Over the last decade, the internet has helped brands extend their influence and reach further than they ever could have imagined. However, this exposure has also made brands vulnerable to attacks from bad actors.
With the amount of personal data handled by marketers and the enactment of national and international laws over the last decade — like the Canadian Anti-Spam Law (CASL), Europe’s General Data Protection Regulation (GDPR), and the almost-here California Consumer Privacy Act (CCPA) — it’s more important than ever for brands to make security a top priority.
That said, here are five cybersecurity developments brands should watch in the coming year.
1. Phishing is still a problem
Phishing continues to be the most popular and simplest means to breach corporate networks and devices. I think the number still holds true that around 90% of all security breaches start with a phishing attack. The best ways to address this area of risk are through security awareness messaging, phishing simulations, and a top-down security culture across the organization. Ensuring that a defense-in-depth strategy (multiple layers of security controls) is in place is essential. If an attacker gets access to the company's network via an employee's credentials, defense-in-depth can ensure the hacker's access to other corporate assets is limited and/or anomalous behavior is detected quickly.
2. Insider threats are another challenge
This piggybacks off of the previous trend. We refer to this as East-West detection within your network. Much work has been done over the years to manage North-South detection of anomalous inbound and outbound traffic through external firewalls, but once inside the external firewalls, it's much more difficult to detect traffic traversing your internal networks. This is where technologies like Endpoint Detection & Response (EDR) with threat hunting and real-time detection of anomalous behavior is key. I see this as a real growth area that continues to mature. Current players include Crowdstrike, Cybereason, and Sentinel One.
3. Data privacy is more important than ever
With the continued global focus on GDPR, and the upcoming CCPA regulation affecting California as well as other states' privacy regulations, ensuring strong data privacy controls are in place will fall to security teams and their various tools and technologies to actually implement. This will revolve a great deal around encryption of data both in transit and at rest, data minimization, and data retention policies. There will also be discussions around data anonymization and tokenization. Where possible, reducing the amount of personally identifiable information (PII) held by a company will be the best solution, but if you must store PII, then minimize the amount of data and the length of time it's stored as well as encrypting, anonymizing, or tokenizing data to reduce exposure.
4. Cybersecurity roles are in top demand
The cybersecurity job market continues to far outpace the number of cybersecurity resources. The latest numbers estimate that by 2021, there will be 3.5 million cybersecurity job openings globally. There continues to be a 0% unemployment rate in the industry and the need to hire and retain strong cybersecurity talent continues to be a major challenge with no end in sight.
Anything that will entice young men and women to pursue a career in cybersecurity will be critical to addressing this growing problem. Several organizations have started introducing cybersecurity into their programs; for example, the Girl Scouts can now earn badges in cybersecurity. Also, high schools are now including classes that cover cybersecurity to bring awareness of this potential career path to our up-and-coming generation of workers.
5. Cybersecurity services will be needed to fill in the gaps
This area feeds off of the previous trend in that without a pool of cybersecurity talent, CISOs will have to utilize more cybersecurity services through contracts. Having access to strong cybersecurity consulting organizations will be key to fill gaps in the security teams' talent structure to address one-offs or bridge the gap when implementing new technologies until the full-time staff can get trained up on day-to-day management and administration. Having access to a bench of cybersecurity resources will prove critical to successful security projects.
The bottom line is this: cybersecurity remains one of the hottest industries out there with no slow down predicted in 2020.
What else is coming in the next decade? Read more 2020 trends and predictions from our thought leaders.
Jill Knesek is the Chief Security Officer (CSO) for Cheetah Digital, where she is responsible for providing enterprise-wide leadership in developing, planning, coordinating, administering, managing, staffing, and supervising all aspects of information security. This includes developing a world-class security framework for clients and the business as a whole, as well as security governance, policy development, security training and awareness, and security project portfolio development. She has more than 25 years of experience in cybersecurity, working in both internal and client-facing roles. She served as a Special Agent for the FBI, assigned to the Cyber Crime Squad in the Los Angeles field office and was the case agent for several high-profile cases, including the infamous Kevin Mitnick and Mafiaboy investigations. Prior to joining Cheetah Digital, Jill worked as the CISO for Mattel and BT Global Services. She is a frequent industry speaker, has written and published several articles, and has been recognized a number of times for her service to the security industry; notable awards include "The Chief Information Security Officer 100 2017" and the "Top 10 Women in Cybersecurity".