Story image

1E's cybersecurity predictions for 2019

09 Jan 2019

Article by 1E product marketing vice president Jason Keogh

2018 was a challenging year in the cybersecurity sphere.

While Australian organisations have become more aware of the significant risks posed by cyber-attacks, hackers have continued to up the ante.

A recent Cyber Security Review led by the Department of the Prime Minister and Cabinet found cybercrime was costing the Australian economy up to $1billion in direct costs alone.

An increasing number of organisations are putting their money where their mouths are when it comes to protecting the enterprise against malicious and opportunistic attacks.

The country’s collective spend on cybersecurity was expected to reach $3.8 billion in 2018, up 6.5% on the previous year’s investment, according to Gartner.

Meanwhile, tough new privacy laws have made ensuring the safety of customer data a greater imperative than ever.

Since February 2018, Australian organisations with turnover in excess of $3million must comply with stringent reporting and remediation requirements in the event of a breach or risk fines of up to $1.8million.

Here are some of 1E’s cybersecurity predictions for the year ahead.

Patching makes (almost) perfect

Being particular about patching has always been smart security practice, but perhaps 2019 will be the year more organisations twig to just how vitally important it is.

While new and exotic forms of ransomware hog the headlines, the majority of attacks are far more pedestrian in nature.

They target known vulnerabilities which can and should be fixed before opportunistic hackers have time to worm their way in.

What’s termed the ‘window of vulnerability’ – the time between a vulnerability being announced and its being successfully exploited by a hacker – has shrunk to around seven days.

This means enterprises need to be ready to roll with an immediate patching protocol, not adding the task to the To Do list for attention some time down the track.

The fact that data is fast becoming the lifeblood of the enterprise is beginning to dawn on organisations.

As more enterprises suffer the high costs associated with a significant attack or data breach – business disruption, notification compliance, legal costs and fines – making patching a priority may finally become a status quo in 2019.

Time to take charge of endpoints

While rigorous patching reduces the threat level dramatically, organisations still need to think differently about the way endpoints are managed.

As enterprise infrastructure continues to fragment, courtesy of mobile computing and the rise of the ‘work from anywhere’ culture, securing each and every endpoint using traditional tools is an increasingly ambitious undertaking.

2019 should be the year enterprises consider approaching the issue differently.

The ‘endpoint security broker’ model is designed to prevent hackers and cybercriminals using decentralised devices as backdoor entries into core systems and escalating their attacks laterally once ‘in’.

It does so via a simple protocol which sees access requests diverted to a ‘broker’ which monitors and controls access privileges across the enterprise.

Staying safer automatically

Staying up-to-date with software releases can feel akin to an arms race.

As soon as the latest version of an operating system or application is rolled out, there’s something new in the pipeline.

Not implementing updates immediately can make an organisation more vulnerable – and doing so can call for resources that just aren’t there - unless organisations automate the process.

2019 may be the year more Australian enterprises choose to do so, as weekly and monthly releases make the old modus operandi of updating software occasionally or by attrition increasingly unworkable.

Strength through integration

Digitisation has seen the world become hyperconnected, and it’s past time the trend took off in the cybersecurity industry too.

It’s tempting for security vendors to tell customers that running just one or two killer tools will solve their every security challenge, but the trouble is, it’s not true.

The strongest solution is an integrated one and 2019 is likely to be the year that is reflected in product offerings.

Expect systems to become more API driven as standalone tools are increasingly replaced by an ecosystem of compatible solutions.

The perimeter is dead. Long live the perimeter!

IT professionals have posited for years that the perimeter is dead but reports of its death have been greatly exaggerated.

However, 1E believes it’s more alive than it ever was.

It just looks a lot, different than it used to, back when it formed the hard, crunchy exterior of the corporate network.

In its new incarnation, it’s the opposite.

It’s disparate, dispersed and hard to keep track of because every single machine and device is the perimeter.

ESET researchers break down latest arsenal of the infamous Sednit group
At the end of August 2018, the Sednit group launched a spear-phishing email campaign, in which it distributed shortened URLs that delivered first-stage Zebrocy components.
Container survey shows adoption accelerating while security concerns remain top of mind
The report features insights from over 500 IT professionals.
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Who's watching you? 
With privacy an increasing concern amongst the public, users should be more aware than ever of what personal data companies hold.
Fake apps on Google Play scamming users out of cryptocurrency
Fake cryptocurrency apps on Google Play have been discovered to be phishing and scamming users out of cryptocurrency, according to a new report from ESET.
Managing data to comply with privacy regulations - Micro Focus
It’s crucial for organisations to be able to access, understand, and accurately classify the data they have so they know how to treat it.
Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.
SEGA turns to Palo Alto Networks for cybersecurity protection
When one of the world’s largest video game pioneers wanted to strengthen its IT defences against cyber threats, it started with firewalls and real-time threat intelligence from Palo Alto Networks.