Ping Identity CTO’s cybersecurity predictions for 2019
Ping Identity has released its annual cybersecurity predictions for 2019.
Among the top five trends in the coming year are a decrease in successful attacks against multi-factor authentication (MFA), a proliferation of zero trust security approaches and a growing emphasis on API security.
“As we usher in 2019, the role of intelligent identity will only grow more critical,” says Ping Identity CTO Bernard Harguindeguy.
“Our borderless world provides unprecedented freedom and convenience but also breeds a whole new set of cybersecurity risks and concerns.
“With this in mind, it’s critical that organisations effectively safeguard their data and applications in the new Zero Trust world that is fast becoming the norm.”
Here are Ping Identity’s top five cybersecurity predictions for 2019:
1. Fewer successful MFA attacks
While MFA attacks increased in 2018 as predicted, the adoption of the W3C’s WebAuthn by major browsers promises a solution when combined with FIDO CTAP authenticators.
These prevent phishing attacks by only allowing authentication requests from sites where they have been previously registered, providing greatly enhanced security.
2. Cryptographic verification of identity
Identity authorities will increasingly use phone-carried credentials (e.g. mobile drivers licenses, national ID cards and passports) to verify identities.
While privacy advocates argue that giving law enforcement access to your mobile phone could result in unwanted disclosure of private information, 14 US states are testing or have already implemented cryptographic identity verification, and China plans to issue a digital version of its national ID card.
3. The death of corporate firewalls and rise of zero trust architectures
As identity becomes the new perimeter, zero trust architectures will replace firewalls and VPNs.
Employee-only applications are already accessible via the open internet.
Security processes that previously required users to be on the corporate network - for example, two-factor authentication registration and password recovery—will follow suit, requiring fresh approaches to authentication and validation of employees and external authorised users.
4. More API-centric breaches and regulations
The API infrastructures responsible for providing easy access to data and applications are attractive targets for hackers and bad actors.
Because traditional enterprise security is woefully inadequate at protecting APIs, attacks can go undetected for months or years.
Where they don’t already exist, API-specific regulations and governance - and corresponding financial penalties - can be expected.
5. Wider adoption of open banking standards
Building on the blueprint of the UK’s Open Banking Standard, other countries will deploy similar open banking standards to spur innovation in their own nations.
In fact, Australia, Japan, New Zealand, Hong Kong and Canada are already working on them.
Meanwhile, banks will race to update their existing IT infrastructures to prepare for these new security and API standards mandates, leading to a scarcity of specialists to tackle these projects.
Industry: Cyber Security News
- CONTRACT SIEM Cyber Security Operations Engineer. REMOTE OUTSIDE IR35
- United Kingdom
REFCH8165 CONTRACT SIEM Cyber Security Operations Engineer. REMOTE UK SIEM Engineer. 6 month Contract. OUTSIDE IR35 Working towards a "SOC 2" environment. CLOUD (AWS) experience essential. Three key functions; Monitor, Escalate and Triage incidents. Vulnerability Management / threat intel. SIEM configuration / management, review, enhancement More specifically; Work with internal teams to identify assets. Identity applicable threat feeds and work with internal teams to remediate. Patch Patch Patch. (Help mature process / identify gaps) Configuration / fine tuning of SIEM alerts. Create dashboards, Compliance reporting. Log ingestion. Experience across ISO27001 / SOC2 / SIEM / End Point Security is essential Contact me today for more information Chris.Holt@dclsearch.com Or 07884666351
- Cyber Security Operations Engineer. REMOTE UK. SOC2
- United Kingdom
REF8164 Cyber Security Operations Engineer. REMOTE UK Internal opportunity. New position. Exclusive to DCL Search. You will be the hands on technical eyes and ears of the Cyber security capability actively working to ensure and enhance the adherence to ISO27001 and "SOC 2" controls. You role will touch on the following · Security Monitoring- SIEM · Vulnerability Management / Testing · Incident Management · Asset management · Disaster Recovery planning · Change Management AWS Cloud experience is essential as is the ability to ensure patch management is prioritised across the business. Any CLOUD SIEM experience highly desirable. Contact me today for more information Chris.Holt@dclsearch.com Or 07884666351
- Lead Security Architect
- United Kingdom
Engage with key clients in an Architectural / technical presales capacity. Including Stakeholders, end users / partners. Working on new and existing Security projects to confirm that proposed solutions are fit for purpose from both a technical and regulatory capacity. Working closely with multiple vendor . Managed security service background ideal CLOUD Security (AZURE OR AWS), IDAM background ideal.
- Threat Vulnerability Management Analyst
- United Kingdom
To monitor, identify and alert internal teams of cyber threats and vulnerabilities. MIRE Att&ck, CIS, OWASP, Vulnerability management tools MUST be able to commute to central London MUST be able to achieve UK SC Clearance. On going support and development.