Story image

Two top execs’ predictions for cybersecurity in 2019

01 Jan 2019

Executives from the local branches of major security vendors One Identity and Secureworks have released their predictions for some of the major enterprise technology trends for this year.

Unsurprisingly, security makes up the majority of these trends as the coming year is sure to bring new and possibly unexpected threats across the evolving IT landscape.

Staying protected

Data continues to take centre-stage in the efforts to remain safe, secure and compliant as the worldwide explosion of legislation.

“In 2018 Australian businesses saw the implementation of Mandatory Data Breach Notification legislation which has shed light on which industries are struggling to keep Australian’s data safe,” says One Identity APJ technology and strategy regional manager Serkan Cetin.

“In 2019 businesses will start to see organisations adopt more secure measures like multi-factor authorisation in order to prove they are taking security seriously.”

The old adage that knowing is half the battle rings true as organisations will need to make choices about where to focus their cybersecurity efforts.

“If Australia plans on effectively growing the cybersecurity sector in 2019, businesses must apply a risk-based approach to security,” says Secureworks senior security researcher Alex Tilley.

“IT teams must understand what data is of value to their business and evaluate threats and risks to that data, prevent what attacks can be prevented, detect what attacks cannot directly be prevented, predict hackers next moves, and be prepared to respond efficiently and effectively.”

Types of attacks

Government will continue to be an area of opportunity for those providing sales and services into the cybersecurity market as nations collect more and deeper data on their citizens.

“Crime and state-based attacks for intelligence or military aims have been staggeringly successful in 2018 and we expect the evolutionary growth in tools, techniques and procedures of all types of attackers to continue into 2019 as success breeds boldness. Over the next year, expect to see more nation-state attacks focused on disruption,” Tilley says.

However, organisations will certainly not be immune as that necessary evil, email continues to be a major area of vulnerability.

“In 2019, ‘business email compromise’ (BEC) tactics will continue to be successful against companies that don’t have fundamental security controls in place. Multi-factor authentication on internet-accessible email accounts, user awareness education on phishing, endpoint controls to detect malware running on machines, and log monitoring to detect anomalous login activity on accounts are all vital to creating a strong security platform,” Tilley adds.

And we haven’t yet seen the last of ransomware.

“Throughout the next year, ransomware tools will continue to gradually evolve. This will result in further criminal success and more mounted attacks involving compromise, long-term lateral movement and device discovery inside the victim network,” says Tilley.

Privileged Access Management

The sci-fi world of biometrics is well on its way to the mainstream as unique identifiers become more vital to keeping an organisation secure.

“Biometric authentication will become more widespread to secure access and satisfy multi-factor authentication needs,” says Cetin.

"Besides the physical biometric solutions, such as fingerprints and face detection, more emphasis will be put into analysing users behaviour for identification. Those enterprises that need to meet the highest security standards, for instance, the finance sector, complement their security analytics with behavioural biometrics capabilities that help analyse their privileged users' activities.

“How an individual types on a keyboard, their reaction time or how they use systems and consume the services provided will be a more prevalent part of the identification of the most important users to secure their access to sensitive data.”

Will we finally see the backside of those pesky, immemorable, eminently hackable words and phrases we rely on to secure our closest secrets?

“2019 will move us one step closer to a password-free future as technology companies lead the charge to develop new ways to securely authenticate individuals,” Cetin posits.

“More companies will embrace FIDO2, which has recently been approved for use. In 2019, expect more tokens, laptops and more websites to build FIDO2 capabilities into their authentication workflows. While the password may still be around in 2019, its days will be numbered.”

Cybersecurity skills

The cybersecurity skills shortage may finally be addressed, especially as the human aspect of security is becoming recognised as imperative to a secure organisation.

“In 2019 businesses will need to Identify talented staff in non-security roles and spend money on upskilling and training them for security roles,” says Tilley.

“Businesses will need to seek interested staff who can gain experience through mentorship programmes. This combined with “real world” activities given to security graduates can help to somewhat narrow the skill gap facing Australian businesses.”

Industrial control component vulnerabilities up 30%
Positive Technologies says exploitation of these vulnerabilities could disturb operations by disrupting command transfer between components.
McAfee announces Google Cloud Platform support
McAfee MVISION Cloud now integrates with GCP Cloud SCC to help security professionals gain visibility and control over their cloud resources.
WatchGuard announces A/NZ partners awards
Four Australian companies were named partner award winners at the WatchGuard conference in Vietnam.
Telstra’s 2019 cybersecurity report
Cybersecurity remains a top business priority as the estimated number of undetected security breaches grows.
Why AI and behaviour analytics should be essential to enterprises
Cyber threats continue to increase in number and severity, prompting cybersecurity experts to seek new ways to stop malicious actors.
Scammers targeting more countries in sextortion scam - ESET
The attacker in the email claims they have hacked the intended victim's device, and have recorded the person while watching pornographic content.
Cryptojacking and failure to patch still major threats - Ixia
Compromised enterprise networks from unpatched vulnerabilities and bad security hygiene continued to be fertile ground for hackers in 2018.
Why cybersecurity remains a top business priority
One in two Australian businesses estimated that they will receive fines for being in breach of new legislation.