IFSEC Insider is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
Adam Bannister is a contributor to IFSEC Global, having been in the role of Editor from 2014 through to November 2019. Adam also had stints as a journalist at cybersecurity publication, The Daily Swig, and as Managing Editor at Dynamis Online Media Group.
The digital world evolves at a pace that make all previous technological paradigms seem glacial by comparison.
Technologies that seemed impossibly futuristic just a few years ago – like AI, virtual reality and facial recognition – are now being deployed in the real world and fast-improving.
Nothing exemplifies the dizzying pace of change more starkly than the arms race between cybercriminals on the one hand and governments and business on the other.
New cyber threats emerge and mutate daily and those defending our data and critical infrastructure must innovate relentlessly to keep up.
So no subject is more suited to the ‘[insert number] trends for [insert year] format’ we see so much of at this time of year. Indeed, you could even prognosticate on a monthly basis given the rate at which trends emerge and evolve.
With this in mind, we welcome some near-term futurology from SecureAuth, which has developed an identity security automation platform that helps organisations prevent the misuse of digital credentials.
Here are SecureAuth’s seven predictions for the most consequential trends we can expect to see – and should prepare for – this year.
Ancient breaches will increasingly come to light: According to recent reports, cyber attackers accessed the Marriott International guest reservation database as early as 2014. In general, it takes roughly 100 days from the time a breach occurs to evidence of the attack being detected and the longer the breach, the more data that is stolen and the more users that are affected, the costlier it is. As organisations adopt machine learning based advanced analytics and security orchestration and automation (SOAR) technology, the mean time to detection will fall and more breaches that are greater than 100 days old, perhaps even longer, coming to light. In 2019, organisations will get better at identifying them.
Credential theft will continue to rise: Whether its due to highly targeted phishing campaigns, information being passed on to third parties, or machine learning and artificial intelligence being deployed as the next attacking vector, we’ll continue to see soaring figures of breaches in 2019, if advanced identity-security approaches are not taken.
Privacy is dead when service is free: When there is a free online service or application, consumers often have a false assumption the information they share is private. Such free services monetise information and sell it for financial gain. It is a business after all. During the Facebook and Cambridge Analytica scandal this year, the public learned that enormous amounts of information from users and those they were connected to was being sold and made available to third parties. In 2019, organisations will need to draw a clear line on data sharing and protecting users.
Concerns will rise in regards to consumer’s privacy rights, and legal ramifications: We’re seeing more court cases regarding access to personal devices without a warrant, and how much control the consumers have over their biometrics, passwords, and passcodes. Questions will need to be addressed on when and if citizens are legally obligated to provide this information, resulting in device access.
Return of network threat detection: We’ll see the industry start to open its arms back up to network based threat detection. With the explosion of IoT and the increasing inteest and drive for BYOD amongst organisations, network-based threat detection will continue to be important, providing vital security and behaviour related data, to offer visibility that endpoint technology can’t.
All verticals are fair game to attackers: All verticals are under attack. In fact, it is more about the attack surface than the vertical. Of course, the finance, healthcare and retail industries will see a slightly larger percentage of attacks but anyone with a portal presence or Office 365 deployed is a prime target and the impacts are the same: loss of revenue and damage to brand reputation.
Machine Learning will be weaponised: Machine Learning is fast gaining traction and will become the next attack vector over the next few years. As these intelligence platforms are becoming increasingly relied upon to automate informed decision making based on information profiles, it would seem remiss for security experts and teams not to consider these platforms themselves becoming the next attack vector. If a sophisticated attacker could find methods to inject confusion or misleading indicators into the information pools used for decision making, it could make it possible to hide amongst the injected noise.
Explore what the rise of the Internet of Things means for people, homes and businesses, and how smart technology is making them more connected than ever. This free eBook from Abloy UK discusses the changing face of smart buildings, cities and infrastructure.
7 cybersecurity trends to prepare for in 2019Some near-term futurology from SecureAuth, which offers seven predictions for the most consequential cybersecurity trends we can expect to see – and should prepare for – this year.
Adam Bannister
IFSEC Insider | Security and Fire News and Resources
Related Topics
“To solve big problems, you need big data” – Ontic’s view on the security industry in 2024
5 key technological trends affecting the security sector in 2024
The cloud tipping point has arrived; Observations from the state of physical security 2024
