Start the year right with these predictions for trends most likely to affect your organization in 2019.
As much of the world is gearing up for 2019 after the busy holiday season, businesses are looking to dive into the new year and accelerate business, boost their digital presence and drive better internal collaboration all to improve security, reduce risk, and to achieve compliances. Whether you are a GRC or security professional, are you ready for 2019? Read on as we share our top five predictions for what may come in the year ahead.
Continued Meteoric Rise in Cyber-attacks While End Users Become Numb
When Marriott announced on November 19 that over 500 million customers had been hacked in a breach on the Starwood reservation system extending from 2014 through September 2018, it arguably topped the charts as the biggest hack to hit headlines in 2018. This breach now sits among the largest breaches in history. The overall financial figures of this and all other breaches are mind-blowing. With the increase of cryptojacking and highly targeted phishing and data-in-transit attacks, those figures will explode beyond what we’ve seen previously.
Yet comparing the public response to the Marriott hack against the Target hack of 2013, end users and customers have become empathetic or even numb to breach news. This trend will continue as the types of breaches morph and are more social engineered to acquire more customer PII (personally identifiable information).
Continued Regulatory Changes to Address Technology Advancement
On the other hand, federal regulatory bodies will race to produce updated and impactful legislation and guides aimed at new risk associated with updated technology. These regulations will aid both small businesses and established larger organizations with securing their infrastructure based on industry experts and proven tactics. The challenge continues that regulations often taken significant time to draft and lenthy approval processes, which puts it well behind the speed of adaption of hackers. These regulations serve as the baseline for securing the infrastructure, each organization will need to continue to build out their own security strategy.
Data Protection Becomes Regulatory Priority
Last year’s roll out of the European Union’s General Data Protection Regulation (GDPR) prompted a massive global effort for anyone doing business to become compliant with the regulations or face stiff penalties. In 2019, the EU is likely to ramp up handing out those penalties. While globally many countries and state regulatory bodies will enact similar legislation. In the US, California’s Consumer Privacy Act (CCPA), which is slated to go into effect in 2020, will be followed up throughout the nation as states eagerly look to protect their constituent’s information. In turn, these regulations will create a surge in constituents/customers holding companies accountable for how their personal information is being handled.
Organizations of every industry will to race to update their digital presence, secure their data and improve the customer experience for both outward facing and backend systems to drive financial growth. Driven by the financial technology industry, the need to differentiate online will continue to see significant revenue dollars invested in improving web platforms for mobile experiences, improved customer on boarding, and agile experience.
However, with the changes, organizations will expect from their security vendors the same agile experience – the ability to instantly view the overall health of their security analysis. Tools, led by BAP, will adapt to provide real-time visibility into the health of the controls and standards to tell the story of their overall security and compliance. In addition, the expectation that these security tools will no longer be siloed. Customers will expect that the event logs acquired in SIEM tools can automatically be tied back to the specific objectives, policies, regulations, controls and audit rules to provide evidence-based compliance and security accountability.
Merging of Security with Compliance and Risk
In 2019, organizations will continue to understand that to truly have accountable security the disciplines of security, compliance and risk are interdependent. Business objectives will adjust to merge focus on fighting cybercrime with meeting compliance requirements. Starting at the executive level, teams from these departments will start to work together to remove silos. In addition, as mentioned above, it will be expected that technology adapts to make this happen seamlessly providing continuous monitoring or event impacts to policy controls, remediation and threat-resolutions, automated policy analysis and regulation to controls mapping, and automated and validated data collection. There will be an increased focus on the interoperability of the various IT systems to achieve the desired business outcomes.