The past year has shown that no organization is immune from cyber-attack, with major brands like Facebook, Under Armour, and Ticketfly among those breached. Heading into 2019, the cyber threat landscape will undoubtedly change, but how?
To find out, we asked our experts at GRA Quantum what trends they expect to see in 2019. Who better to ask than those immersed in the industry day in and day out? The results are in and a few trends have emerged:
- Increase in the Number of Supply Chain Attacks
- Larger Amounts of Internet of Things (IoT) Vulnerabilities
- More Organizations Choosing to Outsource Security
- Growing Number of Women in Leadership Roles
Hear from the experts themselves:
Tom Boyden, President
“In 2019, I believe we will see a spike in the number of women leading cybersecurity strategy and program building for enterprises as CISOs. This trend would certainly be an exciting development in the security industry that has largely been male-dominated for decades and further evidence of women bursting through the glass ceiling in the cybersecurity labor market.”
Jen Greulich, Director, Managed Security Services
“With the continuing shortage of cybersecurity talent in the industry, companies will lean more and more on Managed Security Service Providers (MSSPs). Every company has a need to invest in security, so for many, MSSPs just makes the most sense. Eventually, companies may even start sponsoring cybersecurity training to try to build up the cyber work force in a different way and to ensure the future holds enough people to fill those empty roles.”
John Sabin, Sr. Director, Network Security & Architecture
“IoT (Internet of Things) security is a greater concern as more and more devices are becoming connected. Oftentimes, security of these devices is minimal or overlooked completely. I can also see hardware and firmware security becoming an increasingly large issue. Look what happened to Intel’s Meltdown hack. No matter what security measures you may think you have, a hack at the firmware level can bypass many of those measures. I think more and more companies will start to realize that network security isn’t just about the network. Network security should be an all-encompassing approach. Patching one side of something just leaves the other side wide open. Network security must be multifaceted and incorporate physical and human elements.”
John Poirier, Manager, Insider Threats
“In the coming years, the definition of an “insider threat” will evolve beyond malicious or naïve employees or contractors to include the web-connected equipment, tools and devices companies and organizations use to operate. In time, hacker’s intent on committing fraud, extortion, intellectual property theft or sabotage will begin to adopt the techniques employed by more sophisticated adversaries (e.g., hostile foreign governments) who invest the time and expertise to develop in-roads to unguarded systems and a long-term presence. “Phishing” and other social engineering ploys won’t go away but supply chain operations and malware-infected machinery are almost certain to become more common.”
Chris Foster, Director, Vulnerability Management
“For 2019, I see a continued migration towards more IoT devices with security becoming increasingly difficult due to the lack of processing power and storage. Additionally, applications are increasing their attack surface with more robust user interfaces and increased calls to supporting infrastructure and backend databases. This provides an attacker with more opportunities to identify security issues that may allow data disclosure or underlying operating system compromise. To combat these issues companies will need to invest in security training for development teams in IoT platforms as well as web services and applications.”
