Kristina: What’s on the horizon in tech and innovation that businesses should be ready for in 2019?
Maxim Frolov, Managing Director, Kaspersky Labs North America: Cyberattacks are becoming more and more complex implying financial, reputational and legal impact on the affected organizations. Now that digital transformation is at stake, and the average cost of a breach is constantly growing, businesses will need a comprehensive approach to fighting advanced threats.
In addition, small and medium sized businesses continue to embrace the cloud and they will require cloud-friendly solutions and services that provide protection without overheads, complexity and extra administration.
Kristina: Supply chain attacks on businesses were a widely discussed threat in 2018. Will this remain a key issue for enterprises this year?
Maxim: In 2019, supply chain attacks on businesses will remain a major concern for corporate cyber protection. In the last couple of years, we saw a number of supply chain attacks such as AppleJeus, Olympic Destroyer, ShadowPad, and ExPetr. In these cases, businesses that were not the most interesting target for sophisticated threat actors were still affected in the attacks aimed at larger prizes.
While both software and hardware supply chain attacks are already a reality, we believe to see more of them in the future — and organizations will need to come up with new approaches, including more strict requirements for service providers, hardware and software makers to reduce the risks.
Kristina: Cryptocurrency was another hot topic in tech last year. How will increased interest in cryptocurrency affect the cyber-threat landscape for 2019?
Maxim: Cybercriminals and fraudsters are keen on attacking new and developing technologies and cryptocurrencies are no exception: according to our estimates, they gained $10 million in Ethereum only through social engineering tricks in the last year.
For responsible players in the crypto market, cybersecurity will not only become a way to protect their business and customers, but it will also be a strong differentiator in the industry flooded by fake projects and schemes. We are working to provide our services and solutions for the industry and we’re already working on a few projects in that direction – our most recent case being a cybersecurity audit of the cryptocurrency exchange Merkeleon.
Kristina: What changes will business make to their cybersecurity strategies in the upcoming year?
Maxim: Businesses, especially small to medium ones, will be moving towards managed security services. Cyberattacks rising in quantity and complexity, growing regulations and digital transformation trends are forcing businesses to invest in cybersecurity: according to our global survey of CISOs, 56% expect their IT security budgets to grow in the next years.
However, organizations, especially SMBs are experiencing a lack of talent (62% of CISOs admit that) and may find it difficult to keep their in-house IT security stuff motivated and trained. Besides, they would want a clear SLA and also would prefer to move their IT security expenses from CapEx to OpEx which is easier for business.
This all will drive further demand for managed security services. According to Gartner, the MSS market already grew 9.5% in 2017, reaching $10.3 billion in revenue. Services (including managed) will represent at least 50 percent of security software delivery by 2020.
Kristina: What are some of the biggest cybersecurity mistakes that CISOs learned from in 2018?
Maxim: Last year alone saw a few cases when massive breaches went worse because of how incident response was handled, especially the communication part of it. Examples of Equifax and Uber are still fresh in the memory.
Our global survey of CISOs showed that IT security leaders now consider reputational damage of a breach as the most critical one: even more critical than the direct financial impact. This is not surprising considering that reputational losses may lead to even greater financial loses in the end, not reduced to stolen money or worth of the data lost.
Such attention to reputational aspects of the breaches will continue and will drive demand for expertise how to establish the right processes of building communications after a breach.
Kristina: What changes will we see in the way consumers approach cybersecurity this year?
Maxim: Recent reports in the media on privacy concerns about Facebook, Google and other tech companies’ approaches to handling personal information show the growing attention and importance of the topic. We expect that privacy will become the key factor in the consumer market and there will be a growing demand for solutions and services protecting personal data.