Cybersecurity in 2019: Trends to Watch & Resolutions to Keep

Another year, another breach. Another whizzbang technology. Another success story.

2018 was the year that cybersecurity went mainstream. As headline after headline this year illustrated, cybercrime is now a routine part of everyday life.

So, how did 2018 change the cybersecurity landscape? Here are the trends that began this year that we expect to see continue for sometime:

Privacy and security became inseparable. In 2018, privacy and security became one, joining together to become the concept of data resilience. While privacy is a legal concept, both it and security introduce conversations about the same thing. With Facebook, for example, it was difficult to tell the difference between consent and opt-in/opt-out and the ability of the provider to secure data in a way that privacy controls actually mattered. A security incident can quickly become a privacy issue. What is okay for data brokers to collect? How long do they hold onto data? How much control do we have over our data? These are privacy questions supported by security. In 2019, cybersecurity professionalswill need to know more about privacy (and vice versa). When looking at the processaround privacy procedures and policies, information security professionals mustrespect security and leverage some of these controls.

Cybercrime became more strategic. Cybercriminals aren’t looking to execute one singular breach. Cybercrime is a longer-term play, focused on economic viability or political clout. More data means more influence – and more influence means more control over their target, whether it’s a business organization or a foreign government.

The impact (financial, reputational, and functional) of breaches was shorter term. One byproduct of cybercrime and cybersecurity becoming more mainstream is that breaches have become less impactful overall and the damage experienced by victims of these incidents has also lessened. Stock prices tend to rebound more quickly, for example. As consumers become more accustomed to cybercrime, it becomes less of a big deal to them.

Cybersecurity virtualization went mainstream. It’s no secret that cybersecurity talent is both difficult to find and expensive to invest in (especially when you consider that the average tenure of a cybersecurity employee is only 8 to 12 months). The talent shortage makes it difficult for organizations to successfully solve their cybersecurity issues. With cybersecurity virtualization, your organization can circumvent the traditional route (hiring, training, etc.) and address security needs for less than the cost of retaining a full-time CISO. Whether you need high-level strategy or deep technical expertise, cybersecurity virtualization delivers expertise and experience that’s cost effective.

Those are the trends. Now, what happens when the rubber meets the road?

2019 is the year to update, enhance, or even begin your cybersecurity program. Not sure which Cyber New Year’s resolutions to committo? Here’s what we suggest:

Review, update, or start your risk assessment. There’s nothing more fundamental in cybersecurity than understanding your assets, the risks to those assets, and how to mitigate said risks. So much of security is focused on processes and the integrity surrounding those processes. Address procedural elements, classify your data, and build a data flow diagram.

Put someone who understands cybersecurity on your board. More and more, the cybersecurity issue bubbles up to leadership. You need good decision makers in leadership positions in your organizations to ask good questions about cybersecurity and define priorities. As cybersecurity becomes more of a business strategy, it’s important for directors to understand it on a deeper level.

Look for compromise –before the incident. Generally, the only time we are in investigative or response mode is after the incident – and that can be too late. Learn your indicators of compromise; the more proactive you can be, there will be increasing ROI. You may not be able to build a threat hunting team, but at least move the analysis of indicators left on the timeline.

Do twice as many Incident Response tabletops. Conducting more tabletops increases awareness around the kinds of threats you might experience, makes you a more effective responder, and helps you identify gaps in your plan. Use tabletops to start introducing the concept of resilience surrounding your data. You can also combine tabletops with penetration testing to create a more realistic response environment.

Build a culture of security. More organizations than ever are talking about cybersecurity and fostering a culture of security, but they’re not really doing it. A large part of cybersecurity is related to psychology and understanding why your employees make certain decisions during the day. A culture of security comes frombusiness leadership, the vision and mission of your organization, and theamount of data you have. Define the behaviors you want to see from your workforceand hold people accountable. Your culture of awareness and security shouldtightly align with your business.

Cybersecurity will continue to mature in 2019 and beyond. While there is no crystal ball to reveal impending breaches or predict the exact trajectory of the industry, we can take what we’ve learned previously and apply that knowledge to future operations.

The past twelve months had their share of exuberant ups and catastrophic downs. Let’s see what the New Year brings.

Did you miss Reg’s webinar, “Cybersecurity in 2019: Trends, Predictions, and Resolutions”? Click here to visit our library of on-demand webinars. (You’ll find the 2019 predictions webinar at the bottom of the page.)

 

 

About The Author: Reg Harnish

Reg Harnish is the CEO of GreyCastle Security, a leading cybersecurity risk assessment, advisory and mitigation firm headquartered in Troy, New York.

As CEO of GreyCastle, Reg is responsible for defining and executing the company’s vision. Under his leadership, the company has experienced six consecutive years of triple-digit growth and countless industry accolades. Today, GreyCastle Security is working with organizations in nearly every state in the U.S.

Reg is a nationally-recognized speaker and has presented at countless industry events. Reg was recently recognized as the Cybersecurity Consultant of the Year in North America by the Cybersecurity Excellence Awards for the second consecutive year. He has been featured in Time, Forbes, CBS Nightly News, The Washington Post, Dark Reading and others.

Reg is a member of the Forbes Technology Council and a fellow of the National Cybersecurity Institute in Washington, DC.