There’s no doubt about it – 2018 has been a big year for the cybersecurity industry. With GDPR fundamentally changing the way that many businesses operate and several high profile data breaches hitting the headlines, it’s not exactly been a smooth road.
So what’s in store for cybersecurity? Many businesses will still be scrambling to get to grips with compliance, securing data and regaining the trust of their customers. Here are four trends that will shape the cybersecurity landscape in 2019.
GDPR is coming for you
Businesses are probably sick of hearing those four letters by now, but despite the overhaul of process, GDPR ultimately increased awareness of how data should be protected and secured. For the most part, businesses are taking their data more seriously, but for the likes of Facebook, Google and Amazon, there could be trouble ahead. There are rumbles that the EU is looking to take action and assess whether these internet giants are compliant, but who will be first to be made an example of?
Consumer trust is already wavering with Facebook reporting a drop of 3 million daily users following the Cambridge Analytica scandal. And it suffered another data breach in 2018, so it wouldn’t be surprising if those numbers continued to drop. Reputation is important, so if users don’t feel their data is secure, organizations must work to instil their confidence. Compliance is more than just security; organizations must put the correct Information Assurance (IA) policies in place to make sure the whole business is in line with regulation.
New target: Industrial Control systems
Large-scale ransomware attacks could bring national infrastructure to its knees – just look at the WannaCry attack on the NHS as an example. Targeted ransomware campaigns will have a new focus on utilities and Industrial Control Systems (ICSs) and will result in dramatic consequences such as blackouts and loss of access to public utilities.
Ransomware has become significantly more sophisticated over the past five years. Last year, hackers shifted to targeted attacks like WannaCry, demanding bigger payouts, recognizing that launching ransomware against organizations that offer critical services increases the odds that the ransom will be paid. As 45 percent of all ransomware attacks in 2017 targeted healthcare organizations, such the NHS in the UK, this is an area that organizations need to keep a close eye on in 2019.
Cybersecurity in the boardroom
It’s taken some time, but cybersecurity is finally becoming an item on the boardroom agenda, despite the large financial and reputational risks. When a data breach happens, the fingers is always going to point to someone on the board, be it the CISO (Chief Information Security Officer), CIO (Chief Information Officer) or CEO (Chief Executive Officer). A new emphasis is being placed on the CISO – organizations who employ someone to deal with cyber threats will do so either because they have the right IA mindset or because of the increasing pressures around governance, risk and compliance. Boards of Directors must understand not only the risks associated with cybersecurity but also the strategies their CISO will put in place. After all, no organization wants to hit the headlines with a data breach!
Software-Defined Security will reach the mainstream
Networks have expanded beyond the traditional perimeters of an office network, encompassing more users, devices and locations than ever before so getting security right is imperative. Software-Defined Networks (SDNs) are nothing new, but security has not evolved with it and the traditional method of securing networks no longer works. The emphasis put on SDNs by businesses in 2019 will lead to increased adoption of an overlay security model that doesn’t compromise the performance of the network. It is only by changing the security mindset to securing the data as opposed to the network that organizations can have true IA.
A look into the cybersecurity crystal ball
Cybersecurity is an ever-changing landscape with threats evolving daily. One thing is clear: digital transformation can only be enabled if organizations deploy effective data security. Those who secure their data properly will not be held back. The defeated will be those who stick with the old mindset and risk compromise.