Well, 2018 is almost over and cyber threats are still here to keep us alert and ready for our continued roller coaster ride in 2019 as well.
So here are some of my predictions for the world of cybersecurity 2019:
IoT is slowly turning into reality and security becomes a growing concern in afterthought fashion as always. This reality will not materialize into a new cohort of specialized vendors due to its highly fragmented nature. So, we are not set to see any serious IoT security industry emergence in 2019. Again. Maybe in 2020 or 2021.
DevOps security had a serious wave of innovations in recent three years across different areas in the process as well as in the cloud and on-premise. 2019 may be the time for consolidation into full DevOps security suites to avoid vendor inflation and ease integration across the processes.
In 2019 we will see a flood of chipsets from Intel and AMD, Nvidia, Qualcomm, FPGAs, and many other custom makers such as Facebook, Google, and others. Many new paradigms and concepts have not been battle-tested yet from a security point of view. That will result in many new vulnerabilities uncovered. Also due to the reliance of chipsets on more software inside and of course due to the growing appetite of security researchers to uncover wildly popular and difficult to fix vulnerabilities.
Freelancers and Small Office
Professional and small businesses reliant on digital services will become a prime and highly vulnerable target for cyber attacks. The same businesses which find out it is very difficult to recover from an attack. There are already quite a few existing vendors and new ones flocking to save them and trends will intensify in 2019. The once-feared highly fragmented market of small businesses will start being served with specialized solutions. Especially in light of the over competitiveness in the large enterprise cybersecurity arena.
Enterprise Endpoint Protection
The AI hype wave will come to the realization and will be reduced back to its appropriate size in terms of capabilities and limitations. An understanding clarifying the need for a complete and most important effective protective solution which can be durable for at least 3-5 years. Commoditization of AV in mid to smaller businesses and consumers will take another step forward with the improvement of Windows Defender and its attractiveness as a highly integrated signature engine replacement which costs nothing.
AI Inside Cyber Attacks
We will see the first impactful and proliferated cyber attacks hitting the big news with AI inside and they will set new challenges for defense systems and paradigms.
Facebook, Google, Twitter…
Another year of deeper realization that much more data then we thought of is in the hands of these companies making us more vulnerable and that they are not immune to cyber threats like everyone else, compromising us eventually. We will also come to realize that services that use our data as the main tool to optimize their service conflict with protecting our privacy. And our aspiration for control is fruitless with the way these companies are built and the way their products are architectured. We will see more good intentions of the people operating these companies.
As more elections will take place across the planet in different countries we will learn that the tactics used to bend the democracy in the US will be reused and applied in even less elegant ways, especially in non-English speaking languages. Diminishing the overall trust in the system and the democratic process of electing leadership.
Regulators and policymakers will eventually understand that to enforce regulation effectively on dynamic technological systems there is a need for a live technological system with AI inside on the regulator side. Humans can not cope with the speed of changes in products and the after effect approach of reacting to incidents when the damage is already done will not be sufficient anymore.
2018 was the year of multitude authentication ideas and schemes coming in different flavors and 2019 will be another year of natural selection for the non-applicable ideas. Authentication will stay an open issue and may stay like that for a long time due to the dynamic nature of systems and interfaces. Having said that, many people had enough text passwords and 2fa.
The Year of Supply Chain Attacks
2018 was the year where supply chain attacks were successfully tested by attackers as an approach and 2019 will be the year it will be taken into full scale. IT outsourcing will be a soft spot as their access and control over customer systems can provide a great launchpad to companies’ assets.
Let’s see how it plays out.
Happy Holidays and Safe 2019!