2019 Security Predictions and Directions

The CIS”Drive by” and “watering hole” attacks will become more prominent

Avihai Ben-Yosef, Chief Technology Officer @ Cymulate | Rishon LeTsiyon, Israel

A phishing attack is like giving away poisoned candy and hoping people eat it, but Watering Hole and Drive-by attacks are like poisoning the village water supply and waiting for people to drink. These attacks, carried out via unsecured Internet browsing, can be composed of a variation of ransomware attacks, cryptojacking, exploits, and other malware. The attacks are located on legitimate, widely accessed, and infected websites, so there is a greater likelihood of a higher number of victims being affected. As cybercriminals and nation powers are more sophisticated than ever before with access to advanced knowledge and attack tools, combined with the unsuspecting nature of these attacks, we are likely to see many more of this kind in 2019. These attacks will affect organizations, networks, endpoints, and more, resulting in large monetary and data loss damages. This could be the initial trigger of a full APT attack on an organization or part of a worldwide cyber campaign targeting hundreds of thousands of victims at the same time. 

Brief Biography
Avihai served as a lead technology leader in the IDF’s Elite Intelligence Unit. Previously, Avihai was the Head of the Cyber Research Team at Avnet Cyber & Information Security, where he worked for several projects on behalf of the Israeli Ministry of Defense.

Important Issues:

  • A global shortage of security professionals.
  • Automating an organization’s security procedures and tasks.
  • Prioritization of risks and their associated mitigation procedures.

Direction for CSOs and Decision Makers:

  • Optimize your security spending. Learn how to maximize your current security solutions, ensure the products and services do not overlap, and provide an effective and efficient security framework.
  • Instead of the conventional practice of an annual security assessment, continuously validate your security posture.
  • Stay up to date with the current trends and latest attacks as the attacks in 2019 will spread at an even faster pace.

Cymulate helps companies stay one step ahead of cyber attackers with a unique breach & attack simulation platform that empowers organizations with complex security solutions to safeguard their business-critical assets. By mimicking the myriad strategies hackers deploy, the system allows businesses to assess their true preparedness to handle cyber security threats effectively. Chosen by Gartner as a 2018 Cool Vendor, Cymulate’s SaaS-based platform allow users to run simulations 24/7 from anywhere, shorten the usual testing cycle, and speed up time to remediation.

Supply chain cyber risk

Laura Lee, Executive Vice President of Rapid Prototyping @ Circadence | San Diego, CA USA

Supply chain cyber risk will be one of the biggest issues in 2019 and will require a coordinated effort to address. Risks from third party service providers with physical or virtual access to information systems, poor information security practices, and compromised software or hardware components, are only a few of the vulnerabilities that stem from this issue. Since breaches tend to be less about technology and more about human error, IT security systems won’t secure critical information unless employees throughout the supply chain use secure cyber practices. We’ve seen these types of attacks already and we will see more of them in 2019 as this approach catches on. As companies start to get a handle on their internal cyber risk, they will be learning that they need to look at a broader attack surface and everything that touches them. 

Brief Biography
Laura Lee leads multi-disciplined teams in the development of new capabilities for cybersecurity training and assessment.  Her expertise in artificial intelligence and machine learning inspires teams of game designers, cyber operators, and software developers to create immersive and engaging cyber learning solutions for the company. Prior to working at Circadence, she directed the research and development for cyber exercises at Johns Hopkins University/Applied Physics Lab. Laura holds a bachelor’s degree in Aerospace Engineering and Mechanics from the University of Minnesota, a master’s degree in Aerospace Engineering from Notre Dame, and Juris Doctorate from George Mason School of Law.

Important Issues:

  • Social media infiltration.
  • Cloud migration.
  • Cyber Risk Mitigation with CISO and C-Suite Alignment.

Direction for CSOs and Decision Makers:

  • Adopt a persistent cyber learning strategy to keep pace with evolving threat.
  • Align cyber risk mitigation strategies with business objectives to gain C-Suite visibility and buy-in on cybersecurity as a business risk.
  • Foster a “cybersecurity is everyone’s problem” cultural shift with C-Suite.

Circadence® Corporation is a market leader in next-generation cybersecurity education and learning. Powered by a culture of innovation and the demands of an evolving cyber landscape, Circadence offers cyber range solutions and cybersecurity learning platforms that leverage artificial intelligence and custom content to address critical security challenges for enterprise, government, and academic institutions. Circadence’s solutions deliver persistent, immersive and true-to-life experiences that match and adapt to contemporary threat environments.

AI-infused Solutions Will be Leveraged as Security Becomes More Outcome-Oriented

Gaurav Banga, Founder and CEO @ Balbix | San Jose, CA USA

Traditionally, security programs have focused on completing point projects. Checking items off to-do lists without fully understanding whether or not the projects had any meaningful impact on overall security posture. Recently, companies more and more are realizing they can’t afford to spend time and resources completing projects without knowing for certain those actions are having a positive impact on reducing overall risk. In 2019, we will see a shift in companies leveraging advanced tools that benchmark risk and identify the mitigation actions that will most impact and strengthen security posture. As organizations focus more on the actual outcome of their security activity and the effectiveness of the tools they deploy, AI-based solutions will play a bigger role. With the number of cybersecurity threats growing every day and increased digitization of assets/processes vulnerable to those threats, it is mathematically impossible for humans to manage the task of sifting through hundreds of thousands of vulnerabilities to determine which to prioritize. AI tools that continuously monitor all assets and proactively predict what vulnerabilities are most likely to be exploited are absolutely essential. 

Brief Biography
Gaurav Banga is the Founder and CEO of Balbix, and serves on the boards of several companies. Before Balbix, Gaurav was the Co-founder & CEO of Bromium and led the company from inception for over 5 years. Earlier in his career, he served in various executive roles at Phoenix Technologies and Intellisync Corporation, and was Co-founder and CEO of PDAapps, acquired by Intellisync in 2005. Dr. Banga started his industry career at NetApp. Gaurav has a PhD in CS from Rice University, and a B.Tech. in CS from IIT Delhi. He is a prolific inventor with over 60 patents.

Important Issues:

  • Organizations simply don’t have the resources for their security teams to be completing projects without clearly understanding what kind of an impact those projects will have on reducing the company’s overall risk.
  • It is mathematically impossible for security teams to monitor and respond appropriately to all vulnerabilities.
  • Even the largest security team comprised of the most skilled IT professionals can’t effectively prioritize which actions to take first in order to secure the most important business assets without the help of AI.

Direction for CSOs and Decision Makers:

  • Focus security team’s efforts on benchmarking company risk and taking properly prioritized actions/completing projects to measurably improve resilience and reduce risk.
  • Leverage advanced AI- and ML-based security solutions to keep pace with the constantly growing number of threats and your organization’s attack surface.
  • AI will NOT replace human security pros. Humans will still be needed to act on the information that AI and ML tools produce, and will focus more on the larger strategy behind your company’s security posture and help the security program become more outcome.

The Balbix breach avoidance platform, BreachControl™, is the industry’s first system to leverage specialized artificial intelligence (AI) to provide comprehensive and continuous predictive assessment of breach risk. Visualized via a searchable and clickable risk heat-map, it is designed for CISOs, CIOs and IT security teams. BreachControl can forecast critical breach scenarios and prioritize/recommend fixes by business risk, improving security operations, compliance and cyber-resilience.

Identities will become the new security perimeter in 2019

Balaji Parimi, Founder and CEO @ CloudKnox Security | Sunnyvale, CA USA

In 2019, the big cloud providers will start to realize that most enterprises are not going to migrate 100% of their applications to public cloud and will focus on delivering solutions that provide a seamless hybrid cloud experience. This will further blur the definition of the security perimeter, effectively making “identities” the new perimeter. Couple this paradigm shift with the unprecedented levels of automation that give identities vast power and enterprises will begin to rethink their approach to managing identity privileges across clouds. Enterprises will move away from depending on static role-based access controls (RBAC) to manage identity privileges and will start to turn to more dynamic authorization models (like activity-based controls) to achieve the principal of least privilege.

Brief Biography
Balaji Parimi is Founder and CEO of CloudKnox Security, a cloud security company that empowers organizations to manage the identity privilege lifecycle across private and public cloud infrastructure. Prior to founding CloudKnox, Balaji was VP of Engineering and Operations at CloudPhysics, Staff Engineer at VMware, Architect and Technical Lead at 8X8, and Senior Software Engineer at Quality Call Solutions.

Important Issues:

  • Shadow infrastructure will emerge and take center stage.
  • The rise of non-human identities will make insider threats tougher to mitigate.
  • The proliferation of identity privileges across private and public cloud will render current manual management approaches obsolete.

Direction for CSOs and Decision Makers:

  • Get a true understanding of your insider threat risk posture by gaining deep visibility and insight into the activity and privileges of every unique human and non-human identity within your environment.
  • Implementing a solution that leverages a static Role-Based Access Control (RBAC) model will not work if you are trying to achieve the principal of least privilege in the cloud. Consider a dynamic authorization model that continuously monitors the activity.
  • Managing identity privileges should not be about restricting privileges and inhibiting productivity but about giving identities – whether human or non-human – the authority to use “just enough” privileges to perform their day-to-day jobs.

CloudKnox delivers a single platform for managing the entire identity privilege lifecycle across hybrid cloud utilizing a revolutionary Activity-based authorization model. This groundbreaking approach offers a non-intrusive way to manage identity privileges and protects organizations’ critical infrastructure from malicious and accidental misuse of credentials.

The CISO will be reborn and rebranded
Stephen Moore, VP and Chief Security Strategist @ Exabeam |Indianapolis, IN USA
Since its initial inception, a CISO’s true role has been a topic of hot debate. Are they organizational influencers and C-suite members or just sacrificial lambs in the event of a security breach? Recent trends show that fewer CISOs are reporting directly to the CIO, and are instead acting more independently and strategically within their organization. A key driver of this could be that cybersecurity is now on the boardroom agenda in its own right, instead of falling under “general IT issues.” As a result, many CISOs are spearheading security messaging as part of organizational strategy instead of CIOs or CTOs, who previously handled such communications.

Brief Biography
Stephen Moore is the VP and chief security strategist at Exabeam, the leader in security intelligence platforms. His main focus is driving solutions for threat detection and response, and advising customers in breach management and program development. Prior to Exabeam, Stephen spent more than seven years at Anthem in a number of cyber security practitioner and leadership roles. Most recently, he served as staff vice president of cyber security analytics, playing a leading role in the response and remediation of Anthem’s infamous 2015 data breach.
Important Issues:
Cyber incident response & orchestration
Cloud Visibility
Device Analytics for IOT, Energy, and medical devices
Direction for CSOs and Decision Makers:
Be friendly and follow the money: Prepare for security data to drive key decisions within the sales, legal, and marketing teams. This will interestingly drive board relevance
Focus on results-based measurements: Focus on metrics that represent real risk and effort, rather than “shock and awe” reporting, to move the internal security conversation forward in a meaningful way
Your paper IR plan is quietly terrible. It fails to represent the scope and pressures of a breach. At minimum, automate the repeatable technical steps, get friendly with your internal allies, and have solutions that can build incident timelines.

Mobile Malware Growth to stole credential and account takeovers
Davide NG Fania, CEO @ XTN Cognitive Security | New York, NY USA
For those who target personal bank accounts, ​mobile malware is cheaper and safer to use ​than banking trojans. Today, solutions should be able to:

  • provide the right balance between security and user experience​,
  • avoid frictions that could cause the user to leave your business service​ (app adoption),
  • Keep high control over the authentication and authorization processes and take more security measures only in case of risk.

Brief Biography
Davide NG Fania is a manager with proven decades experience in the areas of Information Technology, Biomedical e Medical Devices Automation, and that bases its success stories on strong creativity to innovation and holistic view of the business, a supporter of the global market and strategic partnerships.
Important Issues:
Mobile Authentication
Mobile Banking-Payments
Threat-based impersonation scams
Direction for CSOs and Decision Makers:
Introduce passwordless and Multifactor Authentication tools within your organization
Introduce non-invasive and frictionless security solutions for every single endpoint
Improve awareness on using mobile devices

Hillstone Networks’ Layered Threat Protection provides continuous threat defense at perimeters, internal networks and their critical assets, down to each virtual machine. Established in 2006 by NetScreen, Cisco and Juniper executives, Hillstone Networks is relied on by more than 15,000 customers around the world, including Fortune 500 companies, higher education, financial institutions and service providers. Hillstone Networks’ US headquarters is located in Santa Clara, California.

Cyber hygiene and resilience will remain top priorities for enterprises
Josh Mayfield, Director of Security Strategy @ Absolute | Austin,TX USA
In 2019, we’ll continue to see the pendulum swing faster toward a strong security posture, viz. resilience. Cyber hygiene practices (e.g. Zero Trust) will continue to expand, and demonstrate their impact with IT and security teams. Additionally, the focus on cyber hygiene frees up many of the wastes in security architectures and assets; removing much of the agent and tool bloat.

Brief Biography
Josh is Absolute’s Director of Security Strategy and works with Absolute customers to leverage technology for stronger cybersecurity, continuous compliance, and reduced risk on the attack surface. He has spent years in cybersecurity with a special focus on network security, threat hunting, identity management, and endpoint security. His research has been featured in leading security publications including SC Magazine and Dark Reading, and he is often cited by business and tech journalists for his analysis of cryptocurrencies, security operations and attacker psychology.
Important Issues:
Endpoint visibility and control to boost detection and response
Data privacy and data integrity
Resilience and cyber hygiene
Direction for CSOs and Decision Makers:
Close your capability deficit across people, process, and technology
Enforce KPIs that focus on resilience
Adopt frameworks – Zero Trust, NIST CSF, CIS, etc.—to formalize cyber resilience

Ransomware Will Take a Back Seat to Cryptojacking
Bogdan Botezatu, Director of Threat Research and Reporting @ Bitdefender | Bucharest, Romania
The most profitable form of malware, ransomware remains a constant threat. We still record copious numbers of infections daily, but the good news is ransomware is no longer growing – it’s plateauing. One reason is already well documented: ransomware has taken a back seat to cryptojacking in the past year as attackers developed a taste for stealing computing power to generate digital currency while flying under the radar. But an even heftier factor behind ransomware’s stagnation is the emergence of dedicated solutions aimed directly at thwarting this form of malware. There will always be new versions of ransomware, some more complex than others and some harder to catch, but we don’t expect ransomware to take on much bigger proportions in 2019.

We also forecast an increase in JavaScript-based miners embedded in webpages – like the YouTube cryptojacking incident where attackers conducted a malvertising campaign and injected miners within ads displayed on YouTube.

Finally, we can expect a shift from drive-by-downloads of malware to full blown drive-by-mining. In other words, the use of web-mining APIs that perform crypto-mining, directly in the user’s browser, instead of exploit-kits to download malware onto the victim’s computer.

Brief Biography
Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the Web without protection or how to rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that anti-malware research is like working as a secret agent: you need to stay focused at all times, but you get all the glory when you catch the bad guys.
Important Issues:
Advanced Persistent Threats
Direction for CSOs and Decision Makers:
Identify and protect against APTs by deploying layered security. This increases the cost of attack for threat actors, and provides complete visibility across the infrastructure in order to spot any anomalous behavior that’s indicative of a data breach.
Make sure you understand how digital transformation has blurred the line between your company and the outside world. Account for these technologies when installing and planning for security.
Consider making a significant investment in training staff on the best security practices for the workplace.

2019 is the year that network and security operations unite
Adam Bixler, Director, Product Management @ NETSCOUT | Baltimore, MD USA
Shared visibility will lead to shared success.

For many years, both the network and security teams have shared very similar capabilities. Both are charged with policing enterprise networks, services, and applications, looking for system faults or anomalies that could be the result of failures or malicious activity.

The integration of the network operations center and the security operations center will produce tangible benefits for the enterprise. The two departments will operate in tandem, successfully managing, monitoring, and defending enterprise networks. They will be able to communicate and coordinate seamlessly, which will increase efficiencies, optimize resources, and lower costs.

The worlds of assurance and DDoS security are finally coming together to provide in-house security and network operations teams with a platform that provides the highest degree of visibility possible on the market today. This combined proposition is underpinned by smart data and analytics that will provide security and network teams with comprehensive visibility of what is happening across their entire IT infrastructure in real time, empowering them to make decisions that will have an immediate impact..

Brief Biography
Adam Bixler has had a distinguished career as Cybersecurity professional, an entrepreneur, a product management leader and a veteran of the US Air Force. He has worked at all levels of information security and operations including: network design and configuration; data center management; certification and accreditation; network security analysis; compliance validation and systems auditing; and policy and plan development. He was Co-Founder and COO of Efflux Systems which was acquired by NETSCOUT, and Co-Founder of Morta Security which was acquired by Palo Alto Networks. Bixler currently leads NETSCOUT’s External Threat Detection offerings and is in the US Air Force Reserve.
Important Issues:
Network Visibility
Internet of Things (IoT) Security
International cooperation: Solidarity amongst nations to limit threats
Direction for CSOs and Decision Makers:
Have network and security teams–and tools–work together to achieve comprehensive visibility into what is happening across your infrastructure in real time.
In order to stop the modern-day DDoS attack, deploy a hybrid or layered approach to protection.
You don’t have to go it alone. Outsource DDoS attack protection to the experts, who have the latest technology, dedicated expertise, and knowledge of industry-best practices.

Increasing use of automation by defenders and attackers
Nimmy Reichenberg, Chief Marketing Officer @ Siemplify | New York, NY USA
The cybersecurity battle ground is unlikely to turn into a pure “robots fighting robots” affair anytime soon, but 2019 will continue to see increased use of automation by both defenders and attackers. Those who do a better job leveraging automation will be better positioned to gain the upper-hand.

On the attackers front, look for advanced automation that is AI/ML-based. Attackers will be able take information from successful attacks and apply it to generate more effective, new attacks. From the defenders side, we will see increased adoption of automation across prevention, detection and response. Automation should start by leveraging AI to prevent as many attacks as possible, improving detection to minimize false positives, and finally, automating incident response playbooks so that security analysts can focus their time on truly high-value work.

Brief Biography
Nimmy brings extensive experience growing innovative security companies into global brands. As CMO of Security Orchestration, Automation and Response (SOAR) provider Siemplify, he is responsible for driving global strategy and market awareness for the company’s market-leading security orchestration platform.

A cybersecurity industry veteran and former engineer, Nimmy has more than 15 years of experience helping enterprises around the world tackle their security challenges. Nimmy held leadership positions at eSentire, AlgoSec and NextNine, he is a frequent contributor to leading security publications including SC Magazine, Dark Reading and Security Week, and has spoken at countless security conferences including RSA.
Important Issues:
Security Orchestration and Automation
Cross-Cloud Security
Security Awareness Training
Direction for CSOs and Decision Makers:
Automate as much as you can
Learn to communicate the business value of security
Make the CIO your best friend

Industrial controls/critical infrastructure will continue to be in the cross-hairs
Satya Gupta,Founder & CTGO @ Virsec | San Jose, CA USA
The good news is that the ICS/SCADA industry is waking up to the significant security risks and addressing gaps in security. The bad news is the gaps are large and will require time and big investments to upgrade aging, vulnerable systems.

Brief Biography
Satya Gupta is Virsec’s visionary and has over 25 years of expertise in embedded systems, network security and systems architecture. Previously he was Director of Firmware Engineering at Narad Networks and Managing Director and Chief Engineer at Eastern Telecom and Tech Ltd. Satya holds six patents in complex firmware architecture with products deployed to hundreds of thousands of users. He holds a BS degree in Engineering from the Indian Institute of Technology in Kanpur and additional degrees from the University of Massachusetts at Lowell.
Important Issues:
The number of known vulnerabilities is exploding. This explosion reflects the increased complexity of the software stack that most companies use, and the increased dependence on third-party tools.
Keeping up with patching is impossible. It’s daunting enough to simply to patch all these vulnerabilities, and many organizations are increasingly wary of “security-by-patching.”
Dwell times for attackers is increasing. The Marriott and 1-800-FLOWERS breaches announced in2018 both went undiscovered for at least 4 years! Allowing hackers unfettered access for years on end is clearly a recipe for disaster.

The user will become more important than the device
Timothy Brown, Vice President of Security @ SolarWinds | Durham, NC USA
The approach to securing the workplace has changed as more people work remotely and users bring a myriad of personal devices to work. People take their work laptops and sensitive company data home to networks that may be insecure. And perimeter-level defenses now offer fewer protections than they used to.

Instead, security experts will start managing risk based on user profiles. As an example, an employee on a trusted work device inside the company network presents less risk than an employee on a personal mobile device on their home network. Additional layers of security like multifactor authentication need to be built into the new paradigm.

Handling user-centric security requires a common-sense approach with a focus based on the level of risk, and it doesn’t need to be overwhelming or complicated. For example, the head of finance who has access to personal data needs more rigorous security requirements than a copywriter who only accesses the content files. You could require that the riskier user connect via VPN to ensure their machine is clean. The point here is that we may need to shift our thinking toward users rather than just data or IT assets.

Brief Biography
Tim Brown is currently the Vice President of security for SolarWinds, overseeing internal IT security, product security, and security strategy. As a former Dell Fellow and CTO, Tim deeply understands the challenges and aspirations of the person responsible for driving digital innovation and change. Tim has over 20 years of experience developing and implementing security technology. Nationally, his trusted advisor status has taken him from meeting with members of Congress and the Senate to the Situation Room in the White House. He is a member of the advisory board for Clemson University and holds 18 issued patents on security-related topics.
Important Issues:
User-centric security will circumvent device-centric security.
The patience with nation state attacks is over and we will likely start seeing increased response.
Data breach reporting may expand as the focus on privacy increases.
Direction for CSOs and Decision Makers:
Don’t neglect the basics; cyberhygiene remains your most important offensive play.
Partner where it makes sense to leverage specialized skills and solutions without breaking your own budget.
Mentor newcomers in the field so you can play a role in shaping the next generation of cybersecurity professionals and help mitigate the skills gap.

2019 will see the intersection of privacy laws and DevOps
Altaz Valani, Research Director @ Security Compass | Toronto, Ontario, Canada
The ability to respond quickly to customer requests related to privacy will be key for preventing disruptions to product feature development. The increasing customer demand for privacy, as well as new and rigorous cybersecurity laws like GDPR and NY DFS, require organizations to follow secure development procedures and to prove their compliance with regulatory bodies. To this end, agile development teams that embrace DevOps will extend these processes and best practices to include DevSecOps – incorporating new privacy and security regulations into the development processes as early as possible and in a highly-automated and auditable way. Teams will be able to manage security, risk, and compliance in the entire pre-production cycle, from planning to validation.

The intersection of privacy laws and DevOps will see the emergence of new or enhanced technology platforms to ease these new compliance burdens. Policy-to-procedure platforms, like SD Elements from Security Compass, eliminates the need to pour through policies and documentation manually and instead offers contextual requirements directly through JIRA or other ALM tools. The platform reduces the bottle-neck dependency on meeting with resource-constrained security, privacy, and compliance experts by automating dissemination of their most common guidance to developers, directly in the tools they use every day. As a result, far fewer security issues arise at the testing phase, which keeps costs down and schedules predictable. Other reported advantages include overcoming the scarcity of talent through automation and accelerating decision-making by aligning security, compliance, and risk priorities with business needs.

Brief Biography
Altaz Valani is the Research Director at Security Compass responsible for managing the overall research vision and team. Prior to joining Security Compass, Altaz was a Senior Research Director at Info-Tech Research Group providing CIOs, IT managers, Directors, and Senior Managers with trusted advice and analysis around application development – including Agile, Cloud, Mobile, and the overall SDLC.

Targeted intrusions via supply chain attacks will rise
Michael Sentonas, VP of Technology Strategy@ CrowdStrike | Sydney, Australia
Over the last 18 months, supply chain attacks become one of the biggest threat vectors as organizations struggled with vulnerabilities. Software supply chain attacks have grown in frequency because of the high number of organizations that depend on third-party software for business operations and this shows no sign of slowing down in 2019. Supply chain attacks are a threat with significant potential for acquiring large numbers of victims and are often tied to well-resourced adversaries. Supply chain attacks will not only grow in frequency, but also in sophistication.

Brief Biography
Mike Sentonas is VP Technology Strategy at CrowdStrike. Reporting to the Co-Founder and CTO, Sentonas’s focus is on driving CrowdStrike’s technology strategy. With over 20 years’ experience in cybersecurity, Sentonas’s most recent role prior to joining CrowdStrike was Chief Technology and Strategy Officer, Security Connected at Intel Security.
Important Issues:
Enterprise Ransomware
Up-leveling cyber as a priority to BoDs
Commerical espionage from nation-states
Direction for CSOs and Decision Makers:
Integrate the cloud into your security stack
Use next-generation tools such as AI, endpoint detection and response, etc.
Have a team of managed threat hunters to proactively scan your network 24/7/365

Increase in Automotive Cyber-Attack Incidents in the Smart Mobility Ecosystem
Dan Sahar, VP Product @ Upstream Security | Herzliya, Israel
Remote attacks through Smart Mobility services will increase substantially, with back-end servers, telematics servers and mobile apps continuing to face attacks such as ransomware and unauthorized access. As different systems continue to work together, introducing new features and selling points for consumers, the infrastructure is becoming more complex. Each new service connected to a vehicle is a new potential entry point for hackers. The control that a company will have over a third party service varies from example to example, but the common denominator is further complexity in visibility and control.

One trend to look out for in 2019 is a growing amount of fraud and misuse by both consumers and mobility services’ drivers. The complex automotive environment makes it difficult for businesses to stay on top of every transaction. Hacking incidents will include fleet drivers hiding violations of company policy or altering mileage or misuse, while consumers may steal the identity of other users to ride for free on ride hailing or car sharing services.

Brief Biography
Dan drives product management and go-to-market activities for Upstream, bringing more than 18 years of marketing and product management experience at high-technology companies. Prior to Upstream, Dan was Co-founder and VP of Marketing for Qwilt, from inception to becoming the market leader in Edge Content Delivery with eight digit annual revenues. Earlier in his career, Dan held a variety of product and marketing roles in leading vendors such as Crescendo Networks, Juniper Networks and Kagoor Networks as well as engineering management positions at Kagoor Networks and Seabridge. Dan holds a BA in Computer Science and Business and an MBA (Marketing).
Important Issues:
Cyber Attacks
Misusage of Smart Mobility Services
Direction for CSOs and Decision Makers:
Implement Your Defense In Depth Approach
Ensure Protection Coverage of Automotive Cloud, In-Vehicle, and IT Network Cybersecurity
Deploy the Means to Enforce Business Policies

Securing the mobile channel continues to be a wild ride
Will LaSala, Director of Security Solutions, Security Evangelist @ OneSpan | Chicago, IL USA
2019 is likely to bring about an even brighter future for mobile app development. Although it’s nothing new to the app world, several high-profile companies have been attacked and users are more concerned than ever with privacy. New and old attacks to mobile devices and applications seem to appear daily, yet financial institutions and organizations are still not taking proactive steps to protect the user’s apps on their devices. Expect some of the best minds in the industry to work harder to provide the best protection against hacking and phishing attacks to help tame this major concern. In 2019, application shielding will continue to play a major role in protecting mobile applications. Mobile app shielding technology can detect and mitigate any tampering with a mobile app to stop the malicious code before it can cause damage.

In addition, we’ll see some of the scariest threats in mobile—overlay attacks, phishing attacks and mobile app threats will only get more dangerous. Studies show that users are three times more likely to fall for phishing attacks via mobile devices than they are other channels and we will see this trend take off in 2019. Ransomware attacks on mobile devices will also continue to increase as well as an increase in code-injection attacks. These multi-payload attacks will be one of the scariest threats in 2019 and they will also be easy to for anyone to create.

Brief Biography
Will joined OneSpan in 2001 and brings over 25 years of software and cybersecurity experience. He is involved in all aspects of product implementation and market direction within financial institutions as well as top Fortune 500 organizations for enterprise security, healthcare, U.S. government, online gaming and mobile application development. Will currently empowers the markets and OneSpan’s largest clients with direct communication of new products and features and security changes. Previously he worked as a Sr. Systems Engineer and Developer for a consulting firm in New England. Will also spent eight years as CTO at a prominent ISP in New England.

The data growth train is heading for a security wreck
Colin Britton, Chief Strategy Officer @ Devo Technology | Cambridge, MA USA
We’re seeing many Fortune 1000 and 2000 companies sacrifice insight from their data operations because current solutions can’t meet their needs. These enterprises aren’t getting the insight they need from data, and as a consequence are missing business opportunities, while also exposing their organizations to the risk of security breaches. Some companies only look at 20-40% of their data. This means 60-80% is being dropped on the floor simply because they can’t handle the volume, the number of new data sources, or the speed at which incoming data is growing.

Brief Biography
Colin is the Chief Strategy Officer at Devo Technology. Previously he was CSO at LiveAction and VP of Data and Strategy for GFI Group which included LogicNow (acquired by Solarwinds), GFI (acquired by Versada), and Teamviewer (acquired by Permira). Britton is formerly CTO of Autotegrity, a data-driven digital marketing startup in Cambridge MA, acquired by ADP in 2011. Prior to this he founded a number of startups in the Boston area. He is an advisor to Picsart in the area of data science. His activity and experience spans M&A, cloud computing, big data, digital marketing and machine intelligence.
Important Issues:
A1 Data
Alert fatigue from autonmous threat detection
Direction for CSOs and Decision Makers:
All data is important and needs to be secured.
Make data security practices part of your due diligence.
Be prepared for an increased federal focus on cybersecurity and critical infrastructure security.

Account privileges & emails will remain the most-targeted attack vectors
Joseph Carson, Chief Security Scientist @ Thycotic | Washington, DC USA
Email and stolen privileges will continue to be the primary method of out-maneuvering organizations’ security protections to inhibit services, disrupt productivity, steal sensitive data or conduct financial fraud. Strengthening security to limit the impact and risk of emails and privileges should be the No. 1 priority for all organizations 2019. Proper security improvements will reduce vulnerability to these cyberattacks which will remain a critical threat in 2019. By controlling inbound email content and implementing a least-privilege strategy, organizations can significantly reduce cyber risk.

Brief Biography
Joseph Carson has more than 25 years of experience in enterprise security and is an InfoSec award winner and author of Privileged Account Management for Dummies and Cybersecurity for Dummies. He is a CISSP and an active member of the cybercommunity, speaking at conferences globally. He’s a cybersecurity advisor to several governments, as well as critical infrastructure, financial, and maritime industries.
Important Issues:
Privileged Access Management (PAM)
Direction for CSOs and Decision Makers:
Protect your most critical data by adopting a least-privilege strategy and securing your privileged accounts.

Opportunistic ransomware isn’t going away– watch “frontrunners” Matrix & Ryuk
Chester Wisniewski, Principal Research Scientist @ Sophos | Vancouver, Canada
The authors of opportunistic ransomware operate similar to a penetration tester in the way they scope out the network, looking for vulnerabilities and weak entry points. However, unlike penetration testers, cybercriminals then act on their findings in a methodical way to inflict maximum damage. They stake out victims, move laterally throughout the network, manipulate internal controls, and more.

This human-centered approach has proved successful, with the authors of SamSam ransomware collecting $6.7m over the course of almost three years. Other cybercriminals have taken note, and in 2019 partners’ customers will see more and more copycat attack attempts. In particular, Matrix, which appears to be constantly approved upon with new versions, and Ryuk, which is geared toward enterprises and large organizations that have the funds to pay up, will be strains to watch out for.

Next year, partners will need to implement security technology for their clients that prevents threats them from happening in the first place, and also provides lateral movement protection to isolate and stop the spread of stealthy ransomware that could be moving throughout the network.

Brief Biography
Chester Wisniewski has been involved in the information security space since the late 1980s. He is currently a Principal Research Scientist in the Office of the CTO. Chet divides his time between research, public speaking, writing and attempting to communicate the complexities of security to the press and public in a way they can understand. Chester has spoken at RSA, InfoSec Europe, LISA, USENIX, Virus Bulletin and many Security BSides events around the world in addition to regularly consulting with NPR, CNN, CBC, The New York Times and other media outlets. You can follow Chester on Twitter as @chetwisniewski.

Security business trends that will continue developing in 2019
Maxim Frolov, Managing Director @ Kaspersky Lab North America | Woburn, MA USA
Businesses, especially SMBs, will be moving towards managed security services:

Organizations, especially SMBs are experiencing a lack of talent and may find it difficult to keep their in-house IT security stuff motivated and trained. Besides, they would want a clear SLA and also would prefer to move their IT security expenses from CapEx to OpEx which is easier for business. This will drive further demand for managed security services in 2019.

Supply chain attacks on businesses will remain a major concern for corporate cyber protection:

In the last couple of years, we saw a number of supply chain attacks such as AppleJeus, Olympic Destroyer, ShadowPad, and ExPetr. In these cases, businesses that were not the most interesting target for sophisticated threat actors were still affected in the attacks aimed at larger prizes.

While we already see both software and hardware supply chain attacks, we believe these will increase next year — and organizations will need new approaches with more strict requirements for service providers, hardware and software makers, to reduce the risks.

Managing reputation risks after a breach will become more and more important for enterprises:

Last year alone saw a few cases when massive breaches went worse because of how incident response was handled, especially the communication part of it. Examples of Equifax and Uber are still fresh in the memory. More attention to reputational aspects of the breaches will drive demand for expertise around how to establish the right processes of building communications after a breach.

Brief Biography
Maxim Frolov is the Managing Director in North America and Vice President of Global Sales. Frolov’s regional responsibilities, include leading North American sales, marketing, and business development functions and focus on achieving the company’s objectives for continued business growth in the region.

Frolov has over 20 years of experience in the IT industry, with a solid track record across multiple businesses and geographies. He is a graduate from the Space-Engineering Academy in St. Petersburg, Russia.

Open Banking standards/new technologies bring innovation to financial services
Frederik Mennes, Senior Manager Market & Security Strategy, Security Competence Center @ OneSpan | Chicago, IL USA
One of the most important trends we’ll see in 2019 is the global adoption of Open Banking, especially in the United Kingdom, the European Union and Asia-Pacific (primarily in Singapore, Hong Kong and Australia). Open Banking allows third-party payment service providers (TPPs) to obtain consumer data from banks about financial history, and to initiate payments directly through bank accounts. As such TPPs have the ability to build innovative financial service solutions for consumers and enterprises, such as account aggregation applications and new payment methods, around APIs provided by banks. This should give rise to more diverse payment mechanisms, with lower cost and increased convenience, for users.

In the context of Open Banking, we will see a lot of discussion around the convenience of the authentication process. When the user wants to access a bank account application through the application of a TPP, the user has to be authenticated by the bank, and the authentication flow needs to be integrated into the TPP’s application. The authentication needs to happen in a secure way that is convenient for the user at the same time, otherwise users will not adopt the applications of TPPs. There’s still a lot of discussion between financial institutions, TPPs and regulators about how this authentication can happen, and different approaches (e.g. embedded, redirection, decoupled). This discussion will especially take place in the European Union, as financial institutions need to provide Open Banking APIs by September 2019, with the timeline set out by the Regulatory Technical Standards of PSD2.

Brief Biography
Frederik heads OneSpan’s Security Competence Center, working on the security aspects of OneSpan’s products and infrastructure. He is a regular speaker at industry events and conferences about security technology, and a contributor to the Initiative for Open Authentication (OATH). In addition, Frederik has supported the Information Security Group (ISG) at Royal Holloway, University of London in various educational roles. He earned an MBA from Vlerick Business School (Belgium), an M.Sc. in Information Security from Royal Holloway, University of London, and an M.Sc. in Computer Science Engineering from KU Leuven, Belgium.