Silicon Republic – Cybersecurity trends 2019: What should you look out for?

siliconrepublicAs the year begins, there are a few key areas that cybersecurity professionals should keep in mind.

After the excesses of the holiday period, you are more than likely looking at the blank slate of a new year before you with a sense of optimism and hope for times ahead.

CTO of data protection at Gemalto, Jason Hart, predicts an AI-augmented attack as a real threat. “Creating a new breed of AI-powered malware, hackers will infect an organisation’s system using the malware and sit undetected, gathering information about users’ behaviours and organisations’ systems.

“Adapting to its surroundings, the malware will unleash a series of bespoke attacks targeted to take down a company from the inside out.”

To read the full article click here.

BBC News – Tech trends 2019: ‘The end of truth as we know it?’

bbcnewsMore than 200 firms contributed to our request for ideas on what the global tech trends will be in 2019. Here’s a synthesis of the main themes occupying the minds of the technorati this year. You may be surprised.

This year it’s all about data – a small, rather dull word for something that is profoundly changing the world we live in.

“2019 will see the first AI-orchestrated attack take down a FTSE 100 company,” predicts Jason Hart, chief technology officer, data protection, at security firm Gemalto. A new breed of AI-powered malware will infect an organisation’s systems, sit undetected gathering information, adapt to its surroundings, and unleash a series of bespoke attacks targeted to take down a company from the inside out.”

To read the full article click here.

The Future of Cybersecurity – A 2019 Outlook

The Future of Cybersecurity – A 2019 Outlook

 

This post also appears on the Gemalto Enterprise security blog here.

From the record-breaking number of data breaches to the implementation of the General Data Protection Regulation (GDPR), 2018 will certainly go down as a memorable year for the cybersecurity industry. And there have been plenty of learnings for both the industry and organisations, too.

Despite having two years to prepare for its inception, some companies were still not ready when GDPR hit and have faced the consequences this year. According to the law firm EMW, the Information Commissioner’s Office received over 6,000 complaints in around six weeks between 25th May and 3rd July – a 160% increase over the same period in 2017. When GDPR came into force, there were questions raised about its true power to hold companies to account – with the regulation saying fines could be implemented up to £16.5 million or 4% of worldwide turnover. The latter half of this year has shown those concerns were unfounded, with big companies, including Uber as recently as this week, being fined for losing customer data. What 2018 has shown, is the authorities have the power and they’re prepared to use it.

In fact, the role of GDPR was to give more power back to the end user about who ultimately has their data, but it was also ensuring companies start taking the protection of the data they hold more seriously. Unfortunately, while the issue around protecting data has grown more prominent, the methods to achieving this are still misguided. Put simply, businesses are still not doing the basics when it comes to data protection. This means protecting the data at its core through encryption, key management and controlling access. In our latest Breach Level Index results for the first half of 2018, only 1% of data lost, stolen or compromised was protected through encryption. The use of encryption renders the data useless to any unauthorised person, effectively protecting it from being misused. Another reason to implement this is it is actually part of the regulation and will help businesses avoid fines as well. With such a large percentage still unprotected, businesses are clearly not learning their lessons.

So, moving on from last year, what might the next 12 months bring the security industry? Based on the way the industry is moving, 2019 is set to be an exciting year as AI gains more prominence and, quantum and crypto-agility start to make themselves known.

2019 Predictions

1. Quantum Computing Puts Pressure on Crypto-Agility

Next year will see the emergence of the future of security – crypto-agility. As computing power increases, so does the threat to current security protocols. But one notable example here is encryption, the static algorithms of which could be broken by the increased power. Crypto-agility will enable businesses to employ flexible algorithms that can be changed, without significantly changing the system infrastructure, should the original encryption fail. It means businesses can protect their data from future threats including quantum computing, which is still years away, without having to tear up their systems each year as computing power grows.

2. Hackers will launch the most sophisticated cyber-attack ever using AI in 2019

Up until now, the use of AI has been limited, but as the computing power grows, so too do the capabilities of AI itself. In turn this means that next year will see the first AI-orchestrated attack take down a FTSE100 company. Creating a new breed of AI powered malware, hackers will infect an organisations system using the malware and sit undetected gathering information about users’ behaviours, and organisations systems. Adapting to its surroundings, the malware will unleash a series of bespoke attacks targeted to take down a company from the inside out. The sophistication of this attack will be like none seen before, and organisations must prepare themselves by embracing the technology itself as a method of hitting back and fight fire with fire.

3. Growing importance of digital transformation will see the rise of Cloud Migration Security Specialists in 2019

As organisations embrace digital transformation, the process of migrating to the cloud has never been under more scrutiny; from business leaders looking to minimise any downtime and gain positive impact on the bottom line, to hackers looking to breach systems and wreak havoc. As such, 2019 will see the rise of a new role for the channel – the Cloud Migration Security Specialist. As companies move across, there is an assumption that they’re automatically protected as they transition workloads to the cloud. The channel has a role to play in educating companies that this isn’t necessarily the case and they’ll need help protecting themselves from threats. It’s these new roles that’ll ensure the channel continues to thrive.

A Boardroom Issue That Needs to Yield Results

With 2018 fast disappearing, the next year is going to be another big one no matter what happens, as companies still struggle to get to terms with regulations like GDPR. With growing anticipation around the impact of technologies like quantum and AI, it’s important that companies don’t forget that the basics are just as vital, if not more, to focus on. So, while 2018 has been the year where cybersecurity finally became a boardroom issue, 2019 needs to be the year where its importance filters down throughout the entire company. For an issue like cybersecurity, the company attitude towards it needs to be led from the top down, so everyone buys into it. If that happens, could next year see no breaches take place? Extremely unlikely. But maybe it could be the year the industry starts to turn the tide against the hacking community.

SC Magazine – 2019 cyber-security predictions – Pandora’s box of ills – but Hope remains

scmediaMore extensive that ever: AI-driven chat-bots to Zero-day mining as a service, Fuzzing; 5G, successes & failures of GDPR, loss of faith in the public internet, the IOT, breaches, Sim-jacking, skills shortage, ROI, death of privacy, failure to evolve and a host of novel new threats and solutions.

AI will be used by hackers for most sophisticated cyber-attack ever: “Next year will see the first AI-orchestrated attack take down a FTSE100 company. Creating a new breed of AI powered malware, hackers will infect an organisations system using the malware and sit undetected gathering information about users’ behaviours, and organisations systems. Adapting to its surroundings, the malware will unleash a series of bespoke attacks targeted to take down a company from the inside out. The sophistication of this attack will be like none seen before, and organisations must prepare themselves by embracing the technology itself as a method of hitting back and fight fire with fire.”  – Jason Hart, CTO, Data Protection at Gemalto.

To read the full article click here.

Intelligent CISO – Gemalto CTO on the CISO’s priorities for 2019

intelligent-cisoJason Hart, CTO, Data Protection at Gemalto, outlines what CISOs should be prioritising as we move into 2019.

There is no doubt that 2018 has been a memorable year for cybersecurity professionals and the industry as a whole. From overseeing the implementation of the General Data Protection Regulation (GDPR), to the record-breaking number of data breaches, CISOs have had increasing pressures on their shoulders. And, as technologies like Artificial Intelligence (AI) gain more prominence and emerging technologies such as quantum computing are pursued even further, 2019 looks like it could be another hard year for the industry.

Read the full article here.

The Record – IoT will be the single biggest security threat this year

therecord-logoA new IDC survey has revealed that industry professionals believe that the internet of things (IoT) will pose the biggest security threat to their business in 2017, with respondents citing the rise of DDoS attacks and botnets as key concerns in this area.

 

“Hackers will no longer simply be stealing data, but instead aim to gain unauthorised access to manipulate vital data – which businesses will make important decisions on – for a number of ulterior motives, such as financial or reputational,” said Jason Hart, CTO for data protection at Gemalto.

To read the full article click here.

Computerweekly.com – Ransomware expected to dominate in 2017

cw_logoRansomware and IoT-enabled attacks are expected to continue, while 2017 will see the rise of data integrity attacks, targeting of cloud infrastructure and the use of AI by attackers, experts predict….

2017 will be the year that data integrity breaches will send shockwaves throughout the world, with at least one “almighty” breach disclosure of this type, predicts Jason Hart, chief technology officer of data protection at security firm Gemalto.

Data integrity is a promise or assurance that information can be accessed or modified only by authorised users. Data integrity attacks compromise that promise, with the aim of gaining unauthorised access to modify data for a number of ulterior motives, such as financial or reputational.

“Data integrity attacks are, of course, nothing new, yet they remain under the radar of businesses who have an ever increasing reliance on data and make huge business decisions based on its analysis. These types of attacks are what I like to call the ultimate weaponisation of data,” said Hart.

“The first generation of cyber attacks focused on stopping access to the data, which quickly moved on to stealing it. Today, we’re starting to see more evidence that the stolen data is being altered before transition, effecting all elements of operations,” he said.

According to Hart, data integrity attacks have the power to bring down an entire company and more. “Entire stock markets could be poisoned and collapsed by faulty data. The power grid and other IoT systems, from traffic lights to the water supply, could be severely disrupted if the data they run on were to be altered. And perhaps the greatest danger is that many of these could go undetected for years before the true damage reveals itself,” he said.

 

To read the full article click here.

BBC News – 2017 tech trends: ‘A major bank will fail’

bbcnewsIf 2016 seemed politically tumultuous, 2017 promises to be equally tumultuous on the technology front. The pace of change is accelerating at a dizzying rate, with profound implications for the way we work, play and communicate. So what are the big technology trends to watch out for in 2017?

 

“It’s scary, but data integrity attacks have the power to bring down an entire company and beyond; entire stock markets could be poisoned and collapsed by faulty data. “The power grid and other IoT systems, from traffic lights to the water supply, could be severely disrupted if the data they run on were to be altered,” [Jason Hart] he says.

IDG Connect – What will be the single biggest security threat of 2017?

idg_logoAt the very end of 2015 we ran a straw poll of individuals in the security space to determine what the single biggest security threat of 2016 would be. We divided the 74 “unstructured” comments into a number of lose sections with “people” emerging as the most popular response.

“Hackers will no longer simply be stealing data, but instead aim to gain unauthorised access to manipulate vital data – which businesses will make important decisions on – for a number of ulterior motives, such as financial or reputational.”

Jason Hart, CTO Data Protection at Gemalto

 

To read the full article click here.

smallbusiness.co.uk – Is 2017 going to be the year of the data integrity breach?

small_business_stickyHere, Jason Hart from Gemalto gives us his top tips for businesses to avoid being the next big damaging security breach headline.

Data breach attacks are set to send shockwaves throughout the world in 2017, with at least one ‘almighty’ breach disclosure of this type expected next year, according to Jason Hart, CTO data protection of Gemalto.

“… ‘The first generation of cyber-attacks focused on stopping access to the data, which quickly moved on to stealing it. Today, we’re starting see to more and more evidence that the stolen data is being altered before transition, effecting all elements of operations. With the increasing uptake of the Internet of Things, hackers have more attack surfaces and personas that they can manipulate….”

 

To read the full article click here.