Cybersecurity Trends Report 2019
Every year gives us a new opportunity to review everything that has happened in the previous year and also to anticipate some of the issues that will occupy us during the next year. In 2019, from ElevenPaths, Telefónica’s Cybersecurity Unit, we want to take advantage of this moment to analyse the evolution of the threats in the digital world, the new challenges we are facing and the way in which the different actors in the industry are adapting to these changes, as well as highlighting the areas that we consider should receive greater attention in the coming months.
The risks associated with the expansion of the digital transformation of businesses and people’s daily lives continue to be of great importance. This highlights the need to adapt security to the new forms of deployment, administration and operation that arise with the adoption of the cloud and the concept of DevSecOps is gaining greater prominence. It also increases the risk associated with email, with more sophisticated attacks, and increasingly ubiquitous IoT devices, whose protection calls for the development of security solutions adapted or even specifically designed for this type of device. Even so, user awareness and education remain a key element in the protection of individuals and businesses.
On the other hand, the increase in attacks on companies based on the weaknesses of their partners forces them to broaden the scope of risk management and adopt new tools aimed at analysing and automating the processes that allow them to know and manage these growing risks.
In this scenario, traditional perimeter-based security models are challenged, forcing the adoption of zero-confidence and post-breach detection strategies. In addition, awareness of the inevitability of an attack is growing, and the insurance industry is responding with offers tailored to different types of businesses.
On the CISO horizon, the need for solutions that provide a holistic view of risk, understood and managed in terms of business, remains. But, in addition, sophisticated attacks that were previously reduced to the scope of states and critical infrastructures are extended to other organizations, and online fraud crosses the barrier of the financial environment to extend to other sectors; all this leads to reinforce the protection of private information, an aspect that continues to be a challenge, especially in international environments. On the other hand, the lack of qualified professionals continues to be an outstanding constant, making it difficult for companies to adapt to an environment in which threats are growing in number and complexity and budgets are not keeping pace.
The industry is trying to respond to all these factors, offering new solutions, such as Managed Detection and Response (MDR) managed services that enable any company to have advanced cybersecurity, or Digital Risk Protection (DRP) solutions, which protect companies in their exposure to the digital world and whose adoption is spreading. Threat Intelligence Application Platforms also appear as another step in the use of intelligence to improve the performance of any SOC.
Lastly, work continues on the use of machine learning as a technique to help build better intelligence to protect against threats, but it is necessary to delve deeper into its criteria and modes of application. And extending the scope of the use of artificial intelligence, not only to prevention and detection, but also to reaction.