5 Cybersecurity Trends
The cybersecurity industry continually evolves to meet changing needs and adopt new technologies. As such, it’s appropriate to take a look at annual trends. Here are five of them for 2019:
1. A Greater Reliance on Hackers for Hire
There’s a skills-shortage crisis in the cybersecurity industry, making it difficult for businesses to meet needs with full-time personnel. However, some hire freelance hackers who earn $1 million or more in total “bug bounties” for successfully exploiting vulnerabilities in systems or networks. When hackers do that, it becomes easier for companies to understand how to fix issues.
The U.S. government even takes this approach, and the Air Force reportedly leads the way in offering compensation to hackers that find problems. Earning a bug bounty typically requires hackers to show the vulnerability, as well as how to fix it.
2. Cybersecurity Taught in K-12 Education
Cybersecurity education programs are not new, but they’re typically for adult learners, such as people taking college programs. There’s a recent push to start teaching cybersecurity best practices earlier, such as in K-12 schools. Some advocates say introducing the subject in high school is too late, and that it’s best to do in elementary school.
By then, kids already understand the need to wash their hands to stop themselves or others from getting sick. Teachers could apply a similar analogy to cybersecurity and discuss how keeping digital devices “clean” helps those gadgets stay healthy.
Educators know that most of today’s learners grew up with technology and like using it. Now, they can be instrumental in helping them do it safely. If kids learn best practices from a young age, they could lead the way in helping the future stay safer from hackers that depend on people having weak passwords or falling for malware tricks.
3. Cloud Companies Getting SOC 2 Certifications
From 2014, companies that store data in the cloud had to get SOC 2 certifications. In 2019, cloud customers and providers alike are more familiar with this requirement and what it means. The SOC 2 is a type of technical audit that requires complaint companies to set and follow policies and procedures to keep information safe.
The SOC 2 verifies a company’s commitment to protecting customer data. It can also help them demonstrate to clients that the enterprise views strong security practices as a regular part of business. Some of the things covered under the umbrella of the certification, such as anomaly alerts and actionable forensics, help ensure that companies take proactive stances to prevent vulnerabilities.
Since the SOC 2 certification is about implementing all-encompassing policies that support security, it helps build customer trust. Businesses also benefit because compliance means focusing on data security in ways that facilitate longevity.
4. U.S. Lawmakers Getting Serious About Connected Device Security
One of the often-mentioned concerns about Internet of Things (IoT) gadgets is that manufacturers do not have to adhere to minimum security requirements when making these connected devices. The mindset is often something like “build and release the gadget now, fix security flaws later.” Device makers race to put their products on the market before competitors release similar products, and they don’t prioritize cybersecurity.
That may change soon, since U.S. members of Congress introduced The IoT Cybersecurity Improvement Act of 2019 in March. It would set standards for IoT brands providing devices to the U.S. government or contractors doing the same.
The act is an example that people at the national government level realize there’s no time to waste in building a framework for IoT manufacturers to adhere to. Other legislation could soon follow and drastically change the IoT landscape concerning security.
5. More Emphasis on Securing Voting Machines for Elections
The 2016 U.S. presidential election was ultimately a startling wakeup call that voting machines with insufficient security are threats to the nation. In the days leading up to and following the contest, cybersecurity analysts gave warnings about how voters in some districts used vastly outdated equipment for voting, and that hackers could change data in a matter of seconds.
The lack of a paper trail for voters highlights one of the pitfalls of moving forward with technology too quickly and doing away with traditional methods. This year, as people gear up for the 2020 elections and start choosing their favorite candidates, a discouraging number of voting machine flaws still exist.
The good news is that cybersecurity for voting machines is a topic that received mainstream awareness, and some experts want to do what they can to boost security. For example, the United States’ Defense Advanced Research Projects Agency (DARPA) is working on open-source technology for voting machines that could be virtually hacker-proof.
Once it finalizes the results of the endeavor, DARPA plans to release it freely to software experts around the world. Millions of computer experts could examine the software for weak points and give feedback to DARPA on potential improvements.
Up until recently, many people believed votes were accurately tallied, but that’s not always the case. This cybersecurity effort could change that.
An Action-Packed Year
2019 is nearly at its halfway point, and it has had several cybersecurity developments already. It’ll be fascinating to see what the rest of the year brings.
By Kayla Matthews