Cyber security vendor Forcepoint has revealed seven cyber security predictions for 2019 as part of its report highlighting the importance of trusted interactions and warning against the over-reliance on artificial intelligence (AI) for cyber security.
“The cyber security industry and attackers expend efforts in a never-ending cycle of breach, react, and circumvent — a true cat-and-mouse game,” said Raffael Marty, vice president of research and intelligence at Forcepoint.
“We need to escape this game. Researching these predictions forces us to step back and see the overall forest among the millions of trees.”
“Cybersecurity professionals and business leaders need to adapt to changes based on the risk they represent, allowing them to free the good while still stopping the bad.”
Cyber attacks in Southeast Asia have been increasing and with some success such as Singapore’s healthcare system which saw the country’s largest ever data breach.
The fact is that enterprises and governments are facing an increasingly hyper-converged world where connected systems put not only critical data and intellectual property but also physical safety at risk.
Forcepoint's 2019 Cyber Security Predictions Report also examines the impact of businesses putting their trust in cloud providers on faith, the impact of end-user trust in securing personal data using biometrics and the potential impact of cascading of trust throughout a supply chain.
Furthermore, in a survey of Forcepoint customers, 94 per cent identified security when moving to the cloud as an important issue.
Fifty-eight percent are actively looking for trust-worthy providers with a strong reputation for security and 31 percent are limiting the amount of data placed in the cloud due to security concerns.
“One way to increase trust and gain control is through behavioural modeling of users or, more specifically, their digital identities, to understand the reasons behind their activity,” said Marty.
“Understanding how a user acts on the network and within applications can identify behavioural anomalies that help inform risk-adaptive responses,” he added.
Seven areas of risk in 2019
The winter of AI? - If AI is about reproducing cognition, does cyber security AI really exist? How will attackers capitalise on a slowdown of AI funding? When we trust in algorithms and analytics to successfully pilot automobiles, provide insight into healthcare decisions and alert security professionals to potential data loss incidents, how far should that trust go? Will vendor claims around AI effectiveness hold up against the reality of sophisticated cyber attacks?
Prediction: There is no real AI in cyber security, nor any likelihood for it to develop in 2019.
Industrial IoT disruption at scale - Attackers seek out vulnerabilities in cloud infrastructure and hardware.
Prediction: Attackers will disrupt industrial internet of things (IIoT) devices using vulnerabilities in cloud infrastructure and hardware.
A counterfeit reflection - As phishing attacks persist, hacker tricks such as ‘SIM Swaps’ undermine the effectiveness of some two-factor authentication (2FA) methods such as text messaging. Biometrics offer additional security by using data more unique to each end-user, but newfound vulnerabilities in facial recognition software lead experts to put faith into behavioural biometrics.
Prediction: Hackers will game end-user face recognition software, and organisations will respond with behaviour-based systems.
Courtroom face-off - Insider threats result in a litigious blame game.
Prediction: 2019 will see a court case in which, after a data breach, an employee claims innocence and an employer claims deliberate action.
A collision course to cyber cold war - Espionage has always presented a way for nation-states to acquire new technology but as opportunities for legitimate access dwindle because of the increase in trade protections, people on the other side of embargoes will have real incentive to acquire it by nefarious means. How will organisations keep intellectual property out of the hands of nation-state-sponsored hackers?
Prediction: Isolationist trade policies will incentivise nation states and corporate entities to steal trade secrets and use cyber tactics to disrupt government, critical infrastructure, and vital industries.
Driven to the edge - Consumers exhausted by breaches and abuse of their personal data have led organisations to introduce new privacy safeguards in the services they provide. Edge computing offers consumers more control of their data by keeping it on their smartphone or laptop. But solutions today must overcome a lack of consumer trust that data will not be leaked to the cloud if they are to succeed.
Prediction: Consumer concern about breaches will cause companies to embrace edge computing in order to enhance privacy. Designers will face significant headwinds with adoption due to low user trust.
Cyber security cultures that do not adapt will fail - Future ‘security trust ratings’ reward some organisations, punish others.
Prediction: Industry-wide ‘security trust ratings’ will emerge as organisations seek assurances that partners and supply chains are trusted partners.