Every year, cyber attacks on both business and individuals seem to break new ground. And in 2019, with threat vectors growing and cybercriminals leveraging new hacking tools and techniques, IT security departments will have their work cut out for them. The good news is that the field of cyber security is rising to the challenge and will put up a noble fight in the coming year.
Here are a few trends we’re seeing on the cyber security front, and what companies can do to keep pace.
No Surprise: Incidents Are Growing
It should come as no surprise that data breaches have become more commonplace as cybercrime becomes big business. A recent survey of 1,200 companies reported that 71 percent suffered at least one data breach at some time, with 46 percent reporting a breach in the last year (up from 26 percent the year before). Many of these attacks exploit employees’ lack of awareness of phishing and other social engineering tactics that are designed to steal corporate login credentials, giving cybercriminals backdoor access to network infrastructure.
Europe’s GDPR Will Create a Data Protection Opportunity
In 2018, the General Data Protection Regulation (GDPR) mandate was created to protect the personal information of every European Union citizen. Companies must comply with this law or be subject to fines of up to 20 million euros, and in 2019 it is estimated that as much as 80 percent of multinational companies could fail to comply with GDPR. Fortunately, this law creates a learning opportunity for IT security organizations everywhere, as it forces them to reexamine how customer data is collected, processed, stored and deleted. And GDPR will impact more than just cyber security teams; it will also present an opportunity for marketing groups to rethink how they conduct email campaigns to ensure total privacy of their customers’ personal data, and an opportunity to craft a corporate brand that reflects their commitment to customer and data protection.
AI and Machine Learning Will Drive Most Cyber Security Efforts
Artificial intelligence and machine learning are making life easier for cyber security professionals who want to scale their data protection efforts. AI is used by roughly 87 percent of US cyber security professionals, and 34 percent of security professionals now completely rely on machine learning, according to a Cisco report. Machine learning algorithms can be used to accelerate incident detection and response, identify and communicate risk to the business such as software vulnerabilities and configuration errors, and provide situational awareness for managers to get a holistic view of security status.
Cybercriminals Will Expand Attack Vectors
One big influencer that is driving the increase in cyber attacks is the pervasiveness of Internet of Things (IoT) devices in the enterprise. According to Symantec, IoT attacks increased 600 percent last year, which is forcing companies to add better incident detection into their IoT platforms and find ways to enhance visibility into their extensive IoT networks and devices. Ransomware is the rise as well, with a 300 percent increase in ransomware attacks last year. Cybersecurity Ventures predicts that in 2019, global damages from ransomware will reach over $11 billion, with attacks occurring every 14 seconds.
But at the same time, while the number of ransomware variants increased 46 percent last year, the average ransom demand dropped from its peak of $1,071 in 2016 to $522 in 2017, indicating that criminal groups may shift their focus to more higher-value targets. Mobile malware also continues to surge, with the number of new variants increasing by 54 percent, illustrating the popularity of the mobile platform as a cyber crime attack vector.
Yet Companies Still Remain Unprepared
In a 2018 cyber security study of 2,300 IT professionals, 77 percent said their organizations do not have a formal cybersecurity incident response plan in place, and one in four only have an informal or ad-hoc process in place. These are deeply unsettling numbers considering the growing number and severity of cyber attacks and data breaches. And to make matters worse, nearly half of IT security professionals rarely change their security strategy substantially, even after experiencing a cyber attack. Even the most seasoned IT security professionals must keep pace with the cyber security learning curve and keep their skills as sharp as possible. And on the plus side, 86 percent of US organizations plan to increase cyber security spending in the coming year, up from 76 percent the year before.
Security Experts Will Need to Think Like Hackers
The only way to truly beat hackers and cybercriminals is to understand how their ploys work from the inside out. That’s what a Certified Ethical Hacker (CEH) is trained to do, and they are becoming invaluable tools in the battle against cyber crime. Other cyber security certifications like Certified Information Systems Security Professional (CISSP) certification provide must-have skillsets for any IT department that is serious about data and network protection.
As 2019 kicks into gear, be sure to intensify your focus on holistic data protection, edge device security and phishing and malware attack mitigation by keeping your cyber security teams educated and one step ahead of bad actors.