Cybersecurity Trends and Predictions 2019

The year 2018 saw ransomware families such as CryptoLocker and variants like Locky continue to plague organizations as cybersecurity adversaries morph their techniques to avoid detection. Several massive data breaches this year include Quora, Ticketmaster, and Facebook that exposed over 200 million records worldwide. While high-profile breaches may make the news headlines, over 60% of small and mid-sized firms have experienced data loss or a breach themselves. While smaller firms may believe that they are not targeted by hackers, they comprise the global supply chain connected to much larger enterprises. SMBs also find that their IT and security staff is stretched thin juggling day-to-day operations with cybersecurity capabilities insufficient for their unique organization and industry sector risks.

As the year winds down, here’s what small and mid-sized organizations may experience in 2019 with an eye towards enhancing security.

Cybersecurity Threats Impact Uptime:

Organizations of all sizes struggle to maintain uptime of point of sale (POS) systems and avoid lost productivity due to business data loss. Patching, ransomware, and data breaches all impact network and system uptime. Enhanced investment in your infrastructure and cybersecurity during 2019 ensures that your organization can detect and remediate threats quickly to meet resiliency and uptime objectives.

Malware Continues to Endanger Organizations:

Malware like viruses, worms, bots, and banking trojans will continue using advanced evasion techniques to challenge organizations and consumers alike. Malware that morphs and evades detection increases recovery costs; rapid detection and blocking will continue to be essential in minimizing dwell time and damage. While traditional anti-virus alone is not enough to stop malware, endpoint detection and response (EDR) software provides enhanced protection necessary to catch new and otherwise unknown malware strands.

Cybersecurity Shortages Drive New Business Models:

According to Ponemon Institute research, 73% of small and mid-sized organizations state that insufficient personnel keep IT security from being fully productive. A lack of cybersecurity staff and skills can lead to creative approaches to maintain protection and compliance. Many organizations will tap a trusted managed security services provider (MSSP) to complement their existing staff and capabilities.

You Can’t Manage What You Can’t See:

Over 40% of organizations consider getting full visibility to all assets and vulnerabilities to be a top challenge, according to a threat monitoring report. Comprehensive infrastructure and log monitoring provide real-time insights that can identify suspicious behavior, flag further action, and help prioritize where to focus limited resources. A Security Information and Event Management (SIEM) service such as EventTracker SIEMphonic provides the visibility and actionable intelligence you need for sustained protection.

New Privacy and Data Breach Regulations Gain Traction:

Following the strict privacy and breach notification guidelines in EU GDPR (General Data Protection Regulation), many anticipate that US lawmakers will consider enacting similar regulations. The California Consumer Privacy Act signed into law in 2018 is a harbinger of such legislation. The Forbes Technology Council weighs in on data privacy impacts for organizations of all sizes.

Effective Security Starts at the Top:

You and your executives set the tone on security that successfully balances organizational growth with risk mitigation. Over 62% of small and medium-sized firms have experienced a data breach, so it’s important to be proactive and invest accordingly. Year-end is the ideal time to evaluate your current security posture and ensure that you are evolving and investing in security as your adversaries step up the game. If you don’t have the right skills or staff, engage a trusted advisor like a managed security services provider (MSSP) to assess any security gaps.

The cost of cybersecurity threats includes reduced productivity, lost online revenue, compliance gaps, and even fines. Many small and mid-sized organizations should approach 2019 with both strategic and tactical security measures that involve people, processes, and technology. Detecting a data breach takes 107 days on average so augment your expertise in security and compliance to maintain uptime and growth.

For more real-time information on cyberthreats, view our Catch of the Day resources that outlines actual cybersecurity war stories.

  • How to Justify EDR with Three Top Business Cases

    April 03, 2019

    Increasing complexity and frequency of attacks have escalated the need for detection of attacks and incident response. Endpoints are the new battleground as they are a) more pervasive across the network, b) more commonly used by non-IT personnel, and c) less well-defended by IT teams who first move to secure the data center. Endpoint detection and response (EDR) solutions meet the need to rapidly investigate large numbers of systems for evidence of malicious activity, quickly uncover, and then remediate attacks and incidents.

    Read More
  • SIEMpocalypse?

    March 20, 2019

    Did you know that Microsoft is a security vendor? No, it’s true. For years, the company was hammered by negative public perception and the butt of jokes around the 2002 "trustworthy computing" memo. The company has steadily invested in developing a security mindset and the product results are now more visible to the public.

    Read More
  • What is EDR and Why It is Critical to SMB Security?

    February 25, 2019

    Over 7 billion global devices in an always on and continuously connected world create a soft target for today’s attacker. Whether working to monetize data or make a political statement, adversaries are well funded and staffed in the battle for endpoint access and control.

    Read More
  • SIEM