What’s Going to Change in Cybersecurity in 2019 (and What Won’t)

Every year, we reach December and industry experts share their predictions and tell the world what the biggest trends will be for the following year. In the security industry it’s hard to predict exactly what cybercriminals might have in store, what new techniques will become popular and which major organization will be the next victim.

We closed 2018 with news that Marriott’s Starwood database was hacked for 500 million guests—one of the largest breaches in history. But which big corporation will be the first to make headlines in 2019 and what will be the method of attack?

In the ever-evolving threat landscape it’s becoming increasingly difficult to know what’s next. But if you have your finger on the pulse and have access to relevant data and intelligence, you will have a better idea of trends and can advise on the precautions that need to be taken to help address growing risks. So, I can certainly share my predictions for 2019 and tell you what I believe will be the challenges and solutions. But for me, what is more interesting—and at the same time concerning—is what should be happening in the next 12 months but won’t be.

Here I have outlined cybersecurity predictions, alongside what I would like to see happening in 2019, but I’m quite certain won’t be made a reality:

1. ‘Threat intelligence’ is a buzz phrase right now. Everybody is starting to realize they need intelligence to get ahead of today’s threats, so we’ll probably see a lot of organizations saying they want an intelligence function. To be honest, many organizations won’t know what to do with intelligence, so what they’re really asking for is insight from their vendors into the large volumes of data being collected. The problem lies in the fact that there is still a misunderstanding about what true threat intelligence is. Threat data is not threat intelligence. If there is no action from the data presented then it’s not intelligence, just an interesting story. Unfortunately, I don’t think 2019 is going to be the year where companies stop recasting their threat data as intelligence.
2. Cyber sharing will also become a focus. I predict that cloud act ‘special agreements’ will expand to cover the Five Eyes countries (Australia, Canada, New Zealand, the United Kingdom and the United States) and a few others. At the same time, I think we can expect the first instance of the European Union (EU) government forcing US data centers to hand over data, and the subsequent litigation. On the other hand, while I think we need to be at the point where commercial adoption of cyber sharing is moving materially forward, I don’t believe we’ll quite get there in the new year.
3. Incident response: Security Orchestration, Automation and Response (SOAR) will come into its own as teams continue to struggle with the sheer volume of events and alerts they need to triage. They will recognize that automation will be the only way to dig out. However, I still don’t think we’re going to take the opportunity to learn and add to the overall immunity of the ecosystem. As pressure mounts to click and clear incidents, the trend will continue to be a ‘wipe and move on’ mentality, rather than learning from the data to improve defenses.
4. The cybersecurity professional skills crisis: Cybersecurity experts are in huge demand. There’s an ever-growing need for personnel who can analyze trends, assess risks and ensure the right protections are in place to prepare for every stage of a cyberattack. As a result, I believe we’ll see more and more cyber programs promising well-paying jobs for their graduates. Here’s my concern: there’s a strong likelihood that new graduates might not actually be given opportunities at organizations. With the trends towards automation, there is real concern that the number of entry level positions will decrease as opposed to grow. This will contribute to the long-term skills crisis as graduates won’t be given the opportunity to secure employment and ultimately learn and develop their skills on the job.
5. Durability: The voice of the Chief Information Security Officer (CISO) will also become more prominent. Business decision makers will finally realize it’s only a matter of time until they need to survive a cyber incident and so they will start to plan for it. At the same time, I don’t think they will realize the massive pressure being placed on our security professionals. There’s a mental health crisis coming to the infosecurity industry, with more and more professionals dropping out of the discipline. This will continue until we recognize the ‘responder’ nature of many roles in infosecurity. And the diversity challenges we face in the tech industry means we’ll battle to find enough talent to replace this drop-out.
6. Privacy: Regulators in the EU will drive several high-profile actions against General Data Protection Regulation violations and we will see at least one organization receive and probably pay a substantial fine. Yet, I don’t believe we’ll see a breach notification scheme in the US. This is unfortunate as it would do wonders for those on-the-ground responders trying to do the right thing and protect the privacy of their customers.

2019 will undoubtedly be another one for the books. We’ll see huge changes and the cybersecurity industry will make strides to improve our ability to respond to and protect organizations from evolving cyber threats. But there’s still a lot to be done and unfortunately, it’s going to be hard to address all the challenges we face in the next 12 months.