Ping Identity CTO’s cybersecurity predictions for 2019
Ping Identity has released its annual cybersecurity predictions for 2019.
Among the top five trends in the coming year are a decrease in successful attacks against multi-factor authentication (MFA), a proliferation of zero trust security approaches and a growing emphasis on API security.
“As we usher in 2019, the role of intelligent identity will only grow more critical,” says Ping Identity CTO Bernard Harguindeguy.
“Our borderless world provides unprecedented freedom and convenience but also breeds a whole new set of cybersecurity risks and concerns.
“With this in mind, it’s critical that organisations effectively safeguard their data and applications in the new Zero Trust world that is fast becoming the norm.”
Here are Ping Identity’s top five cybersecurity predictions for 2019:
1. Fewer successful MFA attacks
While MFA attacks increased in 2018 as predicted, the adoption of the W3C’s WebAuthn by major browsers promises a solution when combined with FIDO CTAP authenticators.
These prevent phishing attacks by only allowing authentication requests from sites where they have been previously registered, providing greatly enhanced security.
2. Cryptographic verification of identity
Identity authorities will increasingly use phone-carried credentials (e.g. mobile drivers licenses, national ID cards and passports) to verify identities.
While privacy advocates argue that giving law enforcement access to your mobile phone could result in unwanted disclosure of private information, 14 US states are testing or have already implemented cryptographic identity verification, and China plans to issue a digital version of its national ID card.
3. The death of corporate firewalls and rise of zero trust architectures
As identity becomes the new perimeter, zero trust architectures will replace firewalls and VPNs.
Employee-only applications are already accessible via the open internet.
Security processes that previously required users to be on the corporate network - for example, two-factor authentication registration and password recovery—will follow suit, requiring fresh approaches to authentication and validation of employees and external authorised users.
4. More API-centric breaches and regulations
The API infrastructures responsible for providing easy access to data and applications are attractive targets for hackers and bad actors.
Because traditional enterprise security is woefully inadequate at protecting APIs, attacks can go undetected for months or years.
Where they don’t already exist, API-specific regulations and governance - and corresponding financial penalties - can be expected.
5. Wider adoption of open banking standards
Building on the blueprint of the UK’s Open Banking Standard, other countries will deploy similar open banking standards to spur innovation in their own nations.
In fact, Australia, Japan, New Zealand, Hong Kong and Canada are already working on them.
Meanwhile, banks will race to update their existing IT infrastructures to prepare for these new security and API standards mandates, leading to a scarcity of specialists to tackle these projects.
Industry: Cyber Security News
- SailPoint File Access Manager Consultant/ Architect
- discussed on applications
SailPoint File Access Manager (SailPoint FAM) Consultant/ Architect is required for an up coming projects, Ideally looking for someone with experience in Designing and deploying SailPoint FAM , this is a new Deployment, you will work with customer in the initial workshop phase, to understand requirements and to get the initial design, you will then be responsible for deploying the solution. This is a home based role, with some onsite visits required during the length of the project. We are looking for someone who has previous experience in Deploying SailPoint FAM (ideally done design work) Need to have experience with SharePoint and ideally Azure and Share file
- Outside IR35 Contract- SC / DV - Cloud / VMware Solution Architect
- Outside IR35
Solution Architect Contract - with active Security Clearance needed for Outside IR35 Contract London. SC / DV (must be willing to undergo DV) 6 month rolling Immediate Experience delivering technical Security Architecture design / assurance of security design. Specific experience with Cloud and VMWARE technologies Cross domain experience desirable HLD / LLD Current SC Clearance a must. London 3 days a week Immediately interviewing.
- Contract Night Shift Senior SOC Analyst | Microsoft Defender | Outside IR35
- United Kingdom
- Outside IR35
Contract Night Shift Senior SOC Analyst | Microsoft Defender / Sentinel | Outside IR35 Looking for an experienced SOC analyst to cover a night shift SOC operation. Level 2 technical Analyst. You must have current hands on technical experience with Microsoft defender / Sentinel within a customer facing SOC environment. This is a UK based position.
- DV Cleared CyberArk Consultant- Contract
- City of London
- Upto £700 per day
CyberArk Consultant is needed to be responsible for leading the deployment of CyberArk solutions for this Secure government site You will work with customer, helping to create CyberArk Strategic Roadmaps, on-boarding accounts, product and process integration into the CyberArk Solution and Proviso of Installation and technical Documentation. We are looking for this individual to have experience in: In CyberArk deployment, and ideally leady the deployment both strategically and also technically for this project we need the consultant to hold current DV cleared status For the right individual this could be a long term project.