CIS Logo
tagline: Confidence in the Connected World

Cybersecurity Trends for 2019

Cybersecurity is a hot topic for organizations across every industry. Securing networks, hardening systems, and protecting data from cyber threats has become more important than ever, as cyber incidents are on the rise. We asked a few of our C-level industry experts what they think we’ll see as cybersecurity trends in 2019 – here’s what they had to say:

Sean Atkinson, CISO

cybersecirty-trends-seanIf I’m thinking of cybersecurity trends, I‘m led to the following:

Utilization of data across the enterprise – As data is shared across an organization, it must be secured. One way to better understand data utilization and security is to apply analytics, data science, and predictive machine learning (ML) models. As a new crop of data science graduates move into security-related positions, this will spur industry recognition of how the application of data models can result in better, more effective security.

Privacy with increased enforcement – Even with data breaches becoming more commonplace (i.e., Starwood’s preferred member list being exposed), I expect greater accountability to be a trend in 2019. What does accountability mean? It means holding those who lose PII responsible for the risks and consequences of their security decisions. GDPR may help with privacy enforcement in the EU, but I expect a US state to move in this direction.

Vulnerability discovery continues to increase – I expect the number of Common Vulnerabilities and Exposures (CVEs) to increase by 5% or more in 2019.

Security assessments – The number of businesses that are required to provide some form of security assessment, audit report, or attestation will increase along with general cybersecurity awareness. Third-party security risks, compliance, and cybersecurity standards are all growing topics across business industries.

Cyber warfare becomes a household term – I predict an increase in the attacks on critical infrastructure as well as the individual. Until the loss of PII is controlled, that data will be used for targeted attacks against individuals ex: laser-guided spear phishing.

MS-ISAC Security Primer: Spear Phishing

Brian Calkin, CTO

cybersecurity-trends-brianI agree with all that Sean mentioned and wanted to add a few more thoughts:

Moving to the cloud – We will continue to see organizations shift their workloads into the cloud as their on-premises systems become end-of-life and they look to leverage the latest technology and tools available. In some ways, securing systems in the cloud is similar to securing them in a traditional enterprise environment. However, there are some nuances depending on the specific cloud provider and services being utilized.

Blurred lines related to legacy computer networks – As systems are moved to the cloud and as more of today’s workforce shifts to a remote working environment, we’ll see a blurred line of where enterprise data lives and who is responsible for its integrity. This presents cybersecurity challenges as data moves out of the enterprise environment and onto shared systems like mobile workstations and virtual machines (VMs).

Leveraging artificial intelligence (AI) and machine learning (ML) – To build on Sean’s points related to artificial intelligence and machine learning, I think these technologies will become more necessary as:

  • the volume of data being generated and collected increases
  • the need to analyze data becomes a necessity

Companies like Amazon, Google, and Microsoft are all working to bring AI and ML tools to their respective cloud offerings, thus bringing the technology to a far broader audience and in a more attainable format.

Learn how CIS Hardened Images are securely configured for the cloud

Angelo Marcotullio, CIO

cybersecurity-trends-angeloSean and Brian made great points. I also think we’ll see:

Cloud configuration monitoring – Between IT, developers, programmers, and end users, there can be a lot of people within an organization who have access to cloud environments. Just like on-premises environments, cloud machines should be monitored for configuration changes. Organizations will want to be alerted when a setting has been altered.

Log monitoring in cloud environments – Cloud environments are notorious for creating a lot of logs that are difficult to monitor. With new tools to help sift through large amounts of data, security specialists will be looking to take advantage of automation, enhanced visibility, and alerting.

Security in the coming year

2019 is guaranteed to be an exciting year between machine learning, cloud security, and new vulnerabilities on the horizon. What are your theories on cybersecurity trends for 2019? Any advice you’d give to help organizations start secure in the year ahead? Share your ideas with us on Twitter (@CISecurity).