Back in April we asked 22 security experts whether we’re winning or losing the war against cybercriminals, and the consensus was almost unanimously negative. Not much has changed since then, and even the growing promise of artificial intelligence as a weapon has been blunted by the reality that criminals have access to the same tools.
With a skilled-worker shortage that’s estimated to range between 1.8 million and 3.5 million people worldwide, security practitioners are fighting with one hand behind their backs. Although many tools are available to help them, the overwhelming number and variety of options presents integration challenges. It’s unlikely that 2019 will see the task of securing enterprise networks become any easier, although attackers may shift their focus toward more governmental and political targets. Prepare for the long, slow struggle to continue.
With that dour premise, here are five predictions for the new year.A year of consolidation
Formal estimates are hard to come by, but a quick calculation of Crunchbase reports indicates that security startups raised more than $6 billion in financing in 2018. The investment database also lists more than 3,000 companies that list “cybersecurity” in their market category. That’s a lot of choices.
Too many, in fact. IBM Corp. estimates thatthe average enterprise uses 80 different products from 40 providers. Simply piecing together such a wide range of information from disparate sources is a monumental task, the result being that organizations will tend to underuse all the features that are available to them.
If the late-2018 downturn in the stock market persists, many of these startups will start looking for an escape route. They will have plenty of prospective buyers to talk to, as companies such as Cisco Systems Inc. and IBM are ambitiously expanding their cybersecurity footprint. Although innovation may wane as a result of consolidation, buyers are likely to have fewer integration headaches to contend with.How others see it “Some 53 percent of companies with 1,000 or more employees have deployed three or more disparate endpoint security networks across their network, according to Enterprise Strategy Group Research. This causes lots of waste…. In the coming year, the number of solution providers will decrease as the bigger players add startup technologies into their portfolios to create a broader product offering.” ― Rick Grinnell, contributor, CSO Online “In 2019, there will be continued consolidation of companies in the security sector, especially for those that have developed technologies that relate to digital identities including on-boarding, authentication and the continual management of privileges and access.” ― Todd Shollenbarger, chief global strategist, Veridium Ltd., quoted in Forbes “Next year, smaller security players will be snapped up for a variety of reasons [such as] talent, underlying technology and to boost sagging top-lines of legacy security or networking vendors. In addition, some traditional large public security vendors have stagnated due to their legacy on-premises architectures and are ripe for private equity firms gobbling them up.” ― Sanjay Beri, founder and CEO of Netskope Inc., quoted in Inc. Cloud attacks step up
Cloud computing providers have spent the last several years trying to convince customers that they offer world-class security. In 2019 they’ll be tested more than ever to prove that. The quickening migration of businesses of all kinds to the cloud makes those services increasingly attractive targets for bad actors.
Cloud providers will need to steel themselves not only against breaches but denial of service attacks and other activities that disrupt customers. They’ll also need to do a better job of educating customers about taking responsibility for their own data in order to prevent such recent incidents as the embarrassing disclosure of 119,000 documents left on an unprotected server by FedEx Corp. and a similar compromise of37 millioncustomer records by Panera Bread Co.How others see it Everyone in the industry is seeing huge migrations to the cloud, but most companies are not doing anywhere near as much work as they need to be doing to protect the cloud the way they used to protect their data centers ― and the bad guys know this. There is a reason why roughly 20 percent of the incident responses and breaches we are working involve the cloud. The bad guys go where the money is.” ― Steven Booth, chief security officer, FireEye Inc., writing in the company’s annual predictions roundup “The ineffective username/password conundrum has plagued consumers and businesses for years. There are many solutions out there asymmetric cryptography, biometrics, blockchain, hardware solutions, etc. but so far, the cybersecurity industry has not been able to settle on a standard to fix the problem. In 2019, we will see a more concerted effort to replace passwords altogether.” Malwarebytes Corp. Labs, writing on the company blog Economic and political espionage will rise
With trade tensions at their highest level in recent memory and growing global instability, state-sponsored criminals have the potential to do more damage than ever, and the growing cadre of states and political groups willing to pay for their services. This year saw attackers target municipal infrastructure , airlines ,hospitals and even newspaper distribution networks , in most cases with the intent of crippling services rather than stealing personal information.
The upcoming 2020 U.S. election in particular will be a tempting target. About the only positive thing to say is that criminals may be at least temporarily distracted from attacking their more traditional commercial targets.How others see it “Last year, we observed at least five software supply chain compromises, a huge increase over what we had been see