Cyber

Predictions for 2020

by Mark Rowe

It’s approaching the end of year, a time for reflection and for asking; what will next year bring?

Gerald Beuchelt, Chief Information Security Officer at LogMeIn, stresses education and communication within organisations to drive adoption and create a culture of security. He writes:

“All companies face the challenge of security awareness among employees, contractors and customers. Without the support from all users, technological efforts will be hampered in their effectiveness.

“Security awareness isn’t just about teaching employees what to do with phishing emails – there’s so much more, including developing products with security in mind.

“Multi-directional communication is extremely important in a security programme, meaning working from the top-down, bottom-up, and side-to-side to get your messaging across. And yes, it’s true. Security is everyone’s responsibility.

“People learn differently – some are more receptive to visual, listening, or the ‘hands-on’ approach, and some people are attracted to different types of content – funny, serious, the historical background or whatever it may be. And at the same time, providing consistent communication is the key to a strong awareness programme.

“A major challenge for larger companies is maintaining control over the employee/worker identity lifecycle. In terms of culture, it’s a journey to influence behaviour change for thousands of employees. Organisations need support from everyone from interns to the C-suite and board to drive adoption and create a culture of security. At the end of the day, employees want to do the right thing – it’s just a matter of constant education and communication.

“When it comes to high-tech industries like those in the finance or healthcare, the key is to establish and maintain control over BYOD and Bring-Your-Own-App policies and mentality without impacting employee productivity.”

Aaron Zander, Head of IT at bug bounty company HackerOne, suggests government, healthcare and finance are often one of the first targets for hackers; and these need to remain prepared.

“Government, healthcare, and finance are still very attractive targets for cybercriminals. This isn’t going to stop any time soon. 2019 felt like a good year to see more companies really start investing in security, but it still seems like a small inflection, and not the tipping point. Personally, I’m keeping my eye on DNA databases; we have no idea what the value of DNA data will be, but I know that in our lifetime it will probably become one of our most valuable identifiers, and right now we pay other people to tell us trivial things about our history and give it away for free with no real protections.”

As for data protection, maintaining an individual’s (customer’s) privacy and protecting their data can be a differentiator of a business’s service, says the cybersecurity company Forcepoint. They expect this trend to continue into 2020; and you shall see organisations explore the non-breach non-compliance implications of data privacy and protection regulations. This will invoke a move from a breach prevention approach to a more holistic principles-based approach. In review of the fines levied in 2019, expect 2020 to be a case of “You ain’t seen nothing yet” in regards to the size and quantity of fines that supervisory authorities will bring to bear on offenders.

More organisations will move into the cloud as part of their digital transformation, government agencies included. Expect more frequent and larger breaches of public cloud systems as a result. Organisations tend to remain ‘cloud dumb’ as to securing their systems in the public cloud. Attackers will have a renewed focus on public cloud accessible data in 2020, according to Forcepoint. And it’s predicted that cybersec strategies will move from Indicators of Compromise to Indicators of Behaviour. Indicators of Compromise are artefacts that indicate potentially malicious behaviour and have been a staple of cybersecurity protection for decades. Indicators of Behaviour (IoB) on the other hand are based around the behaviour of users and how they interact with data..

Related News

  • Cyber

    State of software security

    by Mark Rowe

    DevSecOps is facilitating better security and efficiency, a report claims. Businesses in the UK outperformed most regions in finding and fixing flaws…

  • Cyber

    CMS platform

    by Mark Rowe

    Most organisations know the importance of a website, writes Doug Cunningham, CTO of the content management systems provider Forrit, pictured. It is,…

  • Cyber

    McAfee standalone

    by Mark Rowe

    The US-based cybersecurity firm McAfee has begun operating as a new standalone company. It marks the closing of the previously announced investment…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing