The increasing sophistication and volume of cybersecurity threats and attackers, rapid technology changes, the continued move to automated and cloud-based services and changing data privacy regulations are just a few factors that have propelled companies’ to increase their focus on cybersecurity and information protection. In 2019, it is important that organizations remain informed about emerging threats and ways to mitigate them.
“It is critical organizations transition their approach to cybersecurity from strictly risk management to more of a focus on business innovation and growth,” said Tony Buffomante, U.S. Leader for Cyber Security Services at KPMG LLP. “Companies should seize opportunities to transform their security, privacy and continuity controls in order to grow their businesses.”
In this new report, “What’s next: Key cyber security considerations for 2019,” KPMG has identified six key areas to top companies’ cybersecurity agendas amid the evolving threat landscape.
1. Addressing the cyber security skills shortage
The lack of seasoned cybersecurity professionals, combined with tightening budgets, highlights the importance of automation. Organizations should consider automating some of the repetitive aspects of collecting and analyzing data about intruder activity. This will help to re-prioritize where cyber professionals are focusing on efforts. Companies should also focus on recruiting new talent out of college and developing bespoke training programs to build the next generation of cyber professionals.
2. Fight artificial intelligence with artificial intelligence
Cyber attackers are increasingly likely to employ artificial intelligence (AI), using deep learning and machine learning to make malware and targeted attacks more effective and harder to detect. Organizations should also use these tools to help identify security incidents and assess vulnerabilities across the system.
3. Sustainable data privacy compliance
Companies should move beyond compliance to ensure data privacy processes are a component of business models. A framework of best practices should be woven into the organization’s culture and procedures allowing for flexibility to adapt to new regulations such as the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act of 2018 and evolving regulations such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
4. Fraud and cyber risk intersect
Organizations, financial institutions, in particular, should focus on the reduction of fraudulent activity, as they look to make the customer experience more secure and personalized. In 2019 and beyond, fraud and cyber should command equal attention from a security perspective and new and enhanced strategies for collecting and using client data should be developed.
5. Identity and access management – From security tool to business driver
Identity and access management is evolving from a security tool to a business enabler as companies seek to use technologies, such as advanced authentication and identity proofing, to provide a secure customer-centric digital experience that can be personalized across multiple channels and devices.
6. Phishing – A return to old school attack methods
Phishing, the practice of posing as a legitimate institution via email to lure individuals into providing sensitive data, is among the older attack methods but remains difficult to defend. Attackers are returning to a more archaic method of infiltration as some organizations shift their defense focus towards newer methods of attack such as malware. To pivot against constantly changing methods of attack, organizations should move towards a broader, managed cyber response posture.