Bots try to break the internet, and other trends for 2019

Jay Coley, Senior Director of Security Planning and Strategy at Akamai Technologies

Staying one step ahead of cybercriminals is crucial when it comes to protecting company and customer data. But this is only possible if you have a good hold on short and long-term cybersecurity trends.

So, what does 2019 have in store? Smarter bots, complex clouds, IoT risks and data regulations will all dominate boardroom conversations. Here’s a summary of the trends that I think will make the year ahead as turbulent as the one just passed:

Cyber-attacks will grow – and go slow

Organisations will see an increase in cyberattacks but these will be “low and slow”, rather than “noisy” incidents such as DDoS attacks. Launched by botnets, “low and slow” attacks aim to remain under the radar for as long as possible, to steal as much data as they can. Often these take the form of credential stuffing attacks, where stolen credentials are used to access associated accounts and steal further personal data such as addresses and payment details. To protect themselves, businesses will need to adopt bot management solutions, which identify, categorise and respond to different bot types. The technology uses behaviour-based bot detection and continuous threat analysis to distinguish people from bots.

Bots will overtake human web traffic

As bots become more sophisticated, more than 50% of web traffic will come from bots. Already, Akamai has found that 43% of all login attempts come from malicious botnets – and this is set to increase as credential stuffing and “low and slow” attacks grow in popularity. More sophisticated bots will become capable of accurately mimicking human behaviour online – making it harder for bot solutions to detect and block their activities. Effective bot management tools are crucial for addressing this threat. They are able to use contextual information, such as IP addresses and past user behaviour data (neuromuscular interaction), to determine whether a visitor is a bot or human and respond accordingly.

Multi-cloud strategies will complicate security management across platforms

Businesses adopting multi-cloud strategies will face increasingly complex challenges to ensure that security is consistently, and effectively, deployed across them all. With Gartner predicting that multi-cloud will be the most common cloud strategy next year, organisations that have successfully secured one cloud will need to replicate this across all their cloud portfolio to ensure that vulnerabilities are patched and nothing slips through the cracks. With many businesses already experiencing ‘leaks’ or breaches of their single-vendor solutions, we expect companies to seek out cloud-agnostic security solutions to simplify deployment and management across the enterprise.

Consumers will continue to put convenience ahead of security

Even though awareness of the insecurity of IoT devices is growing, millions of consumers will continue to ignore the risks, purchasing and using devices that lack comprehensive security solutions – from fitness trackers to smart-home appliances. This could swell the armies of bots, which are already being used to target enterprises. It’s predicted that by 2020 more than 25% of identified enterprise attacks will involve the Internet of Things (IoT), though IoT will account for only 10% of IT security budgets. While some governments have begun to introduce security standards for connected devices, the industry is still a long way from adequately securing its devices.

Asian markets will follow cybersecurity suit

Following the launch of GDPR last May, as well as PSD2 (revised Payment Services Directive) and wider security reform, the European Union has been a leader in advocating for stronger cyber regulations and this is likely to continue. Some Asian countries have already started to follow suit, implementing their own regulations, and we expect their number to grow in 2019. As countries such as China flex their muscles as digital rivals to the West, issues around data regulation and protection are climbing government agendas. Notably, some Asian countries have resisted data regulations in the past, but high-profile breaches are encouraging a more proactive approach to data regulations.

Cybersecurity will be replaced by cyber resilience

In 2019, smart organisations will stop thinking of cyber security as a separate function of the IT department, and instead adopt it as a posture throughout the entire business. Known as “cyber resilience”, this concept brings the areas of information security, business continuity and resilience together and intends to make systems secure by design, rather than as an afterthought. This helps organisations focus on their ability to continuously deliver business operations in spite of any cyber-attacks or incidents.

Zero Trust will march towards killing off corporate VPNs

For years, virtual private networks (VPNs) have been the mainstay of remote, authenticated access.  However, as applications move to the cloud, threat landscapes expand, and access requirements diversify; the all-or-nothing approach to security needs to change. Zero Trust, where each application is containerised and requires separate authentication, is stepping in to provide security fit for the 21st Century. In 2019, companies will increasingly turn to a cloud framework for adaptive application access based on identity and cloud-based protection against phishing, malware and ransomware, helping to improve the user experience and sounding the death knell for VPNs

Blockchain technology will move from cryptocurrencies to mainstream payments

Today, most people associate blockchain with cryptocurrencies and the less-legitimate end of online payments.  However, in 2019, blockchain-based payment networks will properly make it into the mainstream as they enable next-generation payment transactions to evolve rapidly. The inherent security built into blockchain can streamline the online payments process, reducing friction, increasing speed and improving the user experience. In the coming year, we expect to see more and more blockchain-powered payment platforms, with high scalability and speed, being adopted by brand-name banks and consumer finance companies.