Cybersecurity Experts’ Predictions 2019: Check Point, Synopsys, HIMA
CYBERSECURITY has been taking the center stage for sometime now, what with several attacks on many organizations, including Facebook.
These online threats from hackers — who appear to be always a step ahead of organizations’ defense platforms have forced governments and businesses to grapple with an increasingly sophisticated environment, including the rise of hackers globally.
McGallen and Bolden has put together Predictions 2019 from cybersecurity solutions providers.
So, what do cybersecurity experts from different fields think about 2019?
Here’s some ideas from Check Point Software, a leading and pioneer cybersecurity company; Synopsys, a leading software security and open source compliance company, and HIMA, a 110-years old German company for industrial safety and cybersecurity.
Industrial Safety & Cybersecurity
Dr. Alexander Horch, VP R&D and Product Management, HIMA:
“Due to the developments of recent years, the security of process plants is in the focus now and will be in the coming years. This includes three main points: First, the basic protection of the existing facilities which means properly applying state-of-the-art technology. Second, vulnerabilities must be identified and eliminated. Third, organizational and normative requirements must be understood and implemented. The process safety depends heavily on the state of security. In addition, however, requirements of the current standard IEC 61511 must also be implemented here. On closer inspection, comprehensive measures are often necessary. Further important trends of the future are open architectures, modular engineering and integrated diagnostic concepts.”
“Mass Complacency” and Laws
Tony Jarvis, Chief Technology Officer, APMEA, Check Point Software
We are about to enter an era of “mass complacency”. Headlines around data breaches were previously met with shock and concern, though today they are increasingly becoming the norm. No longer are data breaches isolated events. We are now seeing cases of individuals having their personal data compromised for the second or third time. Companies themselves are being hit successfully with subsequent attacks. All of this will contribute to an apathetic mindset that “the worst has already happened”, which is extremely dangerous. In fact, it has been brewing for a while, as research by ISACA in 2017 found that only 50% of CIOs and IT leaders took any meaningful action towards improving security following the WannaCry ransomware attack. Many are using their security budgets to meet compliance requirements and avoid fines, while we should be striving to turn the situation around.
At the same time, 2019 will herald in a raft of laws aimed at alleviating the situation. 2018 has been a significant year from a regulatory perspective. GDPR came into effect and certain countries have begun bolstering security requirements around critical infrastructure. California has witnessed the introduction of a Privacy Act similar in nature to the GDPR, and has upped the anti by being the first state in the US with an Internet of Things cybersecurity law. The proliferation of such laws are needed not only because new technologies necessitate guidance around their lawful use, but also to compel organisations to meet certain minimum requirements. Perhaps the largest surprise from a regulatory perspective throughout 2018 relates to mandatory disclosure laws. These laws, which require organisations to disclose details around data breaches, have been blatantly ignored by those who’d prefer to keep such attacks out of the public eye. Knowingly violating the law is a practice that we can only hope will decline as social pressure to notify of such breaches ramps up.
Security by Design and Standards
Dr. Ralf Huuck, Senior Technologist, Synopsys
Software is still largely written without formal standards and processes behind it. Unlikely building bridges, software development is not a standardised repeatable job. Open source has been on the rise for a long time and is now commonplace. One can imagine that actually more trust will be placed in common building blocks based around open source software. Moreover, vertical software development standards will appear more strongly. As evident for safety critical systems such as cars and aircrafts, when lives depend on correct software execution more effort will be placed on standards, audibility and accountability. These standards might be evolving bottom-up or will be government regulated. Potential new verticals on the rise for this are financial services, solutions around blockchain and security around mobility solutions. For 2019, we might see a rise of consortia within verticals to establish more security standards that are domain specific and improve trust and interchangeability. Much of this might be built on open source components.
Security in IoT, Healthcare, Retail and Industrial Systems
Olli Jarva, Managing Consultant, Synopsys
In the year to come, industrial control systems (ICS) and operational technology (OT) organizations will begin waking up to the changes taking place in the cyber landscape. I predict that we’ll see more security investments occurring in this space. At the same time, security testing of OT (embedded) systems will grow considerably. As for the healthcare and retail industries, we’ll be seeing many more attacks. The reason is that the value of the data these industries are collecting is increasing. Investments must be made to protect the data within these industries and beyond. Again, security training is imperative. IoT attacks will remain an issue in the year to come. In Asia Pacific, many countries are moving forward with Smart City and Smart Nation initiatives. This opens the opportunities for a new wave of IoT cyber-attacks. Attacks could be approached from a data poisoning perspective in which faulty information is intended to influence organizational decision making through the sensors deployed within the target city or nationwide. We’ll also see the same old issues persist: hardcoded credentials and unpatched components, not very well designed OTA updates, and continuous update policies.
Jobs and Artificial Intelligence
Sammy Migues, Principal Scientist, Synopsys
Many people will learn that artificial intelligence (AI) and machine learning (ML) are already all around them, often making decisions that affect their lives, their families, their health, their jobs, and so on. Many, many more business jobs will be staffed by bots in the year to come. If you think the average person is average, wait until you find yourself yelling at a bot over the phone. (McGallen and Bolden)