As it was when 2018 began, cybersecurity remains a top global priority at year’s end and, arguably, even more so. We simply need to look back over the past year to see that data breaches have affected just about every aspect of our lives. What can we expect 2019 to bring?
Cybersecurity faculty experts at the University of Maryland University College (UMUC) offer five unique industry predictions, trends and priorities for the coming year.
1) A Broader Investment in Leadership and Hiring Strategies:
Dr. Mansur Hasib, program chair, Cybersecurity Technology, The Graduate School
Organizations appear poised to realize that cybersecurity executives are needed at the highest levels in order to drive organizational digital strategy. In 2019, we will see boards and CEOs get more engaged in the governance aspects of cybersecurity. We may also see some signs of legislation to hold executives accountable for due diligence.
On the hiring end, because companies are finding it harder to poach qualified workers from other companies, they are likely to start investing more in their people. Organizations will begin to engage in more creative ways to hire, including offering internships and apprenticeships, and grooming and investing in their own workforce. Organizations will also begin to look at qualified people with less experience, especially those who can speak the language of business.
2) GDPR Non-Compliance and Renewed Focus on Election Security
Balakrishnan Dasarathy, program chair, Information Assurance
Several companies will be caught for non-compliance with General Data Protection Regulation (GDPR) and a few of them will be fined heavily. This will send shivers through various industries and businesses that steward customer data and predict their behavior. Home Internet of Things (IoTs) are going make the situation dire. On the upside, this will result in better privacy policies and protection of privacy-related data through adequate cybersecurity measures.
With Democrats controlling the U.S. House of Representatives —and with Marcia Fudge playing a key role in the new House—we will see more scrutiny of both the 2018 midterm and 2016 national election processes and controls. The cybersecurity of election systems, voter registration and disenfranchisement are among the many areas that will get their due attention.
3) Decentralization, Assured Identity & Privacy, and HCI Take Center Stage
Michelle Hansen, collegiate professor, Cybersecurity and Computer Forensics
Blockchain, a model for distributed, decentralized frameworks used for information sharing, has quickly become a popular technology based on its financial uses, such as Bitcoin cryptocurrency. Cybersecurity will focus on securing these types of frameworks so that they are impenetrable and more suitable for businesses.
Authentication schemes and access control systems need to provide assured identity and individuals’ privacy. Flexible signatures, which use a verification algorithm to validate credentials in a quantifiable and trusted manner, will play a critical role with new technologies, including IoT and real-time systems.
Finally, people have long been identified as the weakest link with any information technology, system, or device. This vulnerability will be of great focus soon, as human-computer interaction aims to persuade user activity and mitigate security incidents, such as using new machine integration technologies in identifying users’ phishing susceptibility.
4) Cloud-based Breaches Rise, Machine Learning Gains Larger Role in Carrying Out Attacks
Jimmy Robertson, program chair, Software Development, Security and Computer Science
As more agencies and companies move to the cloud, shortages in skilled personnel who fully understand the shared-responsibility security model will result in more cloud-based security breaches. Putting security first before deployment is a best practice.
The application of artificial intelligence—in particular, machine learning—to both offensive and defensive cyber operations promises to offer more efficient and more effective tools for carrying out attacks that occur at machine speeds.
Resurgence of Battle Tested Attacks
Richard White, PhD, adjunct professor and course chair, Cybersecurity Information Assurance
Ransomware will continue to plague large and small businesses alike. The ransomware paradigm has proven highly successful and extremely profitable for bad actors, so it’s a safe bet that we have not seen the last of these types of attacks.
Phishing attacks also will continue, simply because they are tried and true techniques for duping the good guys into ‘mousing over,’ clicking, or downloading packages that provide a range of services to bad actors, such as credential theft, key stroke logger, remote control, and back door.
We also will see more attacks against entire industries, including watering hole attacks or NotPetys, which are both easy to deploy, present very little risk to the bad guys, and are extremely successful regarding their evil objective. Due to the many attributes associated with these types of attacks, it is likely that we will see similar attacks across 2019.