Threats and opportunities

Security trends to exploit – or defend against – in 2019

Adam Bannister

Editor, IFSEC Global

Author Bio ▼

Adam Bannister is editor of IFSEC Global. A former managing editor at Dynamis Online Media Group, he has been at the helm of the UK's leading fire and security publication since 2014.
February 1, 2019

Sign up to free email newsletters

Download

Converged Security in 2019: Highlights and Insights from IFSEC International

We’ve published a number of articles exploring the trends – in terms of physical security, cybersecurity and a blend of the two – that will emerge or intensify during 2019.

Below we’ve curated some of the most fascinating – in some cases, alarming – forecasts, added some new predictions and interspersed these expert insights with responses we received from the security industry via Twitter.


Johan Paulsson, CTO, Axis Communications

“The number of connected devices means potential vulnerabilities and insecure end-points are growing exponentially”

Progress in AI differs from industry to industry. While in the physical security sector AI is not commonplace, machine or deep learning technology is increasingly used to deploy smart video analytics tools. Use of such technology will increase in 2019, which will not only have a significant impact on improving firms’ security, but also help them derive intelligent insights from the data collected.

Cloud computing is now firmly established, with most organisations making use of it at some level. However, as the use of Internet of Things (IoT) devices grows, so does the amount of data generated that requires storage.

The rise of edge computing is putting more data processing at the ‘edge’ of the network, close to where the data is collected by a video camera or access control device. This can significantly reduce bandwidth and storage demands, and the data can be anonymised and encrypted before it is transferred to secure data centres.

Cyber-attacks are becoming more sophisticated and the number of connected devices means that potential vulnerabilities and insecure end-points are growing exponentially. To combat the threat, supply chain security must be prioritised in 2019.

Working smarter means working sustainably, and this should be something all businesses aim to achieve in 2019. For example, in a smart city, an environmental sensor could trigger a video or thermal camera to quickly identify fires or spillages, prompting alerts to create a more rapid and effective response.

Axis Communications is exhibiting at IFSEC International 2019, taking place 18-20 June 2019 at ExCeL London (stand IF920). Book your free ticket now.

Read more on Johan Paulsson’s 5 top trends for the physical security sector in 2019 


Trevor Matz, CEO, BriefCam

“In 2019 we’ll see more law enforcement organisations using video analytics with facial recognition”

Video content analytics is moving beyond old-fashioned detective work. Video content analytics software that incorporates artificial intelligence (AI) and deep learning technology is now valuable for much more than after-the-fact investigations. AI is making it possible for businesses and law enforcement to make proactive data driven decisions to increase operational efficiencies, as well as giving them the ability to recognize and prevent potential issues before they arise.

Facial recognition is big development that is here to stay. In 2019 we’ll see more law enforcement organisations using video analytics with facial recognition to solve incidents much faster and retailers immediately identify shoplifters. As it proliferates throughout our world, and the technology becomes more readily available, we expect significant adoption in 2019.

As video continues to gain popularity, the need to conserve bandwidth is driving a surge in cloud migration and edge computing. This opens up the possibility for advanced video content analytics that process data collected from cameras and devices.

In 2019, we anticipate a continued migration to cloud computing and edge processing and as a result, we’ll see AI-backed video content analytics become much more widely adopted in many industries such as transportation, higher education, healthcare, retail and more.

Read more on Trevor Matz’s predictions

BriefCam is exhibiting at IFSEC International 2019, taking place 18-20 June 2019 at ExCeL London (stand IF3246). Book your free ticket now.


Ellison Anne Williams, CEO, Enveil

“High on CISOs’ 2019 wish list: trusted computing in untrusted spaces”

The security industry is built on the basic assumption that there are certain fundamental protections computers promise, such as the belief that basic processing elements (like kernel memory) are safe. The 2018 chip flaw disclosures by Intel and others rattled this basic understanding, exposing a massive memory attack surface and bringing attention to an often-overlooked security risk: the processing layer.

It’s not that memory attacks haven’t existed up to this point, but they haven’t previously been exposed this broadly. What 2018 brought to the forefront, 2019 is unlikely to eliminate.

We will see a steady drumbeat of these pervasive, foundation-rattling flaws continue to emerge, forcing enterprises to rethink long-held security assumptions and seek out solutions that will get out in front of the problem, rather than waiting for the next flaw to drop.

The chip flaws announced in 2018 may have been the most pervasive examples of memory attack surface vulnerabilities we’ve seen to date, but it certainly won’t be the last. High on CISOs’ 2019 wish list: trusted computing in untrusted spaces.


Johnathan Couch, senior VP, strategy, Threatquotient

“2019 will have at least one major attack against an OT network that will cause the industry to look at itself and figure out how to redesign in a secure manner”

‘OT’ is operational technology: basically the guts of what runs a lot of oil, gas, and energy companies when it comes to extraction, generation, and/or distribution. Most companies that have OT networks have snubbed their nose at technologies designed to secure IT networks because OT networks are ‘special’. They rely much more heavily on uptime and latency and leverage unique technologies that traditional security tools may disrupt, so they segregate these networks and only layer in minimal security. Most of the investment is put into monitoring tools: not for security monitoring but for performance monitoring.

The reality, however, is that modern OT networks run very similarly to traditional IT networks but with fewer users and typically much older technology. I think that is the big secret they are trying to hide by not implementing thorough security: modern tools won’t help much with the older technology and they don’t want to force the vendors to update or to invest in another IT network where the costs could skyrocket.

Because of this conundrum, I think that 2019 will have at least one major attack against an OT network that will cause the industry to look at itself and figure out how to redesign in a secure manner.

Read Johnathan Couch’s comments in full


SecureAuth, an Identity Security Automation platform

Mean time to detection will fall and more breaches that are greater than 100 days old, perhaps even longer, coming to light”

All verticals are under attack. In fact, it is more about the attack surface than the vertical. Anyone with a portal presence or Office 365 deployed is a prime target and the impacts are the same: loss of revenue and damage to brand reputation.

Also, machine learning will be weaponised. As these intelligence platforms are becoming increasingly relied upon to automate informed decision making based on information profiles, it would seem remiss for security experts and teams not to consider these platforms themselves becoming the next attack vector. If a sophisticated attacker could find methods to inject confusion or misleading indicators into the information pools used for decision making, it could make it possible to hide amongst the injected noise.

According to recent reports, cyber attackers accessed the Marriott International guest reservation database as early as 2014. In general, it takes roughly 100 days from the time a breach occurs to evidence of the attack being detected. As organisations adopt machine learning based advanced analytics and security orchestration and automation (SOAR) technology, the mean time to detection will fall and more breaches that are greater than 100 days old, perhaps even longer, coming to light. In 2019, organisations will get better at identifying them.

Read SecureAuth’s 7 cybersecurity predictions in full


Dr Adrian Nish, head of threat intelligence, BAE Systems

“We anticipate attackers will shift to targeting banking systems that allow real-time settlement of funds”

Given the record number of cyber heists in 2018, it is likely bank networks will continue to be in the crosshairs of financially motivated threat groups in 2019. Many attacks over recent years have focused on international interbank payment systems. These have a major disadvantage for criminals though, in that there is a delay of 24-48 hours before the funds are settled and available to be moved.

This time window allows the authorities time to catch up following an attack and freeze the funds. In 2019 we anticipate attackers will shift to targeting systems that allow real-time settlement of funds – meaning that money can be moved through a network of accounts more quickly and ultimately laundered successfully. This will present a challenge for the community in terms of the speed of response and international co-operation.

Read Dr Nish’s 5 cybersecurity trends in full


CYFIRMA, cyber-threat intelligence firm

“State-sponsored cyber-attacks on critical infrastructure will proliferate”

Hackers will unleash multi-pronged, AI/machine-learning powered cyberattacks – triggering breaches in humanoid systems alongside blockchain ecosystems and other autonomous systems.

State-sponsored cyber-attacks on critical infrastructure will proliferate. Operational technologies like PCI, HMI, Control and Workflow Systems will be high on cybercriminals’ bucket lists. Threat actors are developing new attack methods featuring complex malware to accomplish tasks such as passive asset discovery and control instruction hijacking.

State or corporate-sponsored espionage will be driven by trade disputes. Following North Korean, Chinese and Russian state-sponsored attacks in 2018 other countries will launch or ramp up their own attacks to demonstrate their political power and meet proxy objectives.

Read CYFIRMA’s 15 cyber threat predictions in full


From the 2019 Forcepoint Cybersecurity Predictions Report

“New privacy safeguards will be put into place due to consumers becoming exhausted by breaches and abuse of their personal data”

There will be a big battle by organisations to keep intellectual property out of the hands of nation-state sponsored hackers. International espionage has always presented a way for nation-states to acquire new technology, but as opportunities for legitimate access dwindle, there will be a real incentive to acquire it by nefarious means.

Biometric identification (including facial recognition software) will be exploited to steal our identities, thereby raising the question of what really defines an identity.

If AI is about reproducing cognition, does cybersecurity AI really exist? How will attackers capitalise on a slowdown of AI funding? When we trust in algorithms and analytics to successfully pilot automobiles, provide insight into healthcare decisions and alert security professionals to potential data loss incidents, how far should trust in AI go?

New privacy safeguards will be put into place due to consumers becoming exhausted by breaches and abuse of their personal data.

Read Forcepoint’s 7 cybersecurity predictions in full 

 

Free Download: Connected security for smart infrastructure

With the rise of the Internet of Things, people, homes and businesses are more connected than ever. Explore what this means for smart buildings, cities and infrastructure in this free eBook from Abloy UK.

Related Topics

Leave a Reply

Be the First to Comment!

avatar
  Subscribe  
Notify of
Topics: