3 enterprise cybersecurity trends CISOs must pay attention to

With the CISO at the table, organizations must focus on products, processes, and people to stay secure, according to the executive director of the National Cyber Security Alliance.

How to solve the human challenges of cybersecurity

With more than 600 cybersecurity data breaches in 2018 alone, enterprises must be prepared to prevent and mitigate coming attacks, according to Kelvin Coleman, executive director of the National Cyber Security Alliance (NCSA), a nonprofit public-private partnership promoting cybersecurity and privacy education and awareness.

Coleman, a former cybersecurity director for the US Department of Homeland Security and the White House National Security Council, has spent his career trying to peer around the corner when it comes to technology, he said. He breaks technology down into three parts: Products, processes, and people.

While products and processes can always be improved, the people element tends to be more difficult, Coleman said.

SEE: Security awareness and training policy (Tech Pro Research)

It's no secret that cybersecurity should be taken seriously, said Daniel Elliott, director of small business programs at NCSA, which means the CISO should have a seat at the table for all business decisions.

"Part of that equation, in addition to using big data and insights to inform training and awareness, is to elevate the role of the CISO within the enterprise, and include them in the overall leadership of the organization," he added.

Here are three trends that will impact enterprise cybersecurity in 2019 and beyond, according to Coleman.

1. Rise of Gen Z

As many members of Generation Z enter the workforce, "none of them have ever lived in this world without their smartphone or their computers," Coleman said. "This is going to have a significant impact on the enterprise this year, and how technology is evaluated and deployed within different generations."

The rise of Gen Z in the workplace will also impact how companies use technology for fortification, defense, training, development, sales, operations, and most other parts of the enterprise, Coleman said.

The cybersecurity workforce will also slowly begin to skew younger, Coleman predicted, due to the number of open jobs available, and the number of universities beginning to add coursework in this area. "We know it's only going to grow from here," he added.

SEE: Incident response policy (Tech Pro Research)

2. Evolving phishing schemes

Phishing may be an old threat, but it remains one of the most successful means of attack, Coleman said. "With phishing, we know the adversary is going to continue to evolve to use phishing as a way to literally lure people to download the viruses or malware," he added. Fighting phishing means adequately training employees not to click links or download files that look suspicious, Coleman said.

These attacks are often effective because they rely on human behavior, rather than a vulnerability in a system, Coleman said.

3. Increased focus on employee education

Businesses must increase their focus on providing employee education around cybersecurity--however, there is no one-size-fits-all method, Coleman said.

"There are a lot of really great, innovative businesses out there using technology to catch the bad behaviors and then deploying either just-in-time education or sending that feedback back to the organization so they can then provide valuable insights back to leadership to design some programs," he added.

While it's important for CISOs to keep an eye on emerging technologies and threats, hackers will figure out a way to leverage those to meet their own interests, Elliot said. "But when it comes to securing the enterprise, a lot of it also comes down to not getting caught up in the new technologies so much that we forget the basics of cybersecurity--the two-factor authentication and encryption and segmenting networks," he added. "All those things are so important to organizations."

Also see

Image: iStockphoto/gorodenkoff