With 2018 coming to a close, the new year is on the horizon, and with it, new opportunities for enterprises to improve their security posture as bad actors elevate their tactics.
The Australian and New Zealand market is seeing a radical shift in cybersecurity solutions and approaches because of the need for businesses to move to the cloud and to further digitise. While some organisations remain cautious and inhibited in their use of public cloud services, we’ll see CIOs start to alter their thinking of cloud security to ask “Are we using the cloud securely?” rather than “Is the cloud secure?” It will continue to become more apparent that the security challenge with cloud computing lies not in the security of the cloud itself but in how organisations use the cloud.
As digital efforts, like moving to the cloud, continue to progress across organisations, the enterprise security posture must also evolve. Below, I’ve outlined five cybersecurity trends to prepare for in 2019.
Increased consideration of how organisations store data
Following the implementation of the European Union’s General Data Protection Regulation (GDPR) requirements in May 2018, which was a great first step towards establishing good global regulation and governance, we will continue to see Australian enterprises paying more attention to how they secure data in the cloud to avoid dominating the headlines.
Whereas data security was previously confined to the walls of the IT department, it’s increasingly becoming a contested and important boardroom issue. The coming year will see more organisations moving cybersecurity processes to the top of their list of organisational priorities.
The demand for CISOs and security professionals will increase
Australia is currently in dire need of IT professionals equipped with the right skills - technical as well as those soft skills needed to convey importance to the board and other key stakeholders - to combat rising cyber threats.
There are currently thousands of jobs open across a wide range of roles in cybersecurity, from IT Security Analysts to CISO, showing increased demand for security professionals and CISOs. A report from AustCyber, a body formed out of the National Innovation and Science Agenda, found that Australia is expected to require another 11,000 cybersecurity specialists over the next decade.
The education sector plays a pivotal role in ensuring that we train the next generation of professionals to confidently meet the challenge. As a result, many universities in Australia are offering cybersecurity courses and joining forces with large enterprises to provide free practical learning courses for students, such as what CBA and UNSW have done by establishing SecEdu.
The DevSecOps approach will take off
Addressing security at the developer level is a trend that will only grow in the upcoming year. Facing increased pressure to measure the effectiveness of their cybersecurity practices, organisations will look at how developers can be empowered to drive organisational awareness of threats and prevention.
We will start to see a lot more DevSecOps - that is, the practice of applying security concerns during the development process such that it doesn't slow down the deployment of products and services. It also involves introducing automation at the infrastructure layer so security capabilities can be enhanced and iterated upon just like agile software development.
The ability to quickly patch, rebuild and constantly change credentials in order to prevent attacks are table stakes with a cloud-native platform and a DevSecOps approach.
A/NZ businesses will invest more in threat detection solutions
Attacks happen quickly and when you least expect them. How an organisation responds to attacks is critical -- and having an established, business-wide protocol in place prior to an attack can make quite a difference.
In April 2018, Accenture released its State of Cyber Resilience report that gauges how well Australian firms are battling security threats. The report found that while 79 per cent of security leaders agree that new technology is essential in protecting against threats, only 40 per cent say they are investing in artificial intelligence (Ai), machine learning and automation technologies.
Next year we’ll see this shift with the rise of new solutions that utilise AI and machine learning to help guard against cyber attacks without causing too much financial and reputational damage.
Firms will look more to open source solutions
Developers have long been using open source components in their application development. It essentially allows developers blueprints to build software faster and more efficiently, saving time and money.
One of the reasons companies are investing in open source solutions is that the code is freely available. Why waste time coding from scratch when there is a plethora of freely available community approved code at your disposal? Open source projects are constantly being scrutinised by members of the community for possible bugs and vulnerabilities. In other words, there is less chance for security vulnerabilities to be introduced in the first place, or quickly detected and rectified.