The end of the year has arrived, and so has the final instalment of our 2019 Predictions series. So far we’ve seen industry experts predict that rogue AI-driven chatbots, large GDPR fines and increasing cloud complexities will be keeping the security industry busy next year, as will issues surrounding IoT botnets, the spread of ‘vaporworms’ and cybersecurity/business alignment.
In this, Part Three of our 2019 Predictions series, Infosecurity takes one last look at some of the key industry trends predicted to be poignant next year.
The Growth of Cyber Insurance
Jake Moore, cybersecurity expert at ESET UK, thinks more and more conversations will focus on cyber insurance next year, something which is still very much a grey area and very much continues to be a bit of an unknown quantity. Moore argued that there are lots of questions that arise from cyber insurance, such as does it pay, or is it even ethical? These will need to be addressed in 2019.
“When purchasing cyber insurance, people need to be very mindful of the small print,” Moore told Infosecurity. “Just like any insurance, you don’t ever know what it’s really worth until you need it. For example, how many of us know what our car insurers would be like if we needed the full service we bought? If you crash your car, you can get another one which looks the same – even with the same number plate with a bit more paper work.
“When it comes to data, can it be replaced without a backup? Can reputation damage be forgotten? Putting in place mitigation techniques to prevent the attack in the first place is a far better area to invest in for the business.”
Skills Gap Tipping Point
Another trend that Michael Flouton, VP, product ops and security strategy at Barracuda Networks, predicts to have an impact in 2019 will be a ‘tipping point’ of the cybersecurity skills crisis.
“While it’s long been known that the cybersecurity industry has a significant skills gap problem, what’s lesser known is that this gap is also increasing. In October 2018, (ISC)2 revealed that the global cyber-skills gap now stands at three million, with 63% of businesses lacking the cyber-skills to actually keep threats at bay.”
Flouton argued that the balance between the resource, skills and expertise of the ‘good guys’ who are fighting attacks and the ‘bad guys’ who are launching the attacks in the first place is a very delicate one.
“In 2019, get ready for a skills gap tipping point,” he warned. “As cyber-attackers’ tactics become ever more sophisticated and, more importantly, harder to spot, they are needing ever more hours of the good guys’ time to identify and stop.
“Added to this, many organizations are finding it harder and harder to recruit and retain cyber-specialists to help them keep the bad guys at bay. Which means they’re relying on fewer people with the skills and expertise needed to protect their organization. These decreasing human resources will come to a head in 2019, where I predict that organizations will stop being able to keep up with investigating these ‘stealth’ cyber-attacks.”
The World’s First Cybersecurity Treaty
Finally, Markus Braendle, CEO at Airbus CyberSecurity, believes that 2019 will see two cyber-powers start negotiations to agree the world’s first cybersecurity treaty.
“There is a growing danger that people will get hurt because of a deliberate or inadvertent attack on critical infrastructure such as power stations and hospitals,” Braendle said. “Ideas to address these dangers have included Microsoft’s suggestion of a digital Geneva Convention with an independent NGO, the Global Cyber Attribution Consortium, to monitor compliance. Although this and other UN initiatives could take years to come to fruition, the balance of risks versus rewards are steadily tipping towards a system of rules for at least some nations, especially if this had geo-political advantages mirrored in other economic and military ties. A formal cybersecurity treaty of this kind would rest as much on its political and symbolic capital as its technical detail.
“States needs to advocate the need for cyber-cooperation instead of cyber-warfare. Indeed, states have an obligation to work towards such as treaty to make this happen to prevent harmful cyber-attack. 2019 could be the year for such an agreement for neighboring countries.”
Parts one and two of our predictions are available, also don't miss our end of year webinar, where we look back at the headlines and trends from 2018.