity data breaches and a global debate about corporate responsibility for consumer data privacy; insider threats becoming more pervasive than ever and costlier for organizations; potentially one successful attack on a Managed Service Provider (triggered by the wealth of information they maintain on their clients’ network architectures). Lastly, organizations will increase focus on the cyber hygiene of their internal environments.

2019 is the year that CIOs must truly make security an integrated part of the broader IT organization. IT leaders in organizations of all sizes will continue to face a myriad of challenges – growing security threats, new compliance regulations, talent scarcity, and a general need for more/better use of resources. Embracing a DevSecOps approach and finding ways to better align NOC and SOC functions, (both via technology and processes) will have to become the norm for enterprises as we close out this decade.

The popularity of containers will undoubtedly accelerate. But we’ve seen this all too frequently; speed is good for business, bad for security. Security isn’t given the attention it needs and containers can fall victim to loose security management. In 2019, we’ll see smart enterprises build containers into their overall security posture and ensure they are using the right processes and tools for development while adhering to security principles. We can expect that to become gospel for companies who really “get it” in terms of effective container strategies. They will realize that there’s no such thing as fast development without security.

Cryptomining will prove increasingly costly for corporations in 2019. This threat is often ignored as being merely a nuisance but is easy for cyber attackers to quickly develop and use to steal corporate secrets or breach the broader organization. Warning signs of these kinds of attacks often blend in seamlessly with business-justified activity, making it hard for stretched-thin security teams to focus on. This year has already seen an alarming amount of malicious crypto mining activity and we can expect the next evolution of crypto attacks to focus on more than just that.

There will be continual growth in asset and user management. Traditional network products continue to struggle with the shrinking local network services as customers favor cloud services. Tools that manage data by user and devices (assets) are becoming critical. Also, compliance will rule the board room. With GDPR and the upcoming CCPA, privacy is driving how companies treat data. New laws are adding significant penalties. The impact to profits will make privacy compliance a top priority. This, in turn, will make security compliance an issue. Oversight of security is starting to shift from the CISO to legal counsel.

“In 2019, a significant data breach on a popular consumer platform will cause millions of users to… change nothing in their normal everyday lives. Also in 2019, the federal government will accelerate Cloud adoption by selecting a vendor for the winner-take-all JEDI contract… and then immediately award contracts to three more competing Cloud vendors for ancillary services. And finally, in 2019, the FIPS 140-2 validation standard for encryption will have new implementation guidance issued, encouraging entropy seeding from sources like Vegas betting lines and the number of hot dogs eaten by the Nathan’s contest champion. It’s gonna be a fun year, folks. Buckle up.

Cyber-Sea-Air & Land, in that exact order, will become our priority of focus driving the need for the collaboration of private and public sectors to combat the rapidly evolving capabilities of threat actors. This focus is pivotal to protecting our citizens’ identity and privacy. Joint Information and Identity Secure Network (JIISN) to provide a better way to exchange identity information without compromising user data and lowering friction for the legitimate user is what will be required for the future, starting now.

Regulatory frameworks will continue to drive security maturation for companies. Specifically, the European GDPR regulations will force companies to take a complete inventory of data they control or process, as well as map out their complete Internet presence. Many companies don’t have a full grasp of where data is used within their infrastructure nor their complete web presence, i.e. – *all* of their internet accessible point of entry. GDPR will force that issue.

Smart Devices Will Challenge Data Integrity. Organizations will adopt smart devices with enthusiasm, not realizing that these devices are often insecure by design and therefore offer many opportunities for attackers. In addition, there will be an increasing lack of transparency in the rapidly-evolving IoT ecosystem, with vague terms and conditions that allow organizations to use personal data in ways customers did not intend. It will be problematic for organizations to know what information is leaving their networks or what is being secretly captured and transmitted by devices such as smartphones, smart TVs or conference phones. When breaches occur, or transparency violations are revealed, organizations will be held liable by regulators and customers for inadequate data protection.

Recently we’ve seen an increase in attacks in the software supply-chain and we expect to see this trend continue in 2019. Unlike traditional malware, cryptomining malware aims to have minimal visible side effects. This allows attackers to target the supply chain and hopefully go unnoticed for extended periods of time. This greatly increases their reach by compromising anyone using that technology instead of having to attack each organization individually. Given the prevalence of automated updates of software, it’s impossible for most organizations to fully monitor their upstream software supply chain, but by monitoring cryptographic related traffic at the gateway it is easy to spot suspicious activity.

Cloud security will align strongly with traditional security measures. While cloud adoption has improved organizational agility, reduced products’ time-to-market, and leveled the playing field with respect to computational power, it has also resulted in disparate environments that security teams struggle to monitor on a regular basis. This is especially true if the security teams are isolated from other teams that deal with DevOps, cloud infrastructure setup, and product development. During incident response, it’s also tough to reconcile cloud asset data with data from traditional security tools. Security vendors and organizations have both realized this, which is why product interconnectivity will grow and security teams will be able to coordinate actions across both cloud and on-premise environments from a small number of consoles.

In 2019, email and stolen privileges will continue to be the primary method of bypassing organizations’ security to inhibit services, disrupt productivity, steal sensitive data or conduct financial fraud. Heightening security to limit the impact and risk of emails and privileges should be the top priority for organizations to reduce their vulnerability to cyberattacks. By controlling inbound email content and implementing a least-privilege strategy, you can significantly reduce cyber risk. Cyberweapons have been in development by several governments for years and many have begun secretly engaging in attacks against other countries, spawning near-war scenarios. As the world has become somewhat callous to the threat of nuclear arms, cyber weapons have enabled countries to disrupt citizen societies and political stability. In 2019, we will likely see governments reveal their offensive cyber capabilities and demonstrate their power to cause social and political harm without ever even crossing borders.

Organizations need to be prepared for more sophisticated attacks in 2019. As no company can be 100% secure there must be clarity on acceptable levels of risks and investment in the fundamentals of cyber hygiene – knowing, on any day, what assets you’re protecting, how they’re controlled, and how they’re vulnerable – will crucially help protect against the vast majority of future attacks.

In 2019 organisations will move to threat hunting in order to outmanoeuvre adversaries who are continuously evolving their tactics, techniques and procedures (TTPs). On top of this, security teams will struggle with budgets and resources, making it imperative to automate threat hunting processes like the ability to map attacks and techniques to the MITRE ATT&CK Matrix in real time. Consequently, the demand for cyber deception technology will increase, because it is an essential threat hunting tool that offers a high level of insight about attackers in an automated manner and allows security teams to implement a cohesive threat hunting programme within their own organizations.