Industry executives and experts share their predictions for 2019. Read them in this 11th annual VMblog.com series exclusive.
Contributed by Ben April, chief technology officer at Farsight Security, Inc.
Technology Trends to Watch
2018 was quite a year - privacy discussions
were given a bigger stage than ever before, breaches grew larger and more staggering,
and the world paid closer attention to privacy, election security and breach
disclosure process.
What will 2019 bring? Here are the key issues
that will be plaguing IT Security teams in the coming year.
We will spend more time and resources on
threats to "Things" in 2019 than ever before
In a world of refrigerators that send spam,
automated voice assistants that over-share conversations and routers that DDOS,
IOT security is everyone's problem. The pace of new threats to appliances and
devices is growing about as fast as the number of devices in our homes and
workplaces. Keeping pace software updates is hard enough on phones, computers
and mobile devices. Keeping devices in-field current is not a
"solved" problem.
The market for "Observational
Intelligence" will continue to grow
As the consumers of Threat Intelligence mature,
more are looking for pre-judged raw materials along with tools and processes
that they can use to apply their own business-rules to create custom-tailored
reputation sources. The gap between "top tier" and typical security
teams is growing. Teams with less resources will be asking: "tell me what to
do," while better resourced teams will ask: "tell me what you know, we'll
decide what it means to us. The market will stay strong for reputation vendors
that can pivot and offer pre-reputation data will have an advantage with the
upper-tier operations.
New and more questionable data-handling
practices will come to light
There is no question that data breaches will
continue. Social media and data warehouse firms are under the same business
constraints as everyone else. Expect to see new notifications of data breaches
from organizations that you didn't know had any data on you. Questions will be
raised about why organizations have specific data and what responsibilities
they have to protect it. Expect GDPR to begin to bear fruit in terms of litigation
and penalties.
Privacy will be a watch-word but users will
need to look deeper to find the real risks
New products and
proposals promising to fix specific privacy problems will continue to appear.
Some will actually move the needle on one or more aspects of privacy and may
miss entirely or make things worse for other aspects. One example is DOH (DNS
over HTTPS) it does hide your DNS queries traffic from your ISP, but it goes on
to provide those queries in a neat per browser package to the DOH servers. If
you don't trust your ISP, you should be using a VPN, or another ISP.
##
About the Author
Ben April is the chief technology officer at Farsight Security,
Inc. Prior to joining Farsight, Mr.
April spent eight years at Trend Micro, where he became the Americas regional
manager of the forward-looking threat research team. He has presented to
security conferences on five continents, covering topics like Bitcoin, NFC,
operational security and infrastructure security. Mr. April has built research
systems for collecting and aggregating data, from Whois and the Bitcoin
block-chain to the global routing table. His current crusade is to eliminate
the technical and policy barriers that impede data-sharing among white-hat
security researchers. Mr. April is also a volunteer sysadmin and coder for some
trusted-community security projects.