Three key trends that will change cybersecurity strategies in 2019
Look back at 2018 and you’ll see how turbulent of a year it was for the security industry. Unprecedented data breaches from the likes of Facebook and Marriott, among many more, prove that organizations and security professionals must do a better job at proactively protecting sensitive information.
In 2018 we also saw governments step in and enforce new security regulations to protect consumers. It’s safe to say security policies and reporting will both undergo major updates over the next 1-2 years. And as security infrastructures evolve as a result, it is certain that new attack vectors and vulnerabilities will emerge, and security teams will need to be able to identify and prioritize the mitigation actions needed to prevent more breaches of this scale.
As we approach 2019, here are three major shifts that security teams and organizations alike can expect.
AI Will Become a Key Ingredient in Cybersecurity Solutions…but Humans Are Still Needed
In many industries, it has been hotly debated whether robots will replace or assist human workers. In cybersecurity, there is no debate. With the number of cybersecurity threats growing every day and the increased digitization of assets/processes that could be vulnerable to those threats, it is mathematically impossible for humans to monitor for all threats and sift through hundreds of thousands of vulnerabilities to determine which to prioritize. Even the largest security team comprised of the most skilled IT professionals can’t effectively accomplish this without the assistance of artificial intelligence.
Tools that continuously monitor all your assets and proactively predict what vulnerabilities are most likely to be exploited (and have the highest business impact) are necessary just to keep up with the constantly evolving attack methods employed by cyber criminals. That’s not to say that there won’t be a need for human workers in cybersecurity...exactly the opposite.
Humans will be needed more than ever to act on the information that AI- and machine learning-based tools produce. Additionally, humans will turn their attention to the larger strategy behind their company’s security posture and help the security program become more outcome-oriented.
Security Shifts from a Project-Oriented to an Outcome-Oriented Approach
For many years, security programs have focused on completing projects. Security teams checked items off to-do lists without having any real insight into whether or not these projects were having a meaningful impact on the company’s security posture and breach resilience.
In 2018, we saw the beginnings of a shift as companies realized they can’t afford to continue to dedicate time, resources and budget toward fixing problems without having a clear understanding of how those actions reduce the company’s overall cyber-risk. Advanced tools that benchmark risk and easily identify the actions that will most impact and strengthen security posture are now readily available, and in 2019 we will see more adoption of these tools.
By the End of 2019, 10% of Vulnerability Management Tools Will Be Risk-Based
In 2018, Gartner released a report on risk-based vulnerability management, which stresses the need for vulnerability management (VM) tools to incorporate risk based on business context.
Traditional VM tools identify thousands of vulnerabilities at any given time for a large enterprise, making it near impossible for security teams to know which vulnerabilities to prioritize and address first. As Gartner pointed out, advanced risk-based VM tools take into consideration the impact to the business of each vulnerability if exploited, and produce a clear, prioritized list of actions for the security team to take. As devastating breaches at organizations large and small, public and private, continue to make headlines, companies will gravitate toward risk-based tools to more effectively and efficiently avoid getting breached.
Cybercriminals are constantly evolving their attack methods, and in response, security teams must advance their approaches to protecting their data. This means rethinking antiquated processes and tools. 2019 is sure to bring new challenges, but companies will also be taking steps in the right direction to properly secure data and proactively prevent breaches.