In 2018 many organisations were challenged and surprised by both known and unknown malicious threats. The good news is that it's relatively simple to ensure that your business doesn't hit the headlines in 2019. The first step? Make sure you know what to watch out for!
With the continuous growth of emerging technologies and innovative cyber security solutions under development, we asked our security experts for their pick of the cyber security trends to follow in 2019.
1. The Internet of Insecure Things
With the growing use of IoT-based solutions, some IoT vendors appear to favour usability over IT security. The question for security specialists is therefore what is the right level of acceptable risk? In 2019 companies should assign business ownership to IoT security and focus on these vulnerable, unpatched IoT devices, targeting selected areas of the security budget to manage IoT risks.
As the threat of botnet DDoS attacks grows, we’ll see more and more IoT devices being 'recruited' into botnets to be used to initiate DDoS attacks. With the Mirai botnet for example, and as mentioned before in our Top 5 Cyber Security Threats 2019, several spin-offs of Mirai are already active.
This new generation of botnet DDoS attacks means that the number of threats and their destructive potential will grow in 2019. Mitigating massive traffic volumes using effective DDoS protection solutions is therefore considered to be a major priority for the years to come.
2. Security products moving to the cloud
Cloud-based security might just be the biggest cyber security trend to watch in 2019. When organisations use cloud-based cyber security systems such as Forcepoint Cloud Security, they increasingly experience faster deployment and scalable solutions that support their business needs. As with many other cloud applications, cloud-based security solutions are built with open APIs, enabling security DevOps teams to develop custom solutions for cloud-based security platforms. Cloud providers normally operate a ‘shared responsibility’ model. The cloud provider ensures that data is stored correctly but it is up to the users to ensure the proper security measures are in place. This part is often overlooked.
This means 2019 is an interesting year to watch as businesses migrate and move (parts of) their security solutions to the cloud. Cloud-based access security brokers (CASBs) will also offer more advanced network firewalling, web application firewalls (WAFs) and secure web gateway (SWG) platforms.
3. Endpoint security market maturity
In 2017 Crowdstrike detected an increase in malware-based over malware-free attacks. 39 percent of all these incidents involved malicious software that went undetected by traditional anti-virus software, leaving organisations vulnerable to cyber threats. This demonstrates the growing need for next-generation endpoint protection capabilities.
With the offering of endpoint protection platforms and security management systems that monitor and control agents, more and more organisations are trying to coordinate control of the devices on their networks to keep out malware and intruders. This is one of the reasons why the endpoint security 2019 market has rapidly evolved into a mature market space.
Many endpoint security vendors offer complete Endpoint Security and Response (EDR) solutions. They effectively utilise technologies such as Artificial Intelligence and Machine Learning to continuously improve efficiency and efficacy. Another related trend is the expansion of vendors such as FireEye to move into the Endpoint Security space with SaaS-based endpoint security management.
Having seen major mergers, acquisitions and other endpoint security vendor market movers this year already, sudden market shifts and technological advancements in Endpoint Security are expected in 2019.
4. Web Application Firewalls
The use of firewalls and IPS remains a concern as such devices are susceptible to state-exhaustion attacks, which were experienced by over a half of respondents of Arbor Networks’ Global Threat Landscape Report.
Securing online businesses comes requires great care and attention. A web application firewall (WAF) protects web servers and their content from several attack categories such as web scraping, buffer overflow and Cross Site Scripting (XSS). As the demand for more insights into malicious traffic threatening Web Applications grows, determining real-time attack details and enhanced visibility into the mitigation techniques used becomes more important. Organisations can use these insights quickly to detect (and eventually prevent) application attacks.
WAFs are deployed in front of web servers to protect web applications against external and internal attacks, to monitor and control access to web applications, and to collect access logs for compliance/auditing and analytics. These advancements are fueling the growth of the Web Application Firewall market. With this market growing at a fast pace, 2019 will prove to be an important year to not only observe market shifts, but also to adopt technological advancements in making your existing WAFs more effective and efficient.
5. SIEM 2.0: the power of Machine Learning and Threat feeds
As part of Infradata's security audit, we assess a company's security maturity, part of which may be the implementation of a SIEM. Those customers who do have a SIEM have typically accomplished around 80% of its deployment. This is because current day SIEM solutions are mostly rule-based. Before they can detect and correlate an incident, it must be known to the system. And that means it has to have been seen before. The result is often that the SIEM will either put out hundreds of events per day, or virtually none. Neither is very effective. With the rise of machine learning, a SIEM 2.0 can learn the normal behavior within a network and within systems. The only problem with that is what constitutes normal behaviour? If an organisation is already compromised at the time the SIEM 2.0 gets deployed, it might not trigger on indicators of compromise. To remedy this issue, thread feeds are added to the machine learning capability. These threat feeds include known bad traffic patterns which will help the machine learning element to make the correct decisions. With SIEM 2.0, SOC engineers can focus on four events per day instead of hundreds resulting in a far superior defence against cyber attacks.
6. Zero trust maturity
With Zero Trust adopted as the foundation for many organisations, IT Security teams can now develop digital fingerprints of employees and identify digital trust models.
Cyber attacks and insider threats become more sophisticated to defend against every day. Therefore Zero Trust now means identities have to be verified and monitored within or outside a network first, before they can get access to certain data or systems. One of the major difficulties of rolling out Zero Trust models however can be productivity barriers for employees. Giving users ‘hurdle-free’ access to data and applications with effective ‘digital fingerprinting’, without having the difficulties posed by a Zero Trust approach, will be a major cyber security trend in 2019.
Bonus trend: continued shortage of IT security professionals
The global shortage of security professionals continues to worsen with no end in sight. While many organisations pursue outsourcing with Managed Services, machine learning and automation strategies to help fill the gap, increased efficiency and organic growth of internal teams are still vital strategies to execute in 2019.
10 December 2018