2018 was another significant year for the cybersecurity industry, with sweeping changes that will impact security professionals for years to come.
The General Data Protection Regulation (GDPR) finally went into effect, dramatically reshaping the way companies and consumers manage data privacy. Security teams stepped up their battle against technology complexity by increasingly migrating to the cloud and adopting security platforms. And several emerging security technologies — such as incident response automation and orchestration, artificial intelligence (AI), and machine learning — continued to evolve and saw increased adoption as a result.
As security teams continue pushing to get ahead of adversaries, these trends will almost certainly have long-term impacts. But what do they mean for 2019?
Bold Cybersecurity Predictions for 2019
Recently, I was fortunate to host a panel of cybersecurity experts for IBM Resilient’s sixth annual end-of-year and predictions webinar, including Bruce Schneier, chief technology officer (CTO) at IBM Resilient and special advisor to IBM Security; Jon Oltsik, senior principal analyst at Enterprise Strategy Group; Ted Julian, co-founder and vice president of product management at IBM Resilient; and Gant Redmon, program director of cybersecurity and privacy at IBM Resilient.
During the webinar, the team discussed and debated the trends that defined 2018 and offered cybersecurity predictions on what the industry can expect in 2019. In the spirit of keeping our experts honest, below are the four boldest predictions from the panel.
Bruce Schneier: There Will Be a Major IoT Cyberattack … or Not
Last year, Bruce predicted that a major internet of things (IoT) cyberattack would make the news, perhaps targeting automobiles or medical devices. Fortunately, that wasn’t the case in 2018. But could it happen in 2019?
Bruce’s prediction: maybe (yes, he’s hedging his bet). There are certainly many risks and vulnerabilities associated with the rise of IoT devices. Regardless of whether a major attack is imminent, IoT security needs to be a top priority for security teams in 2019. This prediction is in line with Bruce’s latest book, “Click Here to Kill Everybody.”
Ted Julian: Security Automation Will Create Unintended Negative Consequences
Incident response automation and orchestration is an increasingly popular way for security teams to streamline repetitive processes and make analysts more efficient, but automating poorly defined processes could create bigger issues.
Automated processes accidentally taking down systems is a familiar problem in the IT space. In 2019, we will see an example of security automation hurting an organization in unforeseen ways.
To avoid this, organizations need to consider how they employ technology when orchestrating incident response processes. They should focus on aligning people, processes and technology and methodically employ automation to further empower their security employees.
Jon Oltsik: Continuous Risk Management Will Help Organizations Better Understand Risks
Today, risk assessments and vulnerability scans give organizations a point-in-time look at their security posture and threat landscape. But in 2019, that won’t be enough. Security leadership — as well as executives and board members — need real-time information about the risks they face and what needs to be done to improve. Establishing a system of continuous risk management will help security teams enable this reality.
Gant Redmon: New Laws Will Provide Safe Harbor to Compliant Organizations
A pending law in Ohio would provide a first in U.S. data privacy regulations: Providing safe harbor from tort claims to organizations that are in compliance with their security regulations. In other words, if an organization suffers a data breach but is in compliance with its regulatory obligations, it will be protected from lawsuits related to that breach.
While the Ohio law is the first of its kind, we will no doubt start to hear of similar regulations emerging throughout 2019.
What are your cybersecurity predictions for 2019? Tweet to us at @IBMSecurity and let us know!