Virtualization Technology News and Information
Kudelski Security 2019 Predictions: 5 Trends That Will Shape the Security Industry in 2019

Industry executives and experts share their predictions for 2019.  Read them in this 11th annual series exclusive.

Contributed by Andrew Howard, Global Chief Technology Officer, Kudelski Security

5 Trends That Will Shape the Security Industry in 2019

This year we not only saw the increased use of new technologies like blockchain, but also how unprepared businesses are to safely and securely implement them. Given Gartner's prediction that cybersecurity spending will grow to more than $124 billion worldwide in 2019, where companies put that investment is more critical than ever. 

As businesses and security practitioners plan for the new year, there are five key trends to watch that will have a deep impact on their security plans. Those who can balance the use of the latest technologies while keeping security at the forefront will be best positioned to handle the shifting security landscape in 2019.

Cloud Adoption and Skills

Cloud services, including Identity as a Service (IaaS), Security as a Service (SaaS), and Platform as a Service (PaaS), as well as and cloud-based security services, will see an exponential increase, while base security risks will become even more palpable. Enterprises have to start assuming their role in securing whatever they store in the cloud; otherwise, we will only continue to see the number of breaches increase.

The well-documented skills shortage in the industry is likely to be exacerbated by the exponential move to the cloud, as it requires very specialized skills that are in high demand and short supply. Encouragingly, we're likely to see that gap close in the coming years as more individuals obtain the necessary AWS and Azure certifications.

Internet of Things (IoT) and Operational Technology (OT)

The ‘connectivity of everything' trend will maintain its rapid growth, and security and IT systems will continue to interface more closely with IoT and OT environments. That connection will enable new lines of business and greater efficiency, but also open organizations to new lines of attack. The complexity of the IoT ecosystem will continue to drive security vendors to research and develop products around IoT visibility, monitoring, and management. 

In addition to greater attack surfaces, the proliferation of IoT devices will also lead to increased privacy and security concerns. We will see attack services and hacking tools also grow, which will have a direct impact on the cost of controls and compliance as well as spur new regulations. IoT botnet exploitation will also intensify and primarily target industrial IoT. With the increasing threats, industries such as those heavily impacted by supply chains will begin to place greater demands on their suppliers for security certifications and audit reporting, and enterprise users with large deployments of IoT/OT systems will create demand for a platform or services to help manage and monitor devices across their ecosystem.

Adoption of Blockchain Technologies

The adoption of blockchain-based technologies is also likely to grow in the next year. The payment processing space will continue to rely on blockchain for cryptocurrencies, but the identity space is on the rise. Most likely to appear in decentralized identity models with zero knowledge proofs, it will allow validation of users' identity or their access rights without having to transfer and store personally identifiable information in multiple locations.

The risks will relate to the software development practices, when companies assume security can come later in the process instead of being built from the ground up. As we move into 2019 and companies start to trust blockchain for critical information that can be monetized, we will see attacks moving from only cryptocurrencies to data breaches.

Increased CISO Pressure

CISOs will be under even greater pressure moving into next year, particularly given the increased focus on cyber spending at the board level. Many boards will either begin or continue bringing on independent cybersecurity advisors or board members with experience in cybersecurity, both adding to the pressure but also giving CISOs potentially more support at that level.

Boards will also want to see objective measurement and validation of security program effectiveness, meaning the effectiveness of such programs will rely more and more on CISOs' ability to partner with the board and communicate needs to them. CISOs that can communicate a clear strategy and measurable plan will have increased support, as well as funding for key initiatives.

More Cyber and Privacy Regulations

In addition to safeguarding their organization from growing threats, cybersecurity practitioners will have to ensure they are in compliance with the increasing number and scope of relevant regulations. Although GDPR hasn't yet made the splash many thought it would, we still expect U.S. companies to face fines under GDPR in the coming months, leading to a renewed interest among all businesses in ensuring they are complaint.

California and New York's efforts around cyber and privacy regulations demonstrate there's a bigger appetite for such regulation that's likely to spread to other states. Whether at the state or federal level, we should expect both to more seriously consider privacy and breach notification legislation in the near future.


About the Author


Andrew Howard, Global Chief Technology Officer, Kudelski Security

As the chief technology officer for Kudelski Security, Andrew Howard is responsible for the evolution, development and delivery of the organization's technology strategy and solution architecture, including selecting and validating third-party technologies and managing research, development and labs. Prior to joining Kudelski Security, Andrew was a laboratory director at Georgia Tech, spearheading the information security research and advisory programs. He has served as advisor on emerging security threats to Fortune 250 CISOs and government bodies and has extensive experience as a security architect, strategist and technical leader. Andrew has an MBA in management of technology and a master's degree in information security from the Georgia Institute of Technology.

Published Wednesday, January 30, 2019 7:32 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<January 2019>