By Tim Steinkopf, president, Centrify
Predictions are, well, predictably unreliable. But one certainty is that cyber breaches will continue to plague organizations in 2019. Here are six emerging trends that can help organizations stay strong in the coming year and build up their cyber defenses.
#1: Zero Trust Goes from Buzzword to Reality
As catastrophic data breaches become more common, the need for organizations to consider new approaches is escalating. For today’s enterprises, the concept of Zero Trust is rapidly moving from interest to adoption, and savvy organizations will adopt Zero Trust approaches to stay ahead of the security curve. In fact, Zero Trust Security is generating more interest from technology and security leaders than any other security technology, according to the 2018 IDG Security Priorities Study. Bad actors are no longer hacking their way in, they’re logging in using stolen, weak or compromised credentials. As attackers breach what’s left of enterprise perimeters and begin to look — and act — like trusted users, the concept of blindly trusting insiders now seems like a quaint notion. All of which explains why Zero Trust Security will generate even greater interest from security leaders in 2019.
#2: Privileged Access Management Becomes a Top Priority
The misuse of privileged credentials will continue to be a leading area of exposure, and we’ll see more IT budget and resources dedicated to securing this top attack vector. At this year’s Gartner Security and Risk Management Summit, the analyst firm included Privileged Account Management on its list of most-recommended security projects. The problem is many of the biggest and best companies have not prioritized Privileged Access Management (PAM) strategies and solutions — or have only partially deployed them. But PAM will be in the spotlight in 2019 due to a new wave of high-profile breaches involving privileged credentials. In terms of overall investment in the fast-growing Identity and Access Management market, we predict the PAM segment will outpace Identity Governance and Administration (IGA), Access Management (AM), and User Authentication due to a virulent breach culture that demands a new, cloud-ready, Zero Trust approach to security.
#3: Security Spending Will Exceed Expectations
Gartner recently stated that worldwide security spending will rise to $114 billion in 2018, and will increase another 9 percent next year to reach a staggering $124 billion. We predict that with the ever-growing number of hacks, including well-publicized attacks by nation states, and more stringent privacy regulations like GDPR taking effect, security spending will actually outpace these already bold estimates. However, astute organizations will come to the realization that they simply can’t spend their way out of trouble. Despite all of this investment in cybersecurity, we still see headlines dominated by breaches, which can cause tremendous damage in terms of penalties, lost business and market cap, customer loyalty and trust, as well as brand reputation. Organizations will think less about purchasing every single type of security technology and more about spending their budget on the right tools. For example, those that better align cybersecurity budgets and priorities more directly with the real risk of identity—and not the overhyped risk of malware—will be in a stronger position to stop breaches and protect their businesses.
#4: Uptick in Cybersecurity and Data Privacy Laws
The coming year will be rife with new laws related to cybersecurity and data privacy. For example, large-scale IoT hacks affect countless devices. IoT devices range from home security cameras to massive machine-to-machine industrial networks and represent a massive broadening of the potential threatscape. Statista predicts there will be more than 30 billion connected devices by 2020. However, cyber criminals are becoming increasingly bolder and creative in their methods when it comes to infiltrating these devices. In 2018, California became the first state to pass an IoT security bill, which requires any manufacturer of a device that connects “directly or indirectly” to the Internet to outfit it with “reasonable” security features. Going forward, we predict this bill, which goes into effect in 2020, will spur similar IoT regulations in other states and even in other countries. We also predict that GDPR is just the beginning in the fight to protect data, and more data privacy laws will follow suit.
#5: DevOps Emerges as a Top Security Concern
The enterprise threatscape will continue to transcend legacy cybersecurity solutions, and we’ll see breaches reported that specifically exploit modern use cases like DevOps, Big Data, cloud, etc. DevOps, in particular, is a security challenge for many organizations because, even though it fosters agility, it creates a broader attack surface. Security and operations teams must manage and audit permissions and credentials for a growing number of user and system accounts. Compounding the issue is that traditional methods of securing developer environments involve manual interventions and restrictive controls that significantly restrict the agility of development and operations. As a result, an increased focus will be required to secure access in a DevOps environment.
#6: AI Will Stop at Least One Major Breach
AI and machine learning will play an active role in stopping at least one major breach in 2019. Of course, we’ll never know which one, but the ability for intelligent systems to more-effectively learn from user behavior and apply adaptive controls to stop threats will keep at least one Fortune 500 company out of the headlines. The application of AI in 2019 can help tilt the battlefield in favor of the good guys so organizations can automatically detect and neutralize threats before they can cause significant harm.
These are six important trends that will define the cybersecurity space in 2019. There are undoubtedly others that will emerge and gain strength. But one overall fact is clear: cyber threats will continue to come fast and furious, and organizations must be prepared to defend themselves using all available measures.