2019 was a bad year for data security. Based on reports and analyzes, it was the worst ever. According to the Ponemon Institute and its data breach report, the average data breach cost reached $ 3,92 million, the highest ever recorded.
At the same time, the number of data breaches reached its highest recorded price and increased by 54% in the first half of 2019, with nearly 4.000 breaches publicly reported during that time. In total, more than 2019 billion worldwide alerts were posted in 4,1.
Increasingly, consumers and regulators hold companies responsible for data breaches. An October 2019 survey concluded that 81% of consumers would stop working with a company or product after a data breach, meaning that defaming a company and damaging the reputation that accompanies a breach are likely to increase the cost of a data security incident.
In addition, supervisory authorities such as GDPR and the CCPA are indicative of a trend that collectively increases the importance of data security in the coming year. For those tasked with protecting a company's data, today's multi-threat landscape may seem chaotic, leading to increased levels of exhaustion.
However, not all threats are equally frightening, as some are more likely and ominous than others. Cybercriminals are developing their tactics as the security industry tackles cyberbullying and weighs the benefits of paying ransom.
With malware bugs being transformed into new threats and regulators keeping a close eye on any errors, companies count on cyber security teams more than ever.
Here are 5 cyber security trends:
- Security is integrated into data science
Data gives companies a competitive edge. Data scientists are leveraging AI algorithms, available in open source, to modify and configure unified AI models. But AI models are based on quality data, scalable computing power, and reliable algorithms.
The cloud has lifted the limitations of computing and allowed companies to modernize quickly, sometimes leaving behind ethical concerns. The implementation of AI goes beyond "clear and ethical consensus", "threatening already high levels of privacy."
"Algorithms and the handling of personal data will become more accessible," said Lenley Hensarling, chief strategy officer at Aerospike. "At the same time, data will be handled more carefully." Data processing is more risky for businesses than collecting, according to Gartner.
Demonetisation, increased data sources and various definitions of privacy contribute to a more complex landscape that needs protection. "Regulatory authorities, like much of the public, are becoming increasingly aware of the data they share, both personally and for others, and for their use," Hensarling said.
- Ransomware is growing at a crisis level
Ransomware took place in the industry last year, affecting entities such as state governments, healthcare facilities and school sectors. The hackers behind GandCrab stopped operating ransomware last year, as successor REvil debuted. In 2019, McAfee said there would be "more powerful malware" as hackers worked together to consolidate their dominance. The people behind GandCrab abandoned ransomware to deal with its successor REvil.
Hackers using ransomware have reached the advanced level of encryption, threatening to publicize or sell stolen data to competitors.
- Companies bet on machine learning
To combat human error in security, companies are upgrading their machine learning (ML) skills. "The security industry has a real chance in 2020 to solve some problems that could not be solved," Larkins said.
Since the era of "static technology", cybersecurity has become more flexible. Cloud and data security are a much lower part of security spending, costing between $ 15 million and $ 72 million, according to Gartner. However, they are the fastest growing risk management sector.
"What we are trying to do is not to remove humans from these processes, but to facilitate their processing," said Matt Scholl, head of the computer security department at the National Institute of Standards and Technology (NIST). Machine learning has the potential to violate privacy. Companies that use it to conduct experiments and come to the conclusion "through this kind of retrieval process, using machine learning algorithms and large data sets, risk the possibility of confidentiality problems if they do not properly bind the algorithms and data," he said. Scholl.
Software vendors are likely to expand their offerings to bring more privacy-related management closer. "As with security, privacy is about people, processes and technology," Scholl said.
- Service providers are watching the increasing attacks
The malware spent 2019 sending ransomware to smaller entities, but they were also victims. Service providers (MSPs) will continue to be the target of hackers. Companies are having problems balancing validation and user experience. "Operational efficiency often creates problems until security standards are reduced." As a result, customers of service providers feel the impact of their cyberattacks.
Attacks on remote monitoring and management software used by operators and other remote access solutions "allow multiple companies to attack simultaneously," according to Callow. In one case, more than 400 customers were affected by an attack, according to Emsisoft. MSP CyrusOne was hit in December, affecting its six-customer availability.
At least 13 cloud-based providers or service providers were affected by ransomware in 2019. Attacks on service providers were "completely predictable and could be avoided," according to Emsisoft. By posting data as yet another threat, cyberattacks create "the chance to steal data from many organizations in one hit".
Custom remote access solutions, protected by two- or multi-factor authentication, or fully deactivated, mitigate the risk. "In addition, they need to ensure that their service providers adhere to best practices," Callow said. Service providers, in response to a series of ransomware attacks, have implemented cyber solutions instead of recommended precautionary measures.
- Security tools and protocols as privacy protection
There are no specific privacy tools, but there are mechanisms to protect consumer data. Companies will continue to rely on existing security tools to prevent incidents that endanger consumer data. Data breaches together link security and privacy consequences.
This year, privacy regulators have penalized Marriott International and British Airways for failing to safely protect their customers' data. Capital One has suffered a data breach after exploiting a defect in the Web Applications Firewall (WAF). WAFs contribute to cybersecurity strategies that focus on perimeter protection rather than data.
Privacy is a by-product of cyber security protocols. Organizations declare that IT security teams are responsible for protecting privacy.
"Security teams provide the tools to safely and carefully handle personal information," Hensarling said. However, 95% of C-suite executives have 20% or less of cybersecurity funds to identify solutions.
Legacy systems complicate the development of identity solutions, and companies have failed to develop API-based systems that integrate with applications.