With more than 600 cybersecurity data breaches in 2018 alone, enterprises must be prepared to prevent and mitigate coming attacks, according to Kelvin Coleman, executive director of the National Cyber Security Alliance (NCSA), a nonprofit public-private partnership promoting cybersecurity and privacy education and awareness.
Coleman, a former cybersecurity director for the US Department of Homeland Security and the White House National Security Council, has spent his career trying to peer around the corner when it comes to technology, he said. He breaks technology down into three parts: Products, processes, and people.
While products and processes can always be improved, the people element tends to be more difficult, Coleman said.
SEE: Security awareness and training policy (Tech Pro Research)
It's no secret that cybersecurity should be taken seriously, said Daniel Elliott, director of small business programs at NCSA, which means the CISO should have a seat at the table for all business decisions.
"Part of that equation, in addition to using big data and insights to inform training and awareness, is to elevate the role of the CISO within the enterprise, and include them in the overall leadership of the organization," he added.
Here are three trends that will impact enterprise cybersecurity in 2019 and beyond, according to Coleman.
1. Rise of Gen Z
As many members of Generation Z enter the workforce, "none of them have ever lived in this world without their smartphone or their computers," Coleman said. "This is going to have a significant impact on the enterprise this year, and how technology is evaluated and deployed within different generations."
The rise of Gen Z in the workplace will also impact how companies use technology for fortification, defense, training, development, sales, operations, and most other parts of the enterprise, Coleman said.
The cybersecurity workforce will also slowly begin to skew younger, Coleman predicted, due to the number of open jobs available, and the number of universities beginning to add coursework in this area. "We know it's only going to grow from here," he added.
SEE: Incident response policy (Tech Pro Research)
2. Evolving phishing schemes
Phishing may be an old threat, but it remains one of the most successful means of attack, Coleman said. "With phishing, we know the adversary is going to continue to evolve to use phishing as a way to literally lure people to download the viruses or malware," he added. Fighting phishing means adequately training employees not to click links or download files that look suspicious, Coleman said.
These attacks are often effective because they rely on human behavior, rather than a vulnerability in a system, Coleman said.
3. Increased focus on employee education
Businesses must increase their focus on providing employee education around cybersecurity—however, there is no one-size-fits-all method, Coleman said.
"There are a lot of really great, innovative businesses out there using technology to catch the bad behaviors and then deploying either just-in-time education or sending that feedback back to the organization so they can then provide valuable insights back to leadership to design some programs," he added.
While it's important for CISOs to keep an eye on emerging technologies and threats, hackers will figure out a way to leverage those to meet their own interests, Elliot said. "But when it comes to securing the enterprise, a lot of it also comes down to not getting caught up in the new technologies so much that we forget the basics of cybersecurity—the two-factor authentication and encryption and segmenting networks," he added. "All those things are so important to organizations."
- Cheat sheet: How to become a cybersecurity pro (TechRepublic)
- Phishing attacks: A guide for IT pros (TechRepublic download)
- Information security policy template download (Tech Pro Research)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- The best password managers of 2018 (CNET)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)
Alison DeNisco Rayome has nothing to disclose. She does not hold investments in the technology companies she covers.
Alison DeNisco Rayome is a Senior Editor for TechRepublic. She covers CXO, cybersecurity, and the convergence of tech and the workplace.