Predictions for 2019: Cybersecurity skills shortages are getting worse

Where will this year’s big cyber security storm come from? What issues are currently keeping information security managers awake at night?

December and January is the time when commentators, software vendors and industry insiders tell us what they think is going to happen over the next 12 months. We’ve had time to digest all of this - and here’s our take on this year’s predictions…

Business as usual? 3 initial thoughts...

Overview

No-one is predicting a cybersecurity apocalypse this year. In many respects, it looks like business as usual for 2019, with threat actors expected to continue to hone their targets. We can also expect a steady flow of stories of hackers making further inroads in emerging areas (malware targeted at connected household devices, for instance).

Threat actors big and small

Predictably, many commentators focus on the likely growth of state sponsored threats. Meanwhile though, some (e.g. Kaspersky) are careful to remind us that with just a little bit of know-how, a few dollars and access to the dark web, virtually anyone can get tooled up to do some serious damage. (We write this as “the motherlode of all data breaches” - a cache of 773 million email addresses and 21 million passwords has just come to light). 

'Cat and mouse': who's winning?

In its annual survey, The World Economic Forum (WEF) asks business execs across the globe to list their most significant risks. At the end of last year, for the first time, business leaders in ALL regions cited cyber attacks as the biggest risk they face.

Just how well-equipped are businesses to address this risk? It’s often said that security managers are constantly locked in a game of cat and mouse with threat actors. To play the game and to continue keep their assets safe, businesses need the right skills and resources.

Several commentators (e.g. FireEye, Infosecurity and ESG) make the point that plugging the massive deficit in qualified cybersecurity talent will be one of the biggest worries for business leaders this year. It’s essential for staying on top of the game.

Some more top trends...

State sponsored attacks: going beyond the 'usual suspects'

Where a cyber attack is linked to state collusion, it’s usually one of a handful of countries (Russia, China and North Korea) who are most often in the frame. Yet US intelligence chiefs have previously stated that more than 30 countries are developing attack capabilities. FireEye predicts more countries getting in on the act this year - as lots more state-backed agencies ‘tool up’.   

IoT: It's still wild west territory

Will this be the year when you are scammed by your fridge? Most analysts believe the onward march of IoT technology will continue. What’s worrying is that much of this tech, in its current state, is not secure (particularly in relation to unverified payments). Don’t be surprised to see instances of these vulnerabilities being exploited in 2019.

Compliance: the public fights back

I believe that 2019 will be a year of public retaliation. In post-GDPR Europe, for instance, consumers are now much more aware of the rights they have over their data - and how to enforce those rights. One commentator dubbed 2019 “The year of the GDPR fine”. The threat of fines, compensation payouts and customers walking away will shape the data privacy landscape more than ever.

2019: a year for thinking smart on skilling up

Orginisations could be hit by ransomware, a DDoS attack, be the target of a spear phishing scam - or simply have a case of neglect on the backup front. Business chiefs don’t know exactly where or how they’re going to be hit this year - but the list of threats is getting longer.

But what’s really keeping them awake at night is their ability to deal with whatever comes their way. According to ESG, 53% of IT professionals across the globe are struggling with a problematic shortage of cybersecurity skills. And the problem is getting bigger.

So here’s a New Year’s Resolution worth serious thought: if you have been meaning to upskill in cyber security but have never quite got round to it, now is definitely the time to take the next step.

Credit: Nathan House