Society loves prophecy. Whether it’s used as a justification for acts of good or evil, or even if it’s just a matter of looking at your friend and saying “HA! I was right!” Correctly predicting what’s coming is a safe bet in terms of drawing interest, and it is a small wonder that even the biggest tech giants have hopped on that bandwagon. Of course, prophecy and reality often differ, and the discussion of cybersecurity trends is no different.
Let’s take a look at where some big names in the cyber security space – namely Gartner and Google – thought we would be in 2019:
The Contenders: The Google and Gartner Gamble
In The Red Corner
Let’s start with Google – mostly because everyone knows that name, but also because they were first out the gate with the predictions for 2019. Google posted an article about 2019 Security Trends via the Google Cloud Security team blog on January 3rd. You know what they say: The early bird gets the worm!
The main cybersecurity trend predictions from the Red Corner:
- Attacks that skirt two-step verification will push high value targets to adopt stronger 2SV methods.
- We’ll see broader strides toward a true “passwordless” era, due to mainstream adoption of new standards.
- Zero-trust architectures move from idea stage to implementation stage.
- Identity solutions will increasingly rely on machine learning and intelligence to keep users safe.
- Self-managed cloud encryption gets more visibility.
- Attackers will turn their attention to more sophisticated attacks on cloud-native environments like containers.
- Vulnerabilities in open-source software will become increasingly common, requiring rigorous testing.
- There will be more than double the reported data incidents on legacy systems from the previous year as a result of GDPR.
- Highly-regulated enterprises will select for cloud providers who provide real-time monitoring and controls for access to their workloads.
That took a lot out of me just to write, if I’m being honest.
Clearly, the team at Google wanted to drive a specific point home: cybersecurity will maintain a top priority regardless of environment, but especially in the cloud space. The Cloud Security team has some obvious stake in such a claim, but it’s not too much of a stretch either way. If anything, they have even more authority to take such a stance, especially so early in the year.
It is worth noting that not every ‘prediction’ adheres specifically to cloud environments. Cybersecurity is not limited to those ephemeral zones we all hear about on a daily basis – many threats and attack vectors are going to come from a lot closer to the ground, and Google called it early – fair warning to all, as it were.
In The Blue Corner
Business: Research and Advisement
If you haven’t heard of Gartner or the Magic Quadrant, it’s time to move out from under the rock and rejoin society. Gartner has been around for quite some time and has quickly established itself as a trustworthy source of information for data trends and advice on products and solutions throughout multiple industries. Gartner cut its’ teeth on Technology Research and expanded from there, so it’s not exactly new to the cybersecurity game.
That being said, Gartner waited until much of the year had passed before laying out its own set of “Top Security and Risk Trends for 2019”. The early bird gets the worm, sure, but the second mouse gets the cheese.
The main cybersecurity trend predictions from the Blue Corner:
- Leading SRM leaders are creating pragmatic risk appetite statements linked to business outcomes to engage their stakeholders more effectively.
- There is renewed interest in implementing or maturing security operations centers (SOCs) with a focus on threat detection and response.
- Leading organizations are utilizing a data security governance framework to prioritize data security investments.
- “Passwordless” authentication is achieving market traction, driven by demand and the availability of biometrics and strong hardware-based authentication methods.
- Security product vendors are increasingly offering premium services to help customers get more immediate value and to assist in skills training.
- Leading organizations are investing in and maturing their cloud security competency as it becomes the mainstream computing platform.
- The strategic CARTA approach to security is starting to appear in more traditional security markets.
Yet another mouthful – and here I thought I was usually the long-winded one!
Gartner organizes their cybersecurity trends in a similar fashion to Google: with an obvious focus on what is closer to home for their specific audience. We still see a few similar nuggets to Google’s early predictions when we dig deeper, however, with even more focus on cybersecurity as an ever-evolving priority in just about every market.
Gartner is just as aware as Google that the digital age is stomping forward for everyone, regardless of business vertical. In such times as these, security MUST be taken seriously, or the consequences will be terribly severe.
Consensus 1 - Increasing Authentication Security with 2FA
Ah, the old standby: Two-Factor Authentication (2FA). Google refers to it by another common name: Two-Step Authentication, but it’s the same principal. It’s the current hot topic, but as Google predicted: 2FA policies and procedures need to keep up with the times.
It’s not just a matter of sending a code to your email or your phone anymore – just ask the folks at NIST. Those options may suffice, but attackers are evolving just like the rest of the digital world, and 2FA needs to evolve even faster. Where classic, password-based authentication is still in place, security practices need to be boosted to offset the inherent risk, and even then, we need to remain vigilant in our approach.
Adding authentication is not enough anymore – that’s a given. No more anonymous access to resources of any kind – what’s more, you need to prove beyond a shadow of a doubt that you are precisely who you say you are.
Court is adjourned. Next case!
Consensus 2 – Passwordless Authentication for the Win
Such a strange word: Passwordless. The mind reals trying to conceptualize it – mostly because passwords are everywhere. Think on it for more than a second and you’ll come up with five, ten, maybe even twenty or more websites and applications that you have different passwords on your own. That’s not even counting your work accounts! However, as cybersecurity crashes into the future, more and more voices are crying for the death of the password – and with good reason.
Just stop and take a look at haveIbeenpwned.com and you’ll notice a disturbing trend: Data Breaches are occurring with a startling frequency these days. I’ve gotten more letters this year about a ‘potential risk to my identity’ than I care to admit. All because some company I didn’t even know existed had a poor security implementation, and I reaped the soiled rewards. It’s a familiar story, unfortunately, but it doesn’t have to be.
The drive for Passwordless Authentication is one that many can get behind because the password has simply caused too many problems. It’s much harder for you to steal my fingerprint or even my voice imprint – why can’t I use those instead?
So…How did they do?
All in all – they did pretty well. Props go out to Google for jumping on the bandwagon early on and setting the bar high, but they didn’t exactly miss the mark. We have seen an uptick in 2FA approaches – both in the pure Authentication Security sphere, and the more broad Single Sign-On sphere as well. That was always a given, however, as Passwords have been the bane of most security offices for decades! The real prize goes to both companies for reaffirming Passwordless authentication as the next big thing. Whether it’s biometrics or a locked down hardware token, the industry is definitely taking notice.
What about you, are you ready for the death knell of the password as we know it? Sound off in the comments or reach out and let us know!