sb-nz logo
Story image

Ping Identity CTO’s cybersecurity predictions for 2019

22 Jan 2019

Ping Identity has released its annual cybersecurity predictions for 2019.

Among the top five trends in the coming year are a decrease in successful attacks against multi-factor authentication (MFA), a proliferation of zero trust security approaches and a growing emphasis on API security.  “As we usher in 2019, the role of intelligent identity will only grow more critical,” says Ping Identity CTO Bernard Harguindeguy.

“Our borderless world provides unprecedented freedom and convenience but also breeds a whole new set of cybersecurity risks and concerns.

“With this in mind, it’s critical that organisations effectively safeguard their data and applications in the new Zero Trust world that is fast becoming the norm.”  

Here are Ping Identity’s top five cybersecurity predictions for 2019:

1. Fewer successful MFA attacks

While MFA attacks increased in 2018 as predicted, the adoption of the W3C’s WebAuthn by major browsers promises a solution when combined with FIDO CTAP authenticators.

These prevent phishing attacks by only allowing authentication requests from sites where they have been previously registered, providing greatly enhanced security.

2. Cryptographic verification of identity

Identity authorities will increasingly use phone-carried credentials (e.g. mobile drivers licenses, national ID cards and passports) to verify identities.

While privacy advocates argue that giving law enforcement access to your mobile phone could result in unwanted disclosure of private information, 14 US states are testing or have already implemented cryptographic identity verification, and China plans to issue a digital version of its national ID card.

3. The death of corporate firewalls and rise of zero trust architectures

As identity becomes the new perimeter, zero trust architectures will replace firewalls and VPNs.

Employee-only applications are already accessible via the open internet.

Security processes that previously required users to be on the corporate network - for example, two-factor authentication registration and password recovery—will follow suit, requiring fresh approaches to authentication and validation of employees and external authorised users.  

4. More API-centric breaches and regulations

The API infrastructures responsible for providing easy access to data and applications are attractive targets for hackers and bad actors.

Because traditional enterprise security is woefully inadequate at protecting APIs, attacks can go undetected for months or years.

Where they don’t already exist, API-specific regulations and governance - and corresponding financial penalties - can be expected.

5. Wider adoption of open banking standards

Building on the blueprint of the UK’s Open Banking Standard, other countries will deploy similar open banking standards to spur innovation in their own nations.

In fact, Australia, Japan, New Zealand, Hong Kong and Canada are already working on them.

Meanwhile, banks will race to update their existing IT infrastructures to prepare for these new security and API standards mandates, leading to a scarcity of specialists to tackle these projects. 

Story image
Remote staff overestimating knowledge of cybersecurity basics
‘Unconscious incompetence’ is one of the most difficult issues to identify and solve with security awareness training.More
Link image
How to better protect your organisation's most valuable asset - its data.
Data resilience strategies are becoming increasingly critical in relation to the skyrocketing value of data and the proliferation of malicious entities wishing to steal it.More
Link image
Webinar: Best practices for keeping your video chats secure
Video collaboration providers nowadays operate exclusively on a multi-tenant, public cloud - and security and privacy concerns have come into the spotlight. Here's how to secure your communications.More
Story image
The guide to digital security in unstable times
An increase in vulnerability across different sectors has meant that 2020 has seen more than its fair share of cybersecurity incidents. One of the most effective ways to combat the perils of today’s cyber-threats is to gain a better knowledge of the threat vectors looming over the heads of organisations. More
Story image
5 ways to use data science to predict security issues - Forcepoint
Data science enables people to respond to problems in a better way, and to also understand those problems in a way that would not have been possible 50 years ago.More
Story image
Fortinet’s ‘zero trust’ approach redefining security
Cornelius Mare, Fortinet A/NZ Director, Security Solutions, explains why taking a ‘zero trust network access’ approach to cybersecurity requires fully-integrated and comprehensive security services and policies.More