Well, it’s safe to say that 2018 for the cybersecurity industry has been a little doom and gloom. And rightly so. More than 3.5 million unfilled job positions expected by 2021, 90 percent of cyberattacks caused by human error, and what we thought were once effective learning methods prove to only yield a 5 percent information retention rate. The financial sector, governments, and healthcare organizations continue to rank in the top most attacked industries. Cybersecurity spending keeps increasing and phishing, insider threats, and malware keep infiltrating enterprise systems. It appears in 2018, cyber professionals just couldn’t keep pace with evolving threats!
So what does 2019 have in store for the cybersecurity industry? We asked our own Laura Lee, Executive Vice President of Rapid Prototyping to find out: Is there a light at the end of what appears to be a VERY dark (cyber) tunnel?
Increase in Supply Chain Cyber Risk
Supply chain cyber risk will be one of the biggest issues in 2019 and will require a coordinated effort to address. Risks from third party service providers with physical or virtual access to information systems, poor information security practices, compromised software or hardware components, are only a few of the vulnerabilities that stem from this issue. Since breaches tend to be less about technology and more about human error, IT security systems best practices for critical information won’t be foolproof unless employees throughout the supply chain use secure cyber practices.
Increase in Social Media Infiltration
The Facebook breach in 2018 made it apparent that social media platforms are equally vulnerable to sophisticated hackers. In fact, we will likely see an increase in black market vendors moving their businesses to social media channels for added “secrecy.” This will make it harder for law enforcement to track and monitor their activities.
Exploitation of Fear
Attackers will leverage a company’s fear of reputational damage and data loss with extortion tactics. Recent threats to our own election system, healthcare, critical infrastructure tell hackers that organizations are willing to pay more to not have a breach released to the public, rather than pay for them to relinquish their compromised data. This will be a way for hackers to get more money.
In an effort to harden security posture, enterprises and government entities will keep moving on-prem software to the cloud for a more seamless, scalable, and elastic data-privacy/sharing/usage experience. There will continue to be a strong appetite for modeling the digital footprint of enterprises in cloud environments.
Better Alignment between the CISO and C-Suite
While it’s important to know what’s likely on the horizon in terms of threats, not all cybersecurity “stuff” is going to be bad. On the flip side, we will see better alignment between the CISO and the C-Suite as more and more businesses understand cybersecurity isn’t just an “IT issue” but a larger business risk issue that impacts all facets of successful business operations and reputation.
Integration of IT and OT Cyber Infrastructure
Industries like critical infrastructure and manufacturing have a lot of physical (and digital) assets to manage. Operational technology (OT) are the systems (e.g., SCADA, ICS) used to monitor and control infrastructure like power, pipelines, water distribution, and now many things in your house and car. With changing technologies and a drive toward “data-driven and remote operations, the two technology environments are starting to converge” notes a study from Edith Cowan University . OT data is now accessible via cloud environments for ease of quantitative management reporting and the potential to increase productivity of such systems.
These predictions are really just the tipping point of what’s to come for the cybersecurity industry. Companies will have to keep hardening their security postures, upgrading technologies, upskilling and educating all staff members, and driving a holistic cyber readiness strategy that leverages machine learning and other Artificial Intelligence technologies to automate and augment the workforce.