Story image

1E's cybersecurity predictions for 2019

09 Jan 2019

Article by 1E product marketing vice president Jason Keogh

2018 was a challenging year in the cybersecurity sphere.

While Australian organisations have become more aware of the significant risks posed by cyber-attacks, hackers have continued to up the ante.

A recent Cyber Security Review led by the Department of the Prime Minister and Cabinet found cybercrime was costing the Australian economy up to $1billion in direct costs alone.

An increasing number of organisations are putting their money where their mouths are when it comes to protecting the enterprise against malicious and opportunistic attacks.

The country’s collective spend on cybersecurity was expected to reach $3.8 billion in 2018, up 6.5% on the previous year’s investment, according to Gartner.

Meanwhile, tough new privacy laws have made ensuring the safety of customer data a greater imperative than ever.

Since February 2018, Australian organisations with turnover in excess of $3million must comply with stringent reporting and remediation requirements in the event of a breach or risk fines of up to $1.8million.

Here are some of 1E’s cybersecurity predictions for the year ahead.

Patching makes (almost) perfect

Being particular about patching has always been smart security practice, but perhaps 2019 will be the year more organisations twig to just how vitally important it is.

While new and exotic forms of ransomware hog the headlines, the majority of attacks are far more pedestrian in nature.

They target known vulnerabilities which can and should be fixed before opportunistic hackers have time to worm their way in.

What’s termed the ‘window of vulnerability’ – the time between a vulnerability being announced and its being successfully exploited by a hacker – has shrunk to around seven days.

This means enterprises need to be ready to roll with an immediate patching protocol, not adding the task to the To Do list for attention some time down the track.

The fact that data is fast becoming the lifeblood of the enterprise is beginning to dawn on organisations.

As more enterprises suffer the high costs associated with a significant attack or data breach – business disruption, notification compliance, legal costs and fines – making patching a priority may finally become a status quo in 2019.

Time to take charge of endpoints

While rigorous patching reduces the threat level dramatically, organisations still need to think differently about the way endpoints are managed.

As enterprise infrastructure continues to fragment, courtesy of mobile computing and the rise of the ‘work from anywhere’ culture, securing each and every endpoint using traditional tools is an increasingly ambitious undertaking.

2019 should be the year enterprises consider approaching the issue differently.

The ‘endpoint security broker’ model is designed to prevent hackers and cybercriminals using decentralised devices as backdoor entries into core systems and escalating their attacks laterally once ‘in’.

It does so via a simple protocol which sees access requests diverted to a ‘broker’ which monitors and controls access privileges across the enterprise.

Staying safer automatically

Staying up-to-date with software releases can feel akin to an arms race.

As soon as the latest version of an operating system or application is rolled out, there’s something new in the pipeline.

Not implementing updates immediately can make an organisation more vulnerable – and doing so can call for resources that just aren’t there - unless organisations automate the process.

2019 may be the year more Australian enterprises choose to do so, as weekly and monthly releases make the old modus operandi of updating software occasionally or by attrition increasingly unworkable.

Strength through integration

Digitisation has seen the world become hyperconnected, and it’s past time the trend took off in the cybersecurity industry too.

It’s tempting for security vendors to tell customers that running just one or two killer tools will solve their every security challenge, but the trouble is, it’s not true.

The strongest solution is an integrated one and 2019 is likely to be the year that is reflected in product offerings.

Expect systems to become more API driven as standalone tools are increasingly replaced by an ecosystem of compatible solutions.

The perimeter is dead. Long live the perimeter!

IT professionals have posited for years that the perimeter is dead but reports of its death have been greatly exaggerated.

However, 1E believes it’s more alive than it ever was.

It just looks a lot, different than it used to, back when it formed the hard, crunchy exterior of the corporate network.

In its new incarnation, it’s the opposite.

It’s disparate, dispersed and hard to keep track of because every single machine and device is the perimeter.

Avi Networks: Using visibility to build trust
Visibility, also referred to as observability, is a core tenet of modern application architectures for basic operation, not just for security.
Privacy: The real cost of “free” mobile apps
Sales of location targeted advertising, based on location data provided by apps, is set to reach $30 billion by 2020.
Myth-busting assumptions about identity governance - SailPoint
The identity governance space has evolved and matured over the past 10 years, changing with the world around it.
Forrester names Crowdstrike leader in incident response
The report provides an in-depth evaluation of the top 15 IR service providers across 11 criteria.
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.
Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.