It’s 10 p.m. Do you know where your consumer data is?
This is the type of question that keeps many cybersecurity professionals up at night — and for good reason. Damages from cybercrimes are projected to cost over 6 trillion dollars in 2021. As the internet continues to evolve, so do the ways consumer and business data can be manipulated. For tech businesses operating in big data, it is up to cybersecurity professionals to stay ahead of cybersecurity trends in order to prevent attacks.
We spoke to professionals from five different companies to find out about the latest cybersecurity trends they're watching, and how those developments might impact their businesses moving forward.
21 Cybersecurity Trends to Watch
- Breach Fatigue
- Defender Countermeasures
- Attacker Capabilities
- Attacker AI
- GDPR
- Microsegmentation
- Zero Trust
- Security Talent Crisis
- Secure Networking
- Fraud
- Phishing
- Denial-of-Service Attacks
- Container Vulnerabilities
- Privacy
- Big Data
- Shadow IT
- Cloud Misconfigurations
- Fileless Maleware
- Side-channel Attacks
- Supply-chain Attacks
- Blockchain Threats
Breach Fatigue, Defender Countermeasures, Attacker Capabilities, Attacker AI & GDPR
DomainTools
DomainTools’ Research Engineer Chad Anderson said cyber attackers could be stepping up their game soon by using AI, which many in the security space will need to prepare for. He said DomainTools — which profiles these attackers and informs risk assessments that assist cyber-defenders — will be focused on keeping its client base in the know about AI and its potential as a method of attack by cybercriminals.
What are the top three cybersecurity trends you’re watching that are significantly impacting the industry?
The erosion of user trust due to breach fatigue is becoming an increasing problem in gaining consumer buy-in for security measures. Additionally, there is an increase in defender countermeasures due to new legislation requiring accountability and reporting for companies. Defenders need to know about attacks and data exfiltration as soon as possible, as they are monetarily on the hook for them in more and more jurisdictions. Lastly, there will be an increased sophistication of attacker capabilities as simple attack surfaces are continually hardened by security teams working on major products like Google’s Chrome and Apple’s iOS. We’ll see commercial hacking tools with AI and machine learning built-in so they can quickly operate on more difficult targets en masse.
"Engineers finding ways to operate effectively while reducing the private data they store may be the next big thing."
What under-the-radar cybersecurity trends are you watching that the industry isn’t talking about?
Attacker AI and machine learning and the long-term effects of General Data Protection Regulation are two areas that the industry may not be worried enough about. AI and machine learning are all the rage on the defensive side but there’s a huge opportunity here for attackers to use these techniques to produce clever attacks. Since attackers are generally motivated by simple and direct goals, the effectiveness of these attacks may be devastating to an unprepared security industry. GDPR is here and a lot of companies feel like they’ve passed the big hurdle, but now, holding customer data is more of a long-term risk than ever. Engineers finding ways to operate effectively while reducing the private data they store may be the next big thing.
How are these trends affecting the future of your company?
These trends mean that visibility is more important than ever, and our efforts towards drawing connections and pivots between different aspects of internet infrastructure help focus defenders on seeing the whole story without getting stuck in the mire. Building tools that interpret the shifting sands of the internet and provide actionable threat data is what we do and what we enjoy doing. The future is more of the same from us.
Microsegmentation, Zero Trust, Security Talent Crisis & Secure Networking
Tempered Networks
A fully operational internet network is a symphony of interconnected devices and data transmissions — and Tempered Networks works to protect all the instruments in the orchestra. Senior Solutions and Security Architect Jay Sawyer commented on a myriad of industry trends that the company is working to stay ahead of to help in its cyber-defense efforts.
What are the top three cybersecurity trends you’re watching that are significantly impacting the industry?
Microsegmentation, zero trust, and the security talent crisis are our main considerations in the cybersecurity industry. These three are some of the key features that are part of our security solution.
Microsegmentation and isolation create a new secure network perimeter — a logical air gap — at a time when the network perimeter seems to be disappearing in the industry. Zero trust is the process of “default deny all” in your network and trusting only the devices that are critical to your business. The security talent crisis is still growing and has gone from 70 percent to 91 percent in just several months, partly due to skills gaps and stress levels. To help with the talent crisis, we provide a solution that’s easy to learn and manage, and that doesn’t require years of learned skill to administer.
"Whether you’re protecting data in infrastructure technology or data and lives in operational technology, we all can be hacked."
What under-the-radar cybersecurity trends are you watching that the industry isn’t talking about?
Seven key elements of effective secure networking: identity, security, confidentiality, visibility, resiliency, scalability and management. Additionally, the logical air gap and simplicity. These may be considered under-the-radar today, but they are lining up to become forefront trends for cybersecurity.
Securing today’s networks and their objects is still a complex process. Along with the traditional connect-then-secure process, the security talent crisis, the challenge of zero trust and the need for an inherently secure network perimeter, it’s important for any company to find the best solutions that resolve these cybersecurity needs and issues.
How are these trends affecting the future of your company?
A complicated network provides huge pivot points that tend to attract hackers. Whether you’re protecting data in infrastructure technology or data and lives in operational technology, we all can be hacked. But with a simple and cost-effective solution, companies can stay ahead of and outmaneuver cybercriminals. The cybersecurity community has given great direction for Tempered Networks to extend its work in the industry with our providing a secure, identity-defined microsegmentation solution.
Fraud, Phishing, Denial-of-Service Attacks, Container Vulnerabilities
DigitalOcean
What are the top three cybersecurity trends you're watching that are significantly impacting the industry?
The growth of cybersecurity incidents has caused many companies across industries to invest more in security. Within the tech industry, fraud has become increasingly prevalent. Phishing campaigns have also risen in popularity among bad actors as it tends to be an effective and relatively cheap way to extort users. The industry has also seen attackers become more creative in their distributed denial-of-service attacks, which have the potential to take down servers and make resources unavailable to users.
What under-the-radar cybersecurity trends are you watching that the industry isn't talking about?
With the increasing popularity of Docker and Kubernetes, another rising trend in the industry is the growing relevance of container breakout vulnerabilities. A common misunderstanding is that containers (like OS virtualization) have complete logical isolation when they actually share kernel space. This means that misconfigurations or container breakout vulnerabilities in a single container can lead to compromises across containers. We keep a very close eye on this particular class of vulnerabilities.
"The industry has also seen attackers become more creative in their distributed denial-of-service attacks, which have the potential to take down servers and make resources unavailable to users."
How are these trends affecting the future of your company?
DigitalOcean operates at such a scale that it inspires our security team to constantly innovate in order to mitigate and reduce our risk against these threats. We have a responsibility to our customers to provide safety on our platform. This means that we can never become complacent with regards to security at DigitalOcean. We actively pursue creating new solutions to hard problems that often have no single answer.
Stash is a financial app with a mission to make banking and investing accessible to everyone. According to cybersecurity professionals, that translates to a lot of sensitive user data. Gavin Grisamore, VP, head of information security, told us which cybersecurity trends are always on his radar.
What are the top three cybersecurity trends you're watching that are significantly impacting the industry?
I’ll start with data privacy. The GDPR and CCPA legislation are leading the way in giving consumers more control over their data collected by businesses. Data collection by businesses has often been extensive to drive internal data analysis to support business goals and has recently come in direct conflict with the legislation and a consumer's right to privacy.
Then there’s big data analytics. It's no surprise that businesses generate a lot of data. Effectively analyzing this data, not only from a business perspective but also specifically for cybersecurity, is becoming critical for companies.
The third cybersecurity trend is Shadow IT. In addition to cloud infrastructure, companies and individuals are increasingly leveraging SaaS applications to perform a variety of work. All matters of internal, confidential and sensitive company data are ending up in these applications. The problem is that IT and compliance teams are struggling to keep up with the sheer number of applications, the data stored within them, and who in the organization is using them.
"Mobile app fraud is another big trend. According to RSA, more than 60 percent of fraud originates from mobile devices."
What under-the-radar cybersecurity trends are you watching that the industry isn't talking about?
AI attacks are a major cybersecurity trend that isn’t getting enough attention. Hackers are increasingly leveraging machine learning and artificial intelligence techniques to launch attacks. These technologies allow attackers to better scale their operations and avoid detection.
Another trend is cloud misconfigurations. As more companies transition to or begin their journey in the cloud, misconfigurations are becoming a common occurrence. Cloud SDKs and APIs allow for easy changes by developers; however, this leads to potential service disruptions or open the infrastructure to attack.
Mobile app fraud is another big trend. According to RSA, more than 60 percent of fraud originates from mobile devices. Cybercriminals are shifting toward mobile devices as mobile banking and financial apps increase in popularity with consumers.
How are these trends affecting the future of your company?
As a financial services company, our customer's safety and security are our constant priority. While all of the trends discussed are significant challenges, data privacy is our biggest challenge. As we scale our operations, we have the opportunity to bake in not only security protections, but also privacy protections. Customers’ preferences are shifting as they demand more privacy when they are online. At Stash, we want to not only be a leader in security, but also a leader in privacy to protect our customers. For us, these are not competing, but rather, complementary goals.
Fileless Maleware, Side-channel Attacks, Supply-chain Attacks, Blockchain
Transparent Systems
When working in the field of global financial settlements, you have to pay close attention to the latest happenings in cybersecurity. That’s certainly the case for Transparent Systems, whose platform allows for online payments through cryptographic systems. Engineer Justin Grant shared a few things the fintech company is keeping an eye on.
What are the top three cybersecurity trends you’re watching that are significantly impacting the industry?
Fileless malware, the rise of side-channel attacks like Rowhammer, and supply chain attacks are all cybersecurity trends we’re tracking.
"Building systems with true defense-in-depth is not optional in our space."
What under-the-radar cybersecurity trends are you watching that the industry isn’t talking about?
We’ve seen examples of blockchain as a malware delivery mechanism.
How are these trends affecting the future of your company?
We’ve moved toward a zero-trust model that assumes that intruders have already breached any network perimeter. Building systems with true defense-in-depth is not optional in our space.
DISCLAIMER: BuiltinNYC is a paid partner of Stash. Investment advisory services offered by Stash Investments LLC, an SEC registered investment advisor. This information is for educational purpose only, and is not intended as investment, legal, accounting or tax advice.
Responses have been edited for length and clarity. Images via listed companies.