10 top security trends for 2019


Cybersecurity is getting complicated. The same digital transformations that are delivering useful and productive innovations to many organizations also are helping cyber criminals get smarter — and grow more dangerous.

To help you protect your organization, here are our top 10 cybersecurity trends for 2019.

  1. Information security and operational risk converge: Organizations can no longer think of information security and operational risk as two separate things. IT no longer just supports the business, but increasingly is the business.
  2. Zero trust = No trust?: As part of the move to a mobile-first digital workplace, security managers at many organizations believe the time has come for the security approach known as Zero Trust. It’s based on the idea that an organization should not automatically trust anything or anyone, whether inside or outside its network perimeter. However, many organizations have simply shifted trust from the network to user devices in the belief that devices can authenticate themselves, leading to complacency in patching.
  3. Diversity enriches the security workforce: The security workforce, historically lacking diversity, is becoming more inclusive. Women, members of minority groups and others overlooked in the past are in greater demand in the security field. The effect will be positive, as diversity and inclusion improve our communities, strengthen our organizations and help drive positive social change around the world.
  4. GDPR’s ripples spread: Europe’s General Data Protection Regulation, in effect since only May 2018, has already resulted in a number of fines and complaints. Many organizations are finding that when it comes to GDPR compliance, they haven’t done enough yet.
  5. Hardware attacks proliferate: Highly publicized hardware attacks including Spectre, Meltdown and Foreshadow, are just the tip of the iceberg. More attacks of even greater severity are likely to come soon. Rather than waiting to have their hardware systems attacked, smart organizations should take defensive actions now.
  6. Criminal attack models gain sophistication: Criminals will continue to refine and expand their operating models, hoping to take advantage of endpoint access. Hackers, for example, will use their endpoint access to conduct more targeted ransomware attacks.
  7. Cybersecurity learns counterintelligence: Cybersecurity is an arms race. As deception becomes a favored approach of criminals, IT vendors will augment their traditional security capabilities with “baked-in” deception detection. These capabilities can detect, analyze and defend against zero-day and advanced attacks, often in real time.
  8. Pricing suffers from commoditization: The differences among security products are fading, while the number of competing suppliers is increasing. As a result, suppliers of security products have little choice but to lower their prices.
  9. Attribution leads to tit for tat: As the world’s geopolitical balance shifts, so does attribution, the act of publicly naming a nation-state believed to have made a breach. Until recently, most attributions were made by Western nations against non-Western nations. But this will change in 2019, as non-Western nation states increasingly become both the attacked and the attackers.
  10. Extortion evolves: Ransomware is giving way to out-and-out blackmail. Blackmailers first steal incriminating data, such as photos, email messages and personal data. Then they threaten to make the information public unless the victim pays them an extortion fee.

There you have it: 10 top security trends for 2019. What to do about them? Observe how the IT security landscape is changing — and then understand what that will mean for your organization’s cybersecurity. That should give your organization a fighting chance.

Simon Arnell is security chief technologist, Office of the CTO, at DXC Technology. He has a background in applied security research and development, and in running client proofs of concept. Previously, Simon led the commercialization of the DXC DNS monitoring service and pioneered the use of software-defined networks for rapid incident response, as well as the application of stochastic process modeling and simulation for strategic security-policy decision support.

Craig Jarvis is chief technology officer for security at DXC Technology. Craig specializes in the nexus of warfare and technology. He holds master’s degrees in both computer forensics and international security. He is currently completing a PhD in warfare and writing a book on the political history of encryption technologies. Craig previously studied history at Oxford University, and holds master’s and bachelor’s degrees in classical music.

Speak Your Mind


This site uses Akismet to reduce spam. Learn how your comment data is processed.