2019 Cybersecurity Predictions Roundup – Part I

Paul Barnes, senior director of product strategy, Webroot

• There will be a state sponsored service breach of critical infrastructure leading to loss of life and an extended timeframe to return to normal operations.
• We will see continued growth in biometric services. Devices with usernames and passwords will become the legacy choice for authentication.
• We will finally see a consumer IoT/connected goods certification body, similar to the Consumer Electrical Safety Certifications today. This will enforce the notion of Security by Design for an smart goods manufacturer.

Eric Klonowski, principal threat research analyst, Webroot

• Because the cost of exploitation has risen so dramatically over the course of the last decade, we’ll continue to see a drop in the use of 0days in the wild (as well as associated private exploit leaks). Without a doubt, state actors will continue to hoard these for use on the highest value targets but expect to see a stop to Shadowbrokers-esque occurrences. The mentioned leaks probably served as a powerful wake-up call internally with regards to who has access to these utilities (or perhaps where they’re left behind).

Tyler Moffit, senior threat research analyst, Webroot

• Cryptojacking will continue to dominate the landscape. Half of all attacks in 2019 will be based off of leveraging hardware in your devices to mine cryptocurrency.

Terry Ray, CTO, Imperva

• AI and machine learning will help close the cybersecurity skills gap in both numbers and diversity of skills.
• Organizations will keep leveraging more technologies such as AI to try to solve their security problems, but they often don’t have the expertise or staff to operate them, so they’ll need to leverage more subscription services.
• With the expanding use of APIs and challenges in detecting attacks against them, we’ll see attackers continuing to take aim at APIs as a great target for a host of different threats, especially brute force attacks, app impersonation, phishing and code injection.

Javvad Malik, security advocate, AlienVault

• Security technologies will become invisible. The future will concern itself less with security technologies and more with security outcomes. Enterprises will switch their requirements from, “I need an IDS, behavioural monitoring, a SIEM” – and simply state, “I need to be able to detect threats.” The ‘how’ will be less important. This in turn will change the approach of vendors so that security tools aren’t sold on the basis of features, or some secret sauce, rather on the ability to deliver multiple outcomes through consolidated security technology stacks. We’ll see evidence of this across both on premise and cloud deployments.
• Cyber insurance will surge significantly overall, and exponentially for SMBs. We’ve seen cyber insurance gain traction within the industry. Driven not just by organizations’ own desires to add an extra layer of business protection; but often times it’s mandated by large organizations on smaller partners to take out cyber insurance. Therefore, it’s something we’re likely to see grow exponentially in the small and medium business sectors. It will also have the consequence of pushing SMBs to look at their overall security posture and make improvements. We can also foresee cyber insurance as being the precursor to wider scrutiny of security vendors – perhaps even driving some to offer some form of assurance or liability protection.
• Security standards and regulations will be increasingly implemented. Like Warren G and Nate Dogg said, “Regulators, regulate!” There are many pressing issues in the cybersecurity world. Critical infrastructure lies exposed, and IoT or smart devices continue to bring insecurity to a very personal level. We’ve already seen the state of California forbid IoT device manufacturers from using weak default credentials on their devices. But this is only the beginning.

Photo Credit: ClockworkGrue Flickr via Compfight cc