The article will cater to a few subtopics.
During the course of 2018, the security industry was riddled with data breaches, exposures, regulations, and new advanced cyber-technologies. Among these developments are details that could potentially set the tone for 2019. New laws, new defenses, and new breaches could prove to be the drastically needed catalysts for cyber-change.
State-Specific: 35 states, including D.C. and Puerto Rico introduced over 265 bills or legislations in cybersecurity. The list is as follows: Arizona, California, Colorado, Connecticut, Florida, Georgia, Hawaii, Iowa, Idaho, Illinois, Indiana, Kansas, Kentucky, Louisiana, Massachusetts, Maryland, Michigan, Minnesota, Missouri, Mississippi, Nebraska, New Jersey, New Hampshire, New Mexico, New York, Ohio, Pennsylvania, Rhode Island, South Carolina, Tennessee, Utah, Virginia, Vermont, Washington, West Virginia, Wyoming, District of Columbia, and Puerto Rico. This massive sweep of state-specific regulations plays into the larger national and federal picture that is shaping the digital landscape. The full details of all new state-specific regulations can be found here. These state regulations are aimed at a wide array of cybersecurity facets, all contributing to heightening security postures of organizations, reporting breaches, and most importantly; protecting consumers.
GDPR: Taking the European Union by storm. Not only did this regulation affect organizations across Europe, but also organizations within the United States that conduct business in Europe. The regulation is designed to provide enhanced protection for consumers and their privacy rights. Furthermore, it places some level of control over organizations that handle consumer privacy data. This new regulation is proving to have serious implications for business, both U.S.-based and globally.
DFARS: The Defense Federal Acquisition Regulation Supplement is designed for contractors, manufacturers, and other affiliates of the Department of Defense. Within the past few years, the Department of Defense has taken a closer look at their supply chain and the slew of vulnerabilities being discovered on DoD systems. This has prompted the defense industry to implement stringent protections from the sources.
New York State Department of Financial Services: 23 NYCRR 500 has been bestowed upon financial services organizations operating within New York State. Within this category of organizations are insurance agents/companies and other financial entities. This regulation is designed to keep sensitive financial information safe, secure, and private.
Aside from the state and industry-specific cybersecurity regulations, President Donald Trump released
the National Cyber Security Strategy. This strategic guide is set to be the roadmap for cyber-success at a national level. It is designed to “Protect the American People, the Homeland, and the American Way of Life”.
Such regulations will begin to take form and be implemented within organizations around the United States and abroad. From small local businesses to large enterprise and multinational organizations, cybersecurity regulations will soon impact almost every entity, regardless of revenue, size, or geographic location. The industry will observe more spending on cybersecurity products and services. Penetration testing, vulnerability assessments, protective tools, employment, and incident reporting will all rise in 2019 to unprecedented levels.
Major Breach Impact:
The Marriot Starwood breach was one of the largest data breaches in recorded history. Affecting over 500 million guests, this data breach was one that tipped the balance of cybersecurity in 2018. With breaches becoming a regular and expected occurrence, the news headlines have tended to lose their luster; until Marriot. Names, addresses, phone numbers, emails, dates of birth, gender, and passport numbers were among the sets of information stolen.
This enormous spread of data made a bountiful payday for the attackers responsible and gave consumers a taste of what to expect from major corporations and their lack of security controls. It appears the public outcry has been heard by regulators around the nation. Some are calling for large monetary fines and possible jail time for those
responsible for the security of the organization. This breach happened soon after the paramount Equifax breach, in which shareholders dumped stocks prior to the release of the breach information. More accountability is in the future of 2019 for the managers of security within organizations. Internal processes may include more actions for those that do not perform due diligence and due care and governmental regulations may soon hold such people legally liable.
Along with new regulations, the accountability factors are rising within organizations. In the past, plausible
deniability could be argued in the overwhelming majority of cyber-attacks. Victims were taken by surprise and hackers hit without warning. In 2019, cyber-attacks are expected, and regulations are forcing organizations to take a stand, audit, and report incidents. When they fail to do so, personnel in specific roles will be held accountable. We can certainly expect to see more diligence in 2019.
Deep learning made compelling impacts on 2018 and will continue to grow into 2019 within the cybersecurity arena. Deep learning includes more common terms and tech such as machine learning and artificial intelligence. The security industry is pushing these new technologies as the backbones of powerful security tools and platforms. Companies such as Google are using artificial intelligence to strengthen their defenses and organizations such as Amazon and Microsoft are acquiring multitudes of companies within the deep learning space. Security tools will soon harness the power of deep learning and give a competitive edge back to defenders.
Blockchain technology was created to provide a means of privacy, integrity, and confidentiality to sensitive
data. Based on distributed networks of ‘nodes’, blockchains have been most widely used for purposes surrounding the cryptocurrency exchanges. Bitcoin, Litecoin, Ethereum, and many other cryptocurrencies reside on their respective blockchains. However, new blockchains are being developed every day. In 2019, we will witness the power and security of blockchains being leveraged for cybersecurity-related purposes. Banks and financial institutions will leverage blockchains to secure transactions, militaries will leverage blockchains for secure communications, and private companies will use them for creating robust defensive networks and tools.
Another aspect of the blockchain adoption boom is the increased probability of cyber-attacks against the blockchains. The smaller blockchains will become the primary and “easier” targets for attackers. Compromising a large blockchain, such as Bitcoin, is exponentially more difficult than compromising a smaller blockchain due to the nature of how these networks operate. More widespread nodes along the blockchain creates a larger decentralized and distributed network and therefore, a more challenging target to hit. A 51% attack is a well-known blockchain attack type in which an attacker must compromise at least 51% of the nodes or systems within a blockchain to control the entire network.3
Watch the Headlines
2019 will bring new tech, regulations, and breaches to the forefront of cybersecurity. Holistic changes are bound to occur this year around deep learning, blockchain, laws, and repercussions for cyber-negligence. Organizations will be rapidly adopting new tools and technology, as well as an increased need for cybersecurity professionals to fill the positions within such organizations. Both public and private sector companies are beginning to treat cybersecurity as an integrated business/mission critical facet and this may dictate the forecast for 2019.
Tags: DFARS, GDPR, Marriot Starwood Breach, NYCRR, Regulations