Security never stands still; new exploits, security standards and defense methods emerge every day. Keeping up with what’s new in the field is a challenge faced by tech teams and managers across industries. We teamed up with Detectify, a website vulnerability scanner that performs tests to identify security issues on your website, to share seven security trends to look out for in 2019.
1. Knowledge Sharing Throughout the Organization
There is more to security than encrypting sensitive data and keeping an eye on your networks and web applications. Organization-wide internal password policies, physical security guidelines, and access controls are just as vital as the more technical aspects of security. Ensuring that everyone, not just the security team, understands the importance of these measures can be an uphill struggle if security isn’t embedded in your company culture.
The solution is security knowledge sharing and communication across the organization. Adding security training to the onboarding process and inspiring teams to develop their security skills raises security awareness and improves basic security hygiene. Organizations that make knowledge sharing their mission in 2019 will have a headstart in transitioning to a security-first mindset.
2. Cloud Security
Tech giants have been using the cloud for years, but many organizations are still migrating their assets. As more businesses get started with cloud services, cloud security has become a hot topic that will continue to make headlines in 2019.
Misconfigurations, weak access controls, and exposed API keys are a few of the most common security issues to be aware of. Cloud providers are continually adding new security features, but this is not enough; cloud storage misconfigurations have caused a number of high-profile security incidents over the last year, affecting companies like FedEx and GoDaddy. Focusing on cloud security training and ensuring your tech teams are comfortable configuring cloud services is an investment that will pay off in the years to come.
3. Secure Software Development Lifecycle
Traditionally, security and development are handled by separate teams, with short release deadlines often resulting in incomplete security testing and vulnerable software. Fortunately, this is changing and security is becoming a natural part of the development cycle.
Developers are taking ownership of security by learning about common vulnerabilities like OWASP Top 10 while security teams are working to educate their coworkers and make security more accessible. In 2019, security and development teams will work more closely than ever before, ensuring that security is a priority from the first line of code.
4. Security Compliance as a Competitive Advantage
2018 was the year of governments establishing new ground rules for data regulation and privacy. We saw the EU’s General Data Protection Regulation (GDPR) take effect in May, and the California Consumer Privacy Act (CCPA) pass in June, coming into full effect in 2020. These regulations began pushing organizations towards a higher degree of accountability and transparency.
As data and privacy regulations rise, companies will need to take a privacy-first approach to data. 2019 will force businesses to put systems and processes in place to meet rapidly growing compliance demands. Those able to meet security and compliance standards will gain a competitive advantage. How you collect, store and process, encrypt, and store user data is not just another compliance checkbox that needs to be ticked, it’s a competitive advantage.
5. Security monitoring for incident detection
2018 was the year of security breaches that had gone unnoticed for months or even years. For example, the recent Marriott breach that exposed sensitive data belonging to up to 500 million hotel guests took place in 2014 and was not discovered by the company until September 2018.
“Detecting a hacker attack early on helps you prevent the hackers from escalating the attack and getting access to more information. Monitoring can also help you reduce the impact of a security incident. If you know exactly what the attackers have gained access to, you can take steps to minimize damage. You want to be able to block stolen credit-cards, change passwords, and know what business information other actors might have gotten their hands on. While it is easy to say that you should assume everything is compromised, it is not always realistic to do so and monitoring can help you narrow down the scope.” - Linus Särud, Security Researcher, Detectify
In security, every minute counts when it comes to incident response, which is why security monitoring is crucial. Without proper detection, not even the most robust incident response plan is good enough. Hopefully, 2019 turns out to be the year companies implement thorough logging that makes it easier to detect and respond to security incidents.
6. The Rise in Security Questionnaires
As security becomes a growing priority in business, companies are setting higher security standards, not just for themselves, but also for their vendors. External processes and networks are constantly being evaluated by way of Security Questionnaires.
In 2019, we predict a rise in Security Questionnaires being issued, meaning your team needs to have an efficient way of handling these requests. To make responding to Security Questionnaires easier, make repeatedly used content easily accessible and put a consistent response process in place to share across your team.
7. Security-savvy End Users
End users are becoming increasingly aware of the value of personal information and organizations’ responsibility to keep their data secure. In 2018 many companies, including major social media platforms, were put under scrutiny due to having failed to communicate how they collected and managed user data. Users’ security and privacy concerns have become more prominent in 2018 and 2019 is likely to see a continuation of that trend.
“Service providers need to deliver the appropriate security assurance to prospects, customers, and interested parties in an efficient and scalable manner. Customers need to know how to design a third-party risk assessment process (TPRA) that is risk-based, focused on what matters to your business, and scalable. Not being able to satisfy the assurance requirements of your prospects and customers will cost your organization.” - Paul Langley, Senior Information Security Manager, Loopio