A Proven Record Tracking Cybersecurity Trends
This time of the year is always exciting for us, as we get to take a step back, analyze how we did throughout the year, and look ahead at what the coming year will bring. Taking full advantage of our team’s expertise in data and application security , and mining insights from our global customer base, we’ve decided to take a different approach this time around and focus on three key, and overriding trends we see taking center stage in 2019.
2018 brought with it the proliferation of both data and application security events and, as we predicted, data breaches grew in size and frequency and cloud security took center stage globally. With that in mind, let’s take a look at what next year holds.
Data breaches aren’t going away anytime soon, which will bolster regulation and subsequent compliance initiatives
Look, there’ll be breaches, and the result of that is going to be more regulation, and therefore, more compliance, this is a given. In fact, the average cost of a data breach in the US 2018 exceeded $7 million.
Whether it’s GDPR , the Australian Privacy Law, Thailand’s new privacy laws or Turkey’s KVKK; it doesn’t matter where you are, regulation is becoming the standard whether it be a regional, group, or an individual country standard.
Traditionally when we looked at data breaches, the United States lit up the map, but as regulatory frameworks and subsequent compliance measures expand globally, we’re going to see a change.
The annual number of data breaches and exposed records in the United States from 2005 to 2018 (in millions) [Statista]
What you ’ll see in 2019, and certainly, as we move forward, is a red rosy glow covering the entire globe. In 2019 you’ll hear more of “It’s not just the United States. This happens everywhere.”
Let’s unpack this for a second. If you were going to steal private data or credit card details, why would you do it in an environment that has world-class, or even mediocre cybersecurity measures in place? If everyone else is even slightly less protected, that’s where you’re going to find people targeting data, but we hear more about it in regions where regulation and compliance is a major focus.
To that end, we don’t necessarily see 2019 as the year where regulators start hitting companies with massive fines for compliance . Maybe by the end of the year, or if you see outright egregious negligence. But, you’ll find that companies have put in the legwork when it comes to compliance.Having your head in the cloud(s) when it comes to managing risk… not a bad idea
McKinsey reports that, by 2020, organizations will be spending more than six times on cloud-specific products than they do on general IT services; and according to a survey by LogicMonitor , up to 83% of all enterprise workloads will be in the cloud around that same time.
LogicMonitor’s Future of the Cloud Study [Forbes]
Organizations continue to capitalize on the business benefits of the digital economy and, as such, end up chunking more data into the cloud. Now, we’re not saying that this is being done without some forethought, but are they classifying data as they go along and increasingly open their businesses up to the cloud?
Teams need to recognize that, as they transition their data to the cloud, they transition their awareness of what’s in the cloud; who is using it, when they’re using it, and why they’re using it. 2019 isn’t going be the year that businesses figure out they need to do that. What we will see, however, is increasingly cloud-friendly solutions hit the market to solve these challenges.Social Engineering and the rise of AI and machine learning in meeting staffing issues
One of 2019’s most critical developments will be how the cybersecurity industry steps up to meet the increasing pressure on security teams to perform. According to the Global Information Security Workforce Study , the shortage of cybersecurity professionals will hit 1.8 million by 2022, but at the same time, a report by ESG shows just nine percent of millennials are interested in a career in cybersecurity.
What we’re going to see is how AI and machine learning in cybersecurity technology will close the gaps in both numbers and diversity of skills.
Organizations today have to solve the problem of cybersecurity by hiring for a host of specialized competencies; network security, application security, data security, email security and now, cloud security. Whatever it is, underscore security, those skills are crucial to any organization’s security posture.
Here’s the thing, there aren’t a lot of people that claim to know cloud security, database security, application security, data security, or file security. There just isn’t a lot. We know that and we know businesses are trying to solve that problem, often by doing the same old things they’ve always done, which is the most common solution. Do more antimalware, do more antivirus, do more things that don’t work. In some cases, however, they’re doing things around AI and trying to solve the problem by leveraging technology. The latter will lead to a shift where organizations dive into subscription services.
There are two facets driving this behavior: the first is the fact that, yes, they realize that they are not the experts, but that there are experts out there. Unfortunately, they just don’t work for them, they work for the companies that are offering this as a service.
Secondly, companies are recognizing that there’s an advantage in going to the cloud, because, and this is a major determining factor, it’s an OpEx, not CapEx. The same thing is true of subscription services whether that be in the cloud or on-prem, it doesn’t matter. Driven by skills shortages and cost, 2019 will see an upswing in subscription services, where organizations are actually solving cybersecurity problems for you.
We should add here, however, that as more organizations turn to AI and machine learning-based decision making for their security controls, attackers will try to leverage that to overcome those same defenses.Special mention: