Here are the top predictions for Middle East cybersecurity in 2019

In 2018, organizations in the Middle East invested heavily in multiple solutions to build and strengthen their cyber defenses. This trend will continue in 2019 as well, as organizations steadily increase their cybersecurity investments.

In view of this, Ray Kafity, vice president, Middle East, Turkey & Africa at Attivo Networks, shares his predictions on top cybersecurity concerns and the kinds of threats that will put these investments to test.

1) IoT Security and Regulation

Internet of Things (IoT) will continue its rapid expansion with over 50 percent of businesses incorporating IoT into their operations in 2019 for economic advantages, market competitiveness, and differentiation. IoT-enabled device innovation will continue to outpace the security built into those devices and Federal government regulation will continue to fall short in defining the laws and fines required to affect change.

2) Breach Disclosure and Risk Profiles

Many organizations struggle with the lack of clarity of breach disclosure definitions and expectations. States that create notification laws that include defined processes will help organizations be better prepared and compliant to disclosure strategies in the event of a breach.

Going forward, organizations will be expected to fully understand how widespread the attack was, how deeply the attacker penetrated, and how to set the right controls in place to prevent their return.

Companies will need to start looking at security differently, moving beyond IT risk management and into digital risk management. It’s no longer just about protecting a particular asset, server, or endpoint; it’s about protecting the entire business and maintaining a competitive advantage.

3) Dwell Time and Detection

Dwell time—the time an attacker remains undetected within the network—currently averages globally more than 100 days.

In 2019, an increasing number of enterprises will revise their security strategies to assume that their perimeter will regularly be penetrated. This will cause a shift in strategy to focus on the time to detection as a key performance metrics. 

There will also be increased investment in tools that will test the reliability of security controls and that are designed to pick up policy violations or misconfigurations that create windows of opportunity for attackers.

4) Suppliers and Third-Party Contractors as a Growing Vulnerability

There were a record number of breaches in 2018 that were driven by suppliers and contractors. To fix this issue, an increased focused on certifications and compliance with suppliers for their services is needed. As attackers continue to exploit vulnerabilities within these third-party organizations, companies will need to take measures to certify and verify them and to prove they can be trusted.

5) Cloud & Shared Security Models

Cloud will become an increased target in 2019 as adoption grows and attackers increasingly exploit weaknesses in shared security models. Cloud providers will protect the infrastructure platform with an increased awareness of hardware-based attacks; however the lack of understanding about how best to secure data in and access to the cloud will leave room for errors and misconfigurations.

Adoption of technologies like Cloud Access Security Brokers (CASB) and deception will grow significantly as organizations seek new security controls designed to address these challenges.

6) Mindshift in Approach to Security

In 2019, defenders must able to think and operate like an attacker by understanding the attack paths and methods that will be used to exploit them. Companies will need to recognize that they cannot be passive and that defense should not begin after an attack has begun. Strategic thinking will shift to that of an “active defense”, which will include gaining better understand of one’s adversary and being able to create pre-emptive measures that empower security teams to outmaneuver and derail their attackers.

7) Automation

In 2019, an increased focus on internal and external information sharing, along with better incorporation of communication plans that include community notifications of advanced threat activity, will be needed. In order to better automate information sharing, there will be an increased focus on the quality and reliability of threat intelligence that will provide the confidence in alerts that has been previously missing.