By Jay Coley, Senior Director of Security Planning and Strategy at Akamai Technologies
1 Cyber-attacks will grow – and go slow. Organisations will see an increase in cyber attacks but these will be ‘low and slow’, rather than ‘noisy’ incidents like DDoS attacks. Launched by botnets, ‘low and slow’ attacks aim to remain under the radar for as long as possible, to steal as much data as they can. Often, they take the form of credential stuffing attacks, where stolen credentials are used to access associated accounts and steal further personal data such as addresses and payment details.
2 Bots will overtake human web traffic. As bots become more sophisticated, more than 50% of web traffic will come from bots. Already, Akamai has found that 43% of all login attempts come from malicious botnets and this is set to increase. More sophisticated bots will become capable of accurately mimicking human behaviour online, making it harder for bot solutions to detect and block their activities.
3 Multi-cloud strategies will complicate security management. Businesses adopting multi-cloud strategies will face increasingly complex challenges to ensure that security is consistently, and effectively, deployed across them all. With Gartner predicting that multi-cloud will be the most common cloud strategy next year, organisations that have successfully secured one cloud will need to replicate this across all their cloud portfolio to ensure vulnerabilities are patched and nothing slips through the cracks. We expect companies to seek out cloud-agnostic security solutions to simplify deployment and management across the enterprise.
4 Consumers will continue to put convenience ahead of security. Even though awareness of the insecurity of IoT devices is growing, millions of consumers will continue to ignore the risks, purchasing and using devices that lack comprehensive security solutions, from ftness trackers to smart home appliances. This could swell the armies of bots that are already being used to target enterprises. While some governments have begun to introduce security standards for connected devices, the industry is still a long way from adequately securing its devices.
5 Cybersecurity will be replaced by cyber resilience. In 2019, smart organisations will stop thinking of cyber security as a separate function of the IT department, and instead adopt it as a posture throughout the entire business. Known as ‘cyber resilience’, this concept brings the areas of information security, business continuity and resilience together with the intention of making systems secure by design, rather than as an afterthought. This will enable organisations to continue to deliver business operations in the event of a cyber-attack or incident.
6 Zero Trust will march towards killing off corporate VPNs. For years, virtual private networks (VPNs) have been the mainstay of remote, authenticated access. However, as applications move to the cloud, threat landscapes expand and access requirements diversify, this all-or-nothing approach to security needs to change. Zero Trust, where each application is containerised and requires separate authentication, is stepping in to provide security fit for the 21st Century.
7 Blockchain technology will move from cryptocurrencies to mainstream payments. Today, most people associate blockchain with cryptocurrencies and the less legitimate end of online payments. However, in 2019, blockchain-based payment networks will make it into the mainstream. The inherent security built into blockchain can streamline the online payments process, reducing friction, increasing speed and improving the user experience. In the coming year, we expect brand-name banks and consumer finance companies to adopt blockchain-powered payment platforms, with high scalability and speed.