This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more.
This Website Uses Cookies
By closing this message or continuing to use our site, you agree to our cookie policy. Learn More
This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more.
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • Home
  • News
    • Security Newswire
    • Technologies
    • Security Blog
    • Newsletter
    • Web Exclusives
  • Columns
    • Career Intelligence
    • Security Talk
    • The Corner Office
    • Leadership & Management
    • Cyber Tactics
    • Overseas and Secure
    • The Risk Matrix
  • Management
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • More
  • Physical
    • Access Management
    • Video Surveillance
    • Identity Management
    • More
  • Cyber
  • Sectors
    • Education: University
    • Hospitals & Medical Centers
    • Critical Infrastructure
    • More
  • Exclusives
    • Security 500 Report
    • Most Influential People in Security
    • Top Guard and Security Officer Companies
    • The Security Leadership Issue
    • Annual Innovations, Technology, & Services Report
  • Events
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
    • Security 500 West
  • Resources
    • The Magazine
      • This Month's Issue
      • Digital Edition
      • Archives
      • Professional Security Canada
    • Videos
      • ISC West 2019
    • Photo Galleries
    • Polls
    • Classifieds & Job Listings
    • White Papers
    • Mobile App
    • Store
    • Sponsor Insights
    • Continuing Education
  • InfoCenters
    • Building AppSec in Enterprises
  • Contact
    • Editorial Guidelines
  • Advertise
Home » Prognostications of a Groundhog ̶ The Year Ahead
Cyber Security NewsCyber TacticsCyberColumns

Prognostications of a Groundhog ̶ The Year Ahead

SEC0219-cyber-Feat-slide1_900px
SEC0219-cyber-slide2_900px
SEC0219-cyber-Feat-slide1_900px
SEC0219-cyber-slide2_900px
February 1, 2019
John McClurg
KEYWORDS cyber risk management / cybersecurity trends / hackers / privacy
Reprints
No Comments

Each year’s ending is replete with predictions of what the year ahead portends. In this practice, the security sector is no stranger. If only our lives were simple enough that the February prognostications of a groundhog would answer it all. Yet, they are not.

When it comes to predicting the future, the philosopher Santayana warned: “Those who cannot remember the past are condemned to repeat it.” Recent events provide sobering examples of that truth. The Apple-FBI dispute was one of the more painful examples we witnessed – a debate the Australians continued. Both instances were advanced with considerable hand-wringing, which might have been avoided if parties involved had let the past inform their efforts.

Digital Rights advocates, including tech giants, share concerns about privacy and the potential impact of “new” powers requested by organizations fighting terrorism and other threats. In 1994, I worked for the FBI when similar laws (Voice-Over-IP) were proposed. Law enforcement and the intelligence community expressed concern that it would undercut their ability to battle threats. Congress, the private sector and the intelligence community came together, creating a solution with no small consternation – that if the legislation were enacted, dire consequences would follow – “Dogs and cats living together!” Nonetheless, we passed the Communications Assistance for Law Enforcement Act, and those terrible things did not happen. Looking ahead, there are admittedly novelties about which the past may be challenged when it comes to informing operational interests.

 

Terrorist Use of Crimeware as a Service

While terrorists have been tormenting us for years, we anticipate more potentially destructive attacks in 2019. Adversaries will leverage new tools to conduct harmful assaults on targeted entities, including attacks on data integrity, essentially killing computers to the point of requiring mandatory hardware replacements, and attacks leveraging new technology for physical assaults such as the recent drone attack in Venezuela. Attack surfaces are growing, which enemies will leverage to their advantage. Organizations must take inventory of their attack landscape, identifying and mitigating potential threats before they are exploited.

 

Leveraging AI-Based Technology to Distinguish Sensitive from Non-Sensitive Data

Currently, parsing through data is a manual process. In 2019, AI-based technology will gain the ability to learn what’s sensitive and automatically classify it. This development will require greater consideration of how to manage and control data.

Companies are also adopting automated penetration testing, allowing pen testers to work on more unique or advanced red teams/pentests. These automated processes allow for control validation, which lowers costs and provides a higher degree of assurance. Companies will need to accommodate automation by further developing their solutions or seeking integrations with automation-focused industry vendors.

 

A Buyers Revolt Spurred by the Rising Cost of Security Controls

As the industry grows, the cost of security controls and the number of breaches grow with it. As this endless cycle continues, the security industry will be assailed by its customers for a growing cost burden that’s not productive. Organizations who do not understand this will face waves of backlash.

 

Increasing Privacy Penalties and Risk Spurred by Biometrics

While some organizations are adopting end-user behavioral analytics, the technologies can be costly and increase privacy risks. Collecting data and processing it on the endpoint leaves it susceptible to attack. In 2019, organizations must adopt continuous authentication to protect crucial identifying information. With this technology, end users’ biometric footprints will determine identity without incurring privacy penalties, risks and costs that traditional biometrics or central-based behavioral analytics face. Yet, AI can be a two-edged sword. Thus, careful and considerate reflection in its deployment, informed by lessons from the past, is – as it has always been – the order of the day.

Subscribe to Security Magazine

Recent Articles by John McClurg

Expense-in-Depth: Total Cost of Controls Reconsidered

"Trust" Revisited: The Birth of Continuous Authentication

AR and VR: How Immersive Technology Is Bringing Cybersecurity Scenarios to Life

How Sense of Privacy Threatens Facial Recognition's Protective Power

The Communications Assistance for Law Enforcement Act: a Lesson from the Past

Headshot_johnmcclurg

John McClurg serves as Sr. Vice President, CISO and Ambassador-At-Large in BlackBerry's/Cylance’s Office of Security & Trust. McClurg previously was CSO at Dell; Vice President of Global Security at Honeywell International, Lucent Technologies/Bell Laboratories; and in the U.S. Intelligence Community, as a twice-decorated member of the Federal Bureau of Investigation.

 

Related Articles

Hazards Ahead: The Dangers of Runaway Technology

Companies are Failing to Get Ahead of the GDPR

You must login or register in order to post a comment.

Report Abusive Comment

Subscribe For Free!
  • Print & Digital Edition Subscriptions
  • Security eNewsletter & Other eNews Alerts
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Popular Stories

cybersecurity breach

The Top 12 Data Breaches of 2019

Mark Hargraves

Security Industry Mourns Passing of Mark Hargraves

ransomware-enews

British American Tobacco Suffers Data Breach and Ransomware Attack

Dispelling the Dangerous Myth of Data Breach Fatigue; cyber security news

Major Retailer Macy's Is Hacked

SEC1219-Cover-Feat-slide1_900px

Contracted vs. In-House Guarding: No Universal Right Answer

SEC2019_Everbridge_1119_360x184customcontent

Events

December 17, 2019

Conducting a Workplace Violence Threat Analysis and Developing a Response Plan

There are few situations a security professional will face that is more serious than a potential workplace violence threat. Every security professional knows and understands that all employers have a legal, ethical and moral duty to take reasonable steps to prevent and respond to threats of violence in their workplace.
January 23, 2020

The Value of a Unified Approach to Critical Event Management

From extreme weather to cyberattacks to workplace violence, every organization will experience at least one, if not multiple, critical events per year. And in today’s interconnected digital and physical world, the cascading safety, brand, and revenue impacts of critical events are more severe. Organizations need to be prepared through a unified and rapid response to these events.
View All Submit An Event

Poll

Emergency Communications

What does your enterprise use to communicate emergencies to company employees?
View Results Poll Archive

Products

Effective Security Management, 6th Edition

Effective Security Management, 6th Edition

 Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics. 

See More Products
SEC500_250x180 clear

Security Magazine

SEC-December-2019-Cover_144px

2019 December

This month, Security magazine brings you the 2019 Guarding Report, featuring David Komendat, Boeing CSO, and many other public safety leaders to discuss threats and solutions for 2020 and security officer training. Also, we highlight Hector Rodriguez, Director of Public Safety and Security at Marymount California University, CCPA regulations, NIST standards, VMS and much more.

View More Create Account
  • More
    • Market Research
    • Custom Content & Marketing Services
    • Security Group
    • Editorial Guidelines
    • Privacy Policy
    • Survey And Sample
  • Want More
    • Subscribe
    • Connect
    • Partners

Copyright ©2019. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing