Next year, the biggest challenges to the cybersecurity industry will come from outside forces. In 2019, geopolitical trends will reintroduce old enemies and escalate issues of cyberespionage and sabotage. As criminals follow the money — as they are wont to do — they will use emerging technologies to go after commerce in a BIG way.
Changes in society are rippling through the tech industry — security included — as it wakes up to decades of embarrassing hiring and retention behavior. These trends converge to form the basis of three of our 2019 predictions:
- Economic espionage will reawaken because of the US-China trade war. In part because of the 2015 US-China cyber agreement, 2015-2018 were quieter on the hacking front. But tariffs, trade wars, and other geopolitical tensions in Europe and Asia have strained relations between the two countries. Thus, Western firms should expect renewed hacking in 2019, and the most vulnerable industries are those making technologies included in China’s 13th five-year plan: new-energy vehicles, next-generation IT, biotechnology, new materials, aerospace, robotics, power equipment, and agricultural machinery. No matter how sophisticated your internal teams and tools are, you’ll be up against determined adversaries with access to a government’s resources. Turn to threat intelligence, incident response, and forensics experts to detect, prevent, and respond to attacks, and keep in mind that if your company supplies firms in these industries, that puts you in the crosshairs, too.
- Bad bots’ fraud revenue will make Fortune 1000 firms jealous. In 2016, a security company exposed a bot that was watching video advertising to fraudulently earn $3–5 million per day. Earning $5 million per day, a company would generate greater than $1.8 billion dollars a year, placing that company among the Fortune 1000. Payouts this large will entice more attackers, so expect an increase in the number and sophistication of attack methods in 2019. But don’t think that bots are just committing fraud. Bad bots are automated programs that attackers use to breach applications, steal data, manipulate analytics, and bring down services. A recent study found that nearly 30% of all internet traffic comes from malicious bots. What should you do? Evaluate bot management solutions today. Bot management tools assess and classify internet traffic to discern if the source is human or automated and if it’s from partner sources (such as search engines) or malicious traffic. These solutions will defend against bad traffic in real time.
- Women CISOs will increase as companies look for different perspectives. In 2017, only 13% of the Fortune 500 had women CISOs. In 2019, we expect to see the number of women CISOs grow to 20%. Why the jump? The security industry has long lamented the fact that security resources are few and far between, but it does so while ignoring half of the population. Expanding how you search for talent, identifying other disciplines with relevant skill sets, and making sure you’ve created an inclusive culture will lead to a more diverse industry. To benefit from this trend, start by implementing targeted hiring goals for women, and focus your recruiting efforts on groups with more diversity, such as Women in Security and Privacy, AnitaB.org and the Grace Hopper Celebration, the Executive Women’s Forum, and Women’s Society of Cyberjutsu. Consider women in other technology, compliance, legal, or risk roles as your next potential CISO, and sustain a culture of acceptance, inclusion, and mentorship to hold on to top talent.
2019 is the year that transformation goes pragmatic. To understand the 14 major dynamics that will impact firms next year, download Forrester’s Predictions 2019 guide.
Every year, the security and risk team brainstorms the next year’s predictions. This year, several Forrester analysts and researchers contributed to the document including: Merritt Maxim, Renee Murphy, Claire O’Malley, Salvatore Schiano, and Heidi Shey.