Top Tech Trends, December 31, 2019, with comments from Virsec’s (in order) Willy Leichter, Satya Gupta, Ray DeMeo and Shauntinez Jakab
ClearanceJobs reached out to numerous technology experts across the country to get their insight into the top IT trends of 2019 – and what might be in store for next year.
Excerpts of that article are below. Read full article at Top Trends Tech.
2019 wasn’t the year of the artificial intelligence (AI), cloud computing or automation – but all were part of the overall trend in information technology advances. In many ways the decade concluded not with a major leap forward, but rather by making solid footing for the next advancements.
The year 2019 also saw significant increases in ransomware attacks as well as in the creativity in further extortion of such attacks, along with phishing scams and other cybersecurity breaches. As a result, cyber threats took a heavy toll in 2019 - a disturbing trend we’ll likely see more of in 2020.
“Ransomware has always been a crude, blunt instrument for attacks that remains popular because it works,” warned Willy Leichter, vice president at Virsec Systems.
“Once attackers have a foothold, it’s easier for them to encrypt data for ransom, than to exfiltrate data to sell on the dark web,” Leichter told ClearanceJobs. “Ransomware can be thwarted with frequent backups, and runtime attack detection, but there are still many soft targets, and entrepreneurial criminals with new creative schemes.”
The role of the cloud also continued in 2019. The global public cloud computing market was set to reach $258 billion for the year, and organizations’ average yearly cloud budget was $2.2 million in 2018. About one third of companies’ IT budget now goes towards cloud services.
Experts suggested that 2019 was the year of two steps forward and one step back towards the cloud.
“The cloud changes everything… or does it?” pondered Satya Gupta, co-founder and CTO at Virsec. “While cloud growth will inevitably continue, some enterprises are questioning whether they’ve rushed too fast into the cloud and have ignored security basics.”
“The Capital One/AWS breach revealed serious gaps and misconceptions about who is responsible for cloud security, and what are acceptable basic levels of protection,” added Gupta. “This incident seems to have split the line of shared responsibility and has resulted in finger-pointing between Capital One and AWS. It has also sent a chill through many enterprises, causing them to rethink their cloud security strategy and move to more hybrid models. In fact, a recent survey found that 74% of enterprises move apps to the cloud, and then move them back on-premises or to hybrid models.”
There were several other notable trends in cybersecurity in 2019, including how AI systems could become increasingly susceptible to the emerging technology of “fake learning.”
“AI systems can learn quickly, but do we know if they’re learning the right lessons,” explained Gupta. “We expect attackers to increasingly flood AI security systems with fake patterns, causing many false alarms, which then lead enterprises to dial down security policies, opening opportunities for real attacks. With all the hype about AI in the last few years, we expect healthy skepticism to increase, questioning some of the magical thinking about AI, while being realistic about practical implementations. No doubt that AI is a powerful tool, but there’s no reason to believe it won’t also be a powerful weapon in the wrong hands.”
There were also reasons to be far more vigilant about software, as the software supply chain became less trusted in 2019.
“Security experts will increasingly ask a basic question – are they positive that the mission-critical software they are running is pristine, and that none of the thousands of processes in an enterprise application have been tampered with,” said Ray DeMeo, co-founder and COO at Virsec.
“For example, many attacks have changed DLL libraries used across multiple applications to insert malicious code, unnoticed by conventional perimeter security tools,” DeMeo told ClearanceJobs. “We expect in 2020 that enterprises will look for tighter controls and more assurance of the integrity of their applications from developers, through the supply chain, and while they are executing in runtime.”
Given the costs that a breach can entail, 2019 was the year that cyber insurers came into the spotlight, and moving forward those same insurers will likely require better security.
“While cyber insurance isn’t new, it’s still in its infancy, and premiums vary widely, as insurers don’t have reliable models to estimate risk,” explained Shauntinez Jakab, director of product marketing at Virsec Systems.
“Small claims can be easily settled, but massive attacks have caused inevitable battles of fine print in cyber insurance policies,” Jakab told ClearanceJobs.
“For example, after the NotPetya attack, an insurer denied a massive claim because the attack was supposedly perpetrated by an adversarial government and was deemed to be an ‘act of war’ – not covered in the policy,” she added.
“A positive sign is that insurers are becoming more proactive about examining company’s security posture and recommending security best practices and solutions to reduce risk,” Jakab noted. “The recent Cyber Catalyst program is a consortium run by Marsh with participation from major insurers – including Allianz, AXIS, Beazley, CFC, Munich, Sompo International, and Zurich – has tested security solutions and recommended specific products that can reduce risk, and qualify the company for better terms on their policies.”