Cyber security Threats and Trends

By Richard Harpur

Data protection is no longer just a technology issue—its political and commercial impact is far-reaching.

In 2018, we saw the Europe Union introduce sweeping data protection legislation under the General Data Protection Regulation (GDPR). And in the United States, leaders of tech giants testified before Congress regarding data privacy and protection. There’s a heightened awareness of and expectation for better information security and that’s a good thing.

But just as a new data protection baseline has been established, the complexity and frequency of cyber security threats is increasing. Threats that were novel a few years ago are now available as-a-service and with little technical expertise. 2018 saw an increase in hijacking IT resources for mining cryptocurrency, but ransomware, insider attacks and malware aren’t letting up. While these cyber security threats will continue, here are some key trends to keep a close eye on in the year ahead.

1. Operational technology and critical infrastructure security

Large industrial and critical infrastructure installations now depend on the Internet for remote management and monitoring. At the other end of the scale, cardiac pacemakers embedded in patients have required software updates to fix security vulnerabilities. This trend is set to continue, and we’ll see an increase in cyber attacks and security flaws being identified in technology that aren’t traditional targets. Internet of Things devices will continue to be targeted given their low level of security, and we’re likely to see some more significant operational technology and critical infrastructure security incidents in the coming year.

2. The two faces of cloud security

As application delivery continues to migrate to a software-as-a-service delivery model, security around cloud-based applications will need improvement. Enterprises are getting better at securing these apps, but ease of access consistently introduces risks to organizations where the necessary level of security hardening hasn’t been applied. This is difficult to manage, however, as the use of some apps are undertaken as Shadow IT.

Enterprise applications should continue to integrate with centralized identity and access management tools such as Azure Active Directory, but applications that fall outside of enterprise IT responsibility will continue to experience incidents due to poor security consideration.

3. Commercial espionage and political warfare

Whilst most developed countries have laws against cyber-attacks, the Internet is a global network. More governments are recognizing attacks and cyber defense as key elements to their military capability. Commercial organizations need to be conscious their digital assets must be protected from competitors, especially those operating from countries with weak data protection and security laws. The future will see increases in commercial espionage and intelligence capturing in order to provide competitive advantage.

4. Boardroom concerns (again) for GDPR and the US

The GDPR became effective in May 2018 and carried with it an intense focus by boardrooms. Since then, there’s been great anticipation as to how the enforcement of the law will play out. Company boards are likely to redouble this focus once the first substantial fines are handed down by regulators following breaches. As talks of a US version of GDPR continue for another year, US-based companies will be watching for trends in enforcement overall effectiveness of the law to improve data protection.

5. Increased security integration

Securing an organization requires an undertaking of many different practices. With the rise of the perimeter-less corporate network (data and systems outside of the corporate network), it’s an even greater challenge to secure all enterprise assets. We’ll see a gradual improvement in integration and management tools, so that enterprises can manage their digital assets wherever they’re hosted; on-premise, in the cloud or even on personal devices.

It comes as no surprise that more security incidents will be reported in 2019 and beyond. This is due to mandatory reporting requirements in the EU and other jurisdictions, non-traditional systems being successfully targeted and sophisticated corporate and government-driven attacks becoming more common and widely reported. To stay secure, leaders will grow their IT security investments, but may find themselves to be too far behind; the current security skills shortage will only intensify as demand outpaces the available talent pool. The cyber security journey for organizations will become even more pervasive with expanding needs for skills and the cost for security compliance—this is one demand curve that will only continue to increase over time.

About the author

Richard Harpur is a highly experienced technology leader with a remarkable career ranging from software development, project management through to C-level roles as CEO, CIO, and CISO. Richard is highly rated and ranked in Ireland's top 100 CIOs. As an author for Pluralsight - a leader in online training for technology professionals - Richard's courses are highly-rated in the Pluralsight library and focus on teaching critical skills in cybersecurity including ISO27001 and Ransomware. As a Certified Information Security Manager (CISM) Richard is ideally positioned and passionate about sharing his extensive knowledge and experience to empower others to be successful. Richard also writes extensively on technology and security leadership and regularly speaks at conferences. When he is not writing for his blog Richard enjoys hiking with his wife and 4 children in County Kerry, the tourist capital of Ireland. You can reach Richard on twitter @rharpur.