As cybercriminals’ methods become increasingly more advanced and sophisticated, no business or device is safe from an attack, with repercussions that could damage reputations, data and bottom lines. With cybercrime accelerating, organizations are spending nearly 23 percent more, an average of $11.7 million, recovering and untangling themselves from the aftermath.
But what will change in the security industry for 2019? Will it get better…or worse? Which sectors will be targeted? What will security vendors do to improve their products? How will practitioners improve their knowledge? We collected the top insights from throughout the community.
See what experts had to say about the upcoming year:
1. Ransomware attacks will target smart cities
“Cybercriminals will lay siege to a smart-city implementation. Cities are becoming ‘smart’ to increase operational efficiency and improve the quality of services, but many are failing to secure connected devices, sensors, and communication infrastructure — and to assure citizen privacy. In March 2018, a ransomware attack crippled the city of Atlanta for days and cost taxpayers close to $17 million, even after city employees received warnings on several occasions that their systems were vulnerable. In 2019, more targeted ransomware attacks against vulnerable components of smart-city implementations will cause disruptions to citizen services and will force cities to invest in cybersecurity defenses to minimize the risk of further attacks,” said Michele Pelino, principal analyst at Forrester.
2. Security trust ratings will be created
“Today, our cloud-first, mobile-driven world sees users and data roam freely on networks, leaving critical data and intellectual property more exposed than ever. In the future, due diligence will extend to how much trust any organization can put into the security of a partner. As such, 2019 will see the creation of industry-wide ‘security trust ratings.’ Just as there are rankings and ratings for the trustworthiness of various financial institutions, investment options, or even restaurants, the future will bring a similar security trust rating to businesses that handle, store, or interact with data. These ratings would indicate how safe it is to permit suppliers to handle PII or other critical data,” said Meerah Rajavel, CIO at Forcepoint.
3. Security pros will turn to higher education
“The hodge-podge system of security certifications has failed to provide the right kind of education and training. Cybersecurity training will continue to mature, and certificates alone will no longer be enough to take the next step in a security professional’s career. Masters degrees in cybersecurity are popping up all over the place, including at prestigious universities like UC Berkeley and NYU, and more and more companies will be looking to hire CSOs/CISOs with the cross-disciplinary skills acquired from a masters degree,” said J.M. Porup, senior writer at CSO.
4. Businesses will improve machine learning
“Threat actors will be using machine learning, so businesses need to be continuously improving theirs. Threat actors will increase their adoption of adversarial machine learning to evade detection by infrequently trained machine learning models. The good guys’ machine learning models will need to evolve quickly to keep up with these threats by incorporating instance-based approaches, which use models that can learn incrementally from data scientists providing frequent feedback. The world changes all the time, and it’s important that your model changes with it. If you need your model to keep up with current trends, selecting an instance-based model or a model that can learn incrementally is critical. Just as providing frequent feedback helps an employee learn and grow, your model needs the same kind of feedback,” said Adam Hunt, CTO at RiskIQ.
5. Underground cyber warfare will consolidate
“Hidden hacker forums and chat groups serve as a market for cybercriminals, who can buy malware, exploits, botnets, and other shady services. With these off-the-shelf products, criminals of varying experience and sophistication can easily launch attacks. In 2019, we predict the underground will consolidate, creating fewer but stronger malware-as-a-service families that will actively work together. These increasingly powerful brands will drive more sophisticated cryptocurrency mining, rapid exploitation of new vulnerabilities, and increases in mobile malware and stolen credit cards and credentials,” said the McAfee Labs, 2019 Threat Predictions Report.