2018 brought major data breaches, new data privacy regulations, potential GDPR fines, a rise in phishing attacks and so much more. A tough year for cybersecurity, to say the least.
Media coverage about information security events also increased significantly, with many more consumers and citizens becoming aware of the importance of protecting personal information. High profile breaches such as the Facebook and Marriott incidents only amplified the conversations happening across the world about data security and privacy.
It seems we are entering a new phase in 2019: the general population’s newfound awareness is combining with a stricter regulatory landscape and the hazardous nature of protecting and controlling ever-increasing amounts of unstructured data across networks and the cloud. This creates an environment which requires careful navigation if organizations are to avoid data breaches and the financial and reputational repercussions which closely follow afterwards.
So, what might 2019 have in store? Here are some thoughts from Neil Larkins, CTO of Egress, on where the cybersecurity industry may be headed:
Email security (still) reigns supreme – but maybe not as you know it!
Email security will be as important as ever in 2019. This will be the case because, firstly, email isn’t actually going to disappear any time soon. Although, we’ll probably see email usage decline and then plateau over the next few years, as collaboration and IM applications increase in popularity.
Secondly, increasingly stringent data privacy regulations are driving adoption of security technology, like email protection software. We saw this in 2018 for organizations affected by GDPR, and will see it again in 2019 ahead of the final deadline for the NYDFS Cybersecurity Regulation in March and as companies prepare for newer regulations like the California Consumer Privacy Act, which comes into force in January 2020.
Email is one of the only communication mechanisms that almost everyone within an organization has access to, so it’s going to remain critical for organizations to continue investing in email security. However, in the next 12 – 18 months, new technologies like AI and machine learning will change the face of email security, with the ability to engage users to make smarter security choices.
Beware the BEC!
In 2018, the FBI reported that global losses from business email compromise (BEC) attacks had exceeded $12 billion. For businesses heading into 2019, they’ll need to be alert to the risk that BEC attacks pose to both their staff and their sensitive information.
‘Traditional’ spam emails from long-lost foreign relatives may still occasionally slip through your filters, however a combination of education and tell-tale signs like poor grammar make these easier for employees to spot. But BEC and more sophisticated spear phishing attacks will continue to be successful into 2019 because they’ll leverage human nature and human error.
After all, no-one wants to be the employee who doesn’t reply promptly to the CEO’s email! Unless they look to emerging technologies like deep learning and NLP to combat these risks, organizations are going to have an increasingly uphill battle on their hands.
Cutting through the noise of AI
There’s a lot of noise about AI in the security industry – so one of the challenges in 2019 will be to cut through this with technology that can actually add value for end-users. To do this, organizations will need to look at users’ pain points – like usability or disrupted workflows. From there, organizations can use smart technology to help to ease these problems.
For example, preventing over-encryption of emails – where a user encrypts everything, including information that isn’t sensitive – which can cause recipients to pushback. By doing this, organizations can make security technology something that is embraced by the user, and ultimately protect their organizations from data breaches in 2019 and beyond.
The take-away? Organizations must learn from previous struggles and successes in order to ensure the technology solutions deployed today will provide innovations and ROI well into 2019 and beyond.
Being able to cope with emerging threats, as well as historic attack vectors, means learning how to leverage 21st century technology effectively. 2019 might be the year that AI and machine learning deliver on their promise and become crucial tools to defeat malicious attacks and prevent previously unpredictable, unstoppable breach risks such as those posed by human error. Using these modern technologies means creating security solutions that work with, not against, the end user to provide a safety net and bolster existing tools such as end-to-end encryption. The risks posed by business email compromise, phishing and the accidental send demonstrate that email remains the biggest risk surface, at least for now, and so in 2019 organisation should take steps to understand how they can utilize state-of-the-art tools in the most effective way to mitigate these dangers.
Not sure where to start? Let us help.