While data breaches, ransomware and internet of things (IoT) security remain front and center in cybersecurity trends, 2018 saw a greater emphasis on data privacy, thanks to the EU's General Data Protection Regulation (GDPR), which took effect on May 25, 2018.
Expect privacy to remain a priority in 2019, according to cybersecurity experts, as more regulations have been passed in individual states and other countries, and old cybersecurity concerns have appeared in new vectors or been reshaped by cybercriminals.
Here are five predictions from cybersecurity experts.
1. Managing privacy will become the new normal.
Privacy will continue on a similar path as the evolution of cybersecurity, predicts Chris Babel, CEO with TrustArc. Data breaches and privacy-related incidents aren't going away just because of GDPR and other laws, so expect a standard of constant privacy to become the new normal and for compliance to be a continuous exercise that requires the same focus, vigilance, and taxes.
If organizations want to keep pace with competitors, they'll have to incorporate privacy and compliance into their business processes, especially since consumers will now have increased awareness of security and privacy.
"In 2019, consumers will become more aware of and better understand the rights and mechanisms that regulations like the GDPR have made available to them to manage and protect their data," said Babel. "As a result, we will see consumers become more engaged and active in controlling their privacy settings, such as sharing less information, unsubscribing from marketing communications, and requesting copies of their data or that companies delete their data entirely from marketing databases."
2. Brands will rethink cloud security.
As cloud adoption and multi-cloud deployments are spreading exponentially, organizations are faced with unmanaged security risks and data exposure. That's why in 2019, David Storch, security consultant with Atos North America, predicts organizations will focus on creating solutions for their cloud and hybrid environments.
Also expect to see more companies address cloud security by moving away from public cloud formats and returning to the private cloud. We first saw an inkling of this trend in 2016, according to Jonathan Sullivan, co-founder and CTO of NS1, when Dropbox announced it was moving 600 petabytes of data from AWS to its own data center. The reason was primarily to improve security, but it also addressed availability and performance concerns.
"We expect to see these same concerns drive enterprises to move applications and data from the public cloud back to the private cloud in 2019," said Sullivan. "Data shows that private cloud is growing at a rate two times that of public cloud. As organizations that moved to the public cloud grow in maturity, many will realize the cost savings or agility benefits they anticipated were not easy to unlock. We expect to see these organizations adopt to new frameworks involving software-defined networking in a private cloud environment or on-premises."
3. Cybercriminals will use new tactics.
In 2019, the McAfee Labs 2019 Threats Prediction Report anticipates the hacker forums, chat rooms, and marketplaces where one can purchase exploit kits and other nefarious offerings – the cybercriminal underground – will consolidate. In turn, we'll see a rise in malware as a service, and these new malware families will work closely together.
"These increasingly powerful brands will drive more sophisticated cryptocurrency mining, rapid exploitation of new vulnerabilities, and increases in mobile malware and stolen credit cards and credentials," the report states.
As crimeware becomes a service, it could lead to more destructive attacks, added Malcolm Harkins, chief security and trust officer at Cylance. It will also allow cyberattacks to expand beyond hackers and cybercriminals and into terrorist-related groups.
"From attacks on data integrity that essentially kill computers to the point of mandatory hardware replacements to leveraging new technology for physical assaults, such as the recent drone attack in Venezuela, attack surfaces are growing, and enemies will take advantage," said Harkins.
4. Social media will grow as an attack vector.
Fake news is going to become more prevalent in 2019 as cybercriminals use social media to spread misinformation and extortion campaigns. McAfee predicts the focus this time will be on brands and corporations, instead of elections. The increased number of botnet accounts will look more legitimate and will be harder to take down. Botnet operators will continue to harass organizations with the intent to do serious, if not permanent, damage to their reputation and financials.
"Activities to manipulate public opinion have been well documented and bots well versed in manipulating conversations to drive agendas stand ready," the report said. "Next year we expect that cybercriminals will repurpose these campaigns to extort companies by threatening to damage their brands. Organizations face a serious danger."
5. Small organizations will finally take an enterprise approach to cybersecurity.
Will 2019 be the year small businesses take a leap forward in their cybersecurity efforts? Yes, said Brian NeSmith, CEO and co-founder of Arctic Wolf Networks.
This new attitude and approach should have an impact on the overall supply chain. If smaller companies are more serious about their security efforts, it will become more difficult for cybercriminals to target the suppliers as a backdoor into large enterprise networks.