The cyber-risk landscape is constantly facing new threats like botnets and cryptocurrency mining hacks.
Understanding IT security trends is not only important for tackling these new security challenges as they crop up; it’s vital for appropriating sufficient funds to your cybersecurity budget in 2019.
Our research suggests that more companies are investing in security technology solutions to protect their businesses against cyberattacks. Cybercrimes, such as targeted ransomware attacks, spear phishing, and crypto jacking, are expected to increase in 2019, costing businesses billions of dollars in lost revenue, ransom payments, and damage control.
To minimize data breach costs and grow the trust of their customers and business partners, small businesses must understand how the threat landscape, data protection technologies, and security-related regulations are changing.
In 2019, we expect to see IoT risks become more pronounced, investments in cloud data protection and active threat detection technologies to increase, and security to grow in importance as a business function.
In this article, we’ll discuss four IT security trends that small businesses must be cognizant of and the steps they must take to prepare their organizations.
Investment in cloud data protection technologies will increase substantially
IoT security challenges will continue to grow through 2019 and 2020
More small businesses will invest in active security measures that help detect threats
Increased weight to security posture when shortlisting business partners and M&A targets
In 2019, small businesses will invest more in securing cloud data using encryption, data loss prevention, authorization, and other similar technologies. Many small businesses will partner with trusted, reliable third-party providers for managing customer data because of their own limited data security expertise.
According to the Gartner report “Predicts 2018: Security Solutions” (full content available to clients), by 2020 more than 60 percent of businesses will invest in multiple data security tools, up from 35 percent in 2017.
Our survey of small and midsize businesses (SMBs) also indicates that 47 percent of small businesses are budgeting for data protection technologies in 2019.
Stricter implementation of data protection rules. New regulations, such as the GDPR and California Data Privacy Law, as well as the fear of huge fines expected to be levied on defaulters, will force many small businesses to invest in data protection tools. These new regulations provide customers with more direct control over how their data is collected, stored, and used. This will force businesses to invest in the necessary data protection technologies to avoid noncompliance.
Majority of data stored in cloud. With most small businesses storing their data on the cloud, securing cloud infrastructure and services will also be critical to ensuring data security. Sixty-two percent of small businesses store customers' financial data in the cloud, while 54 percent store key medical records on the cloud, often without adequate security controls.
Adopt data protection technologies. Small businesses must ensure that confidential data stored in the cloud is well-protected using a variety of technologies such as encryption (both at rest and while in transit), multifactor authentication , and access controls . Small businesses using cloud services should also look at investing in cloud access security brokers ( CASBs ) to improve security of data stored in the cloud.
Have a data backup and recovery plan. Small businesses must not overlook the importance of backing up data regularly. Continuous data backup tools help you store and retrieve your work when needed. You must also invest in disaster recovery and business continuity tools that help you resume work on your backed up data in case of any disasters or natural calamities.
Prepare for regulatory developments in advance. Data protection regulations are continuously evolving with new rules added and the existing ones amended. You must prepare your business to comply with these regulations before the deadline. For example, the California Consumer Privacy Act will go into effect at the start of 2020. You need to understand now whether it applies to you and prepare your business to take necessary steps (such as the ability to delete customer data when requested) to ensure compliance and avoid penalties.
Rapid proliferation of (unprotected) IoT devices. Gartner estimates that more than 20 billion IoT devices will be connected to the internet by 2020. Small businesses connect many unprotected physical objects to their IT networks such as smart locks, smart lighting, HVAC systems, barcode readers, security cameras, and more. This poses serious security risks, especially related to hijacked IoT devices that are used to spread malware or create massive distributed denial of service (DDoS) attacks. Yet, 54 percent of users have no security measures (e.g., passwords or encryption) added to their IoT devices.
Improvements in IoT security capabilities. Many software vendors are adding advanced features such as analytics and artificial intelligence (AI) to IoT security technologies. They are also including security capabilities to IoT devices while designing or manufacturing them. Other technologies such as network protection, authentication, patch management, and system development mechanisms needed to address IoT security issues are also being improved to meet the emerging security challenges.
Prepare an IoT security plan. Assess your IoT network and prepare a plan or strategy for securing your IoT systems. You must take into account technology solutions such as smart firewalls and authentication systems as well as standard procedures/processes for installation of connected devices. Shortlist IoT security software vendors that offer solutions that are suitable now, along with upgrade/update plans as their solution evolves.
Incorporate security in the IoT design and implementation phase. IoT devices come in different shapes and sizes and often are difficult to identify because they can be any physical device. You may not think of the fact that a toaster or a lightbulb can pose security risks to your network. Therefore, when planning to install IoT devices, discuss their security features with experts and make necessary provisions such as adding a firewall or anti-malware software right at the stage of design and implementation.
Use software solutions to secure your existing IoT devices. Small businesses must consider using existing security technologies such as advanced antivirus solutions , smart firewalls, privileged access controls , and anti-malware on connected devices. They may also look at investing in IoT security technology solutions with features like device discovery and brute force prevention to secure their IoT and other endpoint devices.
"Prevention is better than cure" will be the motto when it comes to security incidents in 2019. Small businesses will invest in active security technologies such as threat detection to respond and mitigate risks in the early stages.
Small businesses with limited IT staff will look at partnering with third-party managed detection and response (MDR) providers that analyze network data to detect anomalies and help respond to threats.
Passive security is the starting point for your security structure and involve the use of technologies such as antivirus, anti-spam, and firewalls to monitor and control the usage of your applications and network.Active security, on the other hand, detects anomalies in your IT system and responds and prevents cyberattacks before they become full-fledged. It also includes the involvement of expert security professionals who gather intelligence to prevent future attacks by putting adequate defense mechanisms at vulnerable points.
The need to ward off threats before they cause a breach. The average cost of a data breach for a small business in North America is $117,000. Such high costs can put many small businesses out of business. Small businesses are increasingly adopting active security measures including threat detection services and technologies to reduce the number of security incidents.
Growth of threat detection software market. According to Marketsandmarkets , the market for threat detection systems is expected to grow from $48 billion in 2015 to $119 billion by 2022. Gartner expects investments in threat detection and response capabilities to be a key priority of buyers through 2020."The shift to detection and response approaches spans people, process and technology elements and will drive a majority of security market growth over the next five years."- Sid Deshpande, principal research analyst, Gartner