2019 was a bad year for data security. Based on reports and analyzes, it was the worst ever. According to the Ponemon Institute and its data breach report, the average data breach cost reached $ 3,92 million, the highest ever recorded.
At the same time, the number of data breaches reached its highest recorded price and increased by 54% in the first half of 2019, with nearly 4.000 breaches publicly reported during that time. In total, more than 2019 billion worldwide alerts were posted in 4,1.
Increasingly, consumers and regulators hold companies responsible for data breaches. An October 2019 survey concluded that 81% of consumers would stop working with a company or product after a data breach, meaning that defaming a company and damaging the reputation that accompanies a breach are likely to increase the cost of a data security incident.
In addition, supervisory authorities such as GDPR and the CCPA are indicative of a trend that collectively increases the importance of data security in the coming year. For those tasked with protecting a company's data, today's multi-threat landscape may seem chaotic, leading to increased levels of exhaustion.
However, not all threats are equally frightening, as some are more likely and ominous than others. Cybercriminals are developing their tactics as the security industry tackles cyberbullying and weighs the benefits of paying ransom.
With malware bugs being transformed into new threats and regulators keeping a close eye on any errors, companies count on cyber security teams more than ever.
Here are 5 cyber security trends:
- Security is integrated into data science
Data gives companies a competitive edge. Data scientists are leveraging AI algorithms, available in open source, to modify and configure unified AI models. But AI models are based on quality data, scalable computing power, and reliable algorithms.
The cloud has lifted the limitations of computing and allowed companies to modernize quickly, sometimes leaving behind ethical concerns. The implementation of AI goes beyond "clear and ethical consensus", "threatening already high levels of privacy."
"Algorithms and the handling of personal data will become more accessible," said Lenley Hensarling, head of strategy at Aerospike. "At the same time, data handling will be more careful." Data processing is more risky for businesses than collecting it, according to Gartner.
Delegalization, the proliferation of data sources, and various definitions of privacy contribute to a more complex landscape that needs protection. "Regulators, like much of the public, are becoming increasingly aware of the information they share, both personally and personally, as well as their use," Hensarling said.
- Ransomware is growing at a crisis level
Ransomware took place in industry last year, affecting entities such as government, healthcare facilities and the school sector. The hackers behind GandCrab shut down ransomware last year as successor REvil debuted. In 2019, McAfee said there will be "stronger malware" as hackers work together to consolidate their dominance. The people behind GandCrab abandoned ransomware to deal with its successor, REvil.
Hackers using ransomware have reached the advanced level of encryption, threatening to publicize or sell stolen data to competitors.
- Companies bet on machine learning
To combat human error in security, companies are upgrading their machine learning (ML) capabilities. "The security industry has a real opportunity in 2020 to solve some problems that could not be solved," Larkins said.
Since the age of "static technology", cybersecurity has moved more flexibly. Cloud and data security are a much lower part of the cost of security, costing $ 15 million and $ 72 million, respectively, according to Gartner. However, they are the fastest growing area of risk management.
"What we're trying to do is not take people away from these processes, but make it easier for them to process," said Matt Scholl, head of computer security at the National Institute of Standards and Technology.NIST). Machine learning has the potential to violate privacy. "Companies that use it to conduct experiments and come to conclusions" through this kind of retrieval process, using machine learning algorithms and large data sets, run the risk of privacy issues if they do not bind the algorithms and data properly, "he said. Scholl.
Software vendors are likely to expand their offerings to take a closer look at privacy management. "As with security, privacy is about people, processes and technology," Scholl said.
- Service providers are watching the increasing attacks
Malicious agents spent 2019 sending ransomware to smaller entities, but were also collateral victims. Service Providers (MSPs) will continue to be targeted by hackers. Companies face problems balancing validation and the user experience. "Operational efficiency often creates problems until safety standards are reduced." As a result, customers of service providers are feeling the impact of their cyber attacks.
Attacks on remote monitoring and management software used by operators and other remote access solutions "allow multiple companies to attack simultaneously," according to Callow. In one case, more than 400 customers were affected by an attack, according to Emsisoft. MSP CyrusOne was hit in December, affecting the availability of six of its customers.
At least 13 cloud-based providers or service providers were affected by ransomware in 2019. Attacks on service providers were "completely predictable and preventable," according to Emsisoft. By extracting data as another threat, cyberattacks create "the potential to steal the data of many organizations in one fell swoop."
Custom remote access solutions, protected by two- or multi-factor authentication or completely disabled, mitigate the risk. "In addition, they need to ensure that their service providers adhere to best practices," Callow said. Service providers, in response to a series of ransomware attacks, have implemented solutions in cyberspace, instead of the recommended precautionary measures.
- Security tools and protocols as privacy protection
There are no specific privacy tools, but there are mechanisms to protect consumer data. Companies will continue to rely on existing security tools to prevent incidents that endanger consumer data. Data breaches together link security and privacy consequences.
This year, privacy regulators have penalized Marriott International and British Airways for failing to safely protect their customers' data. Capital One has suffered a data breach after exploiting a defect in the Web Applications Firewall (WAF). WAFs contribute to cybersecurity strategies that focus on perimeter protection rather than data.
Privacy is a by-product of cyber security protocols. Organizations declare that IT security teams are responsible for protecting privacy.
"Security teams provide the tools for safe and secure handling of personal information," Hensarling said. However, 95% of C-suite executives have 20% or less cybersecurity funds to identify solutions.
Legacy systems complicate the development of identity solutions, and companies have failed to develop API-based systems that integrate with applications.