A holiday shopping guide for CISO’s: 8 cybersecurity trends in 2019
- Posted on December 11, 2018
- Estimated reading time 5 minutes
‘Twas the night before Christmas, and all through the house, not a creature was stirring… except for your CISO.
This isn’t the holiday story you remember. In our story, your chief of information security is up all night. And frankly, he or she is up a lot of nights, fretting about the possibility of a major security breach that could bring harm to the enterprise.
Sharing the holiday spirit with your security chief
It’s no wonder: 2018 was rife with troubling trends in the security space. From the rise of new, advanced threats and the explosion of phishing scams, to an ever-more exposed modern workplace, the last 12 months have continued to demonstrate the need for security to be priority one for digital businesses everywhere.
With the holidays around the corner, wouldn’t it be nice to give your CISO some much needed peace of mind? Forget the candy canes, stocking stuffers and high-tech gizmos; these gift ideas from Avanade are what your chief of security really wants.
- Better AI tools than the bad guys: Roughly 87 percent of cybersecurity professionals are already leveraging artificial intelligence and machine learning to bolster their defenses, and speed reaction times to threats. But the same technology improvements can be leveraged by the bad guys, too. For example, in 2018, we saw an AI-powered malware called DeepLocker cause havoc with highly-targeted and evasive tactics. This is just the beginning of the AI security arms race, and your CISO knows it. If you want to put a smile on his or her face this holiday season, give them the budget to move forward, quickly, with a security posture backed by today’s most advanced, intelligent solutions.
- An automation-savvy culture: Automation and reducing manual tasks with things like DevSecOps present a potential boon to your security practices. But businesses simply do not have the talent or the cultural makeup to achieve those gains. Estimates suggest only 35 percent of organizations have employees who are experienced enough to respond to threats using automation. Meanwhile, DevSecOps is failing to make its way into the security team, in part, due to old cultural hang-ups. Perhaps this year, you should give your CISO the gift of skilled automation and DevSecOps resources? Or, if that’s not possible, look to a partner to help close the gaps with managed automation services, change enablement support and expertise.
- Accountability in the post-GDPR world: The first half of 2018 was filled with anxiety for an oncoming tidal wave in the world of data privacy and obligations, thanks to the EU’s General Data Protection Regulation (GDPR) legislation. In 2019, we are going to start seeing the damages, as up to 80 percent of multinational companies will fail to comply to the modern data protection rules. The time is now to give your CISO some peace of mind, by bringing a privacy-first approach to the data and personal information you leverage in your business.
- A way to deal with crypto-criminals: The good news is that cryptocurrency-seeking criminals have slowed down on their ransomware attacks. The bad news is they are replacing ransomware with a more devious, stealthy approach: hi-jacking your IoT network and computing resources to mine for cryptocurrency. “Cryptojacking” malware is a serious, costly new malware threat for 2019 and your CISO should have it on his or her radar.
- Anti-phishing prowess: Phishing is by far one of the most prolific tactics used in all attacks, and fighting it remains one of the top priorities for security teams. CISO’s are looking for a sophisticated, holistic approach to combat phishing. To do so, they will need what Gartner describes as a three-pronged strategy: technical controls, end-user controls and process design.
- Go beyond zero trust: In the world of identity and access management (IAM), the “zero trust” model reigns supreme. IT leaders have rightfully opted to give users the strictest access by default, in order to constrain the leakage of sensitive data and prevent horizontal movement. In 2019, your CISO wants to evolve past zero trust with “digital trust” - intelligent, context-aware solutions that learn what good access looks like and creates a “digital fingerprint” of your users.
- Cloud accelerated security: In 2019, cloud providers will continue to gain traction in the security market, as more enterprises seek to consolidate and optimize their own security capabilities, leveraging the vast resources of providers such as Microsoft Azure and the Microsoft 365 platform. Security used to be seen as a deterrent to cloud, but this is no longer the case. With enterprises are facing solution sprawl, skill shortages and limited resources, cloud security platforms aren’t just a ‘nice to have’ for CISO’s; it’s the only way to effectively battle the onslaught.
- A good plan for your PAM: Privileged Account Management (PAM) is a unique digital identity challenge and tops the list of security projects, according to Gartner. This year, your CISO wants to make it harder than ever for attackers to gain access to your admin and executive accounts; at a minimum, they should institute mandatory multifactor authentication (MFA) for all high-profile users. They should also consider some good old human-error preparation. Your admins and executives are people too, after all, and they can easily be coerced into giving up access to someone they shouldn’t, wittingly or not.
Give the gift of security in 2019
Think your CISO might benefit from the “gift ideas” above? From leveraging built-in intelligence and automation in the Microsoft 365 platform, to tackling the next generation of phishing attacks, Avanade can help make these holiday dreams come true.
Our comprehensive security offerings — combined with our deep Microsoft expertise and third-party partnerships — help you secure all your cloud, workplace and identity and access management needs.
Learn more about how Avanade security services can help you.