Government and security companies will improve regulation in 2019

Barracuda Networks has been playing poker with tarot cards in the staff cafe and given ChannelEye its 2019 predictions.

BJ Jenkins, President & CEO said he thought over the next year is government and security companies starting to work together to improve regulations to protect companies and individuals.

“Time after time, organisations have shown they cannot be trusted with users’ data because it is not secured correctly and ends up available to be exploited easily by attackers.”

GDPR went into effect in the EU earlier this year, and Jenkins said other countries would follow suit in 2019. California is starting to explore regulations similar to GDPR.

“Email-borne attacks on individuals will increase in the coming year, and this will continue to put increasing pressure on social networks and other platforms, as individuals attempt to gain more control over the information available about them online. The response has to include better articulation and a choice upfront about what an individual chooses to expose,” he said.

Meanwhile, governments will begin to regulate exactly how many personal details organisations can request from individuals, reducing the risk of attacks such as account takeover by cutting back on the amount of data being collected.

Dennis Dillman, VP, Product Management at PhishLine thought  2019 would see security awareness training solutions evolve to provide further automation.

“This will go beyond making it possible for customers to download everything they need for a single campaign. Organisations need to build a comprehensive security awareness program that addresses the most important security topics your users need to deal with, using campaigns that are tightly correlated and build on each other as part of a well-designed program”, he said.

He thought that automation would make that easy, allowing program administrators to simply select a complete program from a library after indicating the type of program and number of campaigns they want, and then everything would be automatically set up and scheduled for the year.

“Ultimately, this will make it possible for organisations to get their annual security awareness program taken care of in a meaningful, well-thought-out way and will allow administrators to focus more on using the data from the results of the campaigns to build a risk profile of the organisation”, he said.

Michael Flouton, VP, Product Ops and Security Strategy said that it’s long been known that the cyber security industry has a significant skills gap problem, what’s lesser known is that this gap is also increasing. In October 2018, (ISC) revealed that the global cyber skills gap now stands at three million, with 63 per cent of businesses lacking the cyber skills to actually keep threats at bay.

“The balance between the resource, skills and expertise of the ‘good guys’ who are fighting attacks and the ‘bad guys’ who are launching the attacks in the first place is delicate. In 2019, get ready for a skills gap tipping point. As cyber attackers’ tactics become ever more sophisticated and, more importantly, harder to spot, they are needing ever more hours of the good guys’ time to identify and stop,” he warned.

A recent example of a new style attack that takes way more work to detect, investigate and clean up are the account takeover incidents that we’ve observed. They involve attackers stealing the email credentials of employees and using them to send emails from the user’s real account. Because the attackers cover their tracks, for example by deleting sent emails, often the only way people know they’ve been breached is when they get mysterious out-of-office responses.

Added to this, many organisations are finding it harder and harder to recruit and retain cyber specialists to help them keep the bad guys at bay. Which means they’re relying on fewer people with the skills and expertise needed to protect their organisation. These decreasing human resources will come to a head in 2019, where I predict that organisations will stop being able to keep up with investigating these ‘stealth’ cyber attacks, said Flouton