Visions 2019: making the future
9 January 2019 | 0
Predictions are hard, especially about the future, goes the axiom.
Rather than try to predict the future, we have asked a range of people to give us their vision of the coming year based on their experience, insights and efforts to shape their own futures.
To the stars
Though the future can look uncertain, past experiences can provide direction and insight, writes Paul Hearns
While the title of this piece is indeed Visions 2019, I thought I might change tack a little and think about vision in 2019.
As a child of the eighties, I can vividly recall running home from school one afternoon to watch a space shuttle launch.
As a space obsessed child, I could not get enough of the business of space. It just seemed so futuristic and yet real at the same time. Since then, there have been many ups and downs for the various space programmes around the world, but the recent news that the Voyager 2 probe had joined its sibling in going beyond our solar system was a source of deep wonder.
These two probes, designed, built and launched in the 70s, have now so far exceeded their original mission parameters as to be the new wonders of the world and a proud achievement for the species.
Coming back to earth, this incredible achievement was based around certain things that are now becoming issues for organisations again: vision, collaboration, diversity, leadership, focus and excellence.
In 1964, a then 30-year old researcher, Gary Flandro, was tasked with examining the problem of how the outer planets might be explored by future probes. Despite having a master’s degree in aeronautics from CalTech, Flandro was a relative wet nose even in a NASA context. So when he came back within a very short time with an audacious plan based on a once in a 175-year alignment of the planets, it took some persuading of the powers that be to get moving, as the launch had to be accomplished in a short window. The audacious plan would reduce the time forecast for planetary exploration from some 40-odd years to just 10.
The launch had to occur within 1977, a mere 13 years later, or the once in several generations opportunity would be lost.
From the Titan rocket launch vehicles to the probe design, power sources, payload capability and what information about its origins should be carried, all needed to be determined in what was the most ambitious and audacious space mission yet carried out. Though not manned, as was the moon shot, it was fully realised that should these probes be successful, their eventual destination of interstellar space might mean they would be the very first objects made by humanity to be encountered by an alien species.
“It takes courage to pivot an organisation based on startling data, often presented by what might seem to be inexperience personnel. But such insights may well lead to competitive advantage through first mover advantage — only if leadership is willing to take action, in a timely and decisive manner”
From that initial finding of the alignment opportunity, to project confirmation, funding, organisation and execution, required incredible levels of foresight, pragmatism, judgement and investment.
All of these things are principles that organisations today are struggling to found, foster and foment.
Flandro, though young and perceived as inexperienced, produced meticulously research evidence to back up his idea. With the realisation that he was right, the evidence was taken to the highest levels where acceptance moved to endorsement and action. Leadership was shown in creating teams to examine each aspect of the opportunity, both to study the planets and also to the longer term goals of measuring the extent of solar influence, as well as the possibility of first contact.
The best minds of the day were asked to speculate, based on existing evidence, as to what the probes might encounter as they traversed the near unimaginable gulfs between the planets, before heading out into the great expanse between the stars.
The success of the probes, in every aspect of their missions, has shown just how good were those educated guesses, mission parameters and delivery teams.
In today’s terms, organisations are relying heavily on emerging technologies for which there is often little in the way of market experience. For instance, if one tries to hire a blockchain developer, how many years experience is acceptable? Equally, they are looking to new sources and types of data for insights on how the organisation should be run, often producing unexpected outcomes.
It takes courage to pivot an organisation based on startling data, often presented by what might seem to be inexperience personnel. But such insights may well lead to competitive advantage through first mover advantage — only if leadership is willing to take action, in a timely and decisive manner.
Would your organisation be willing to take on its most audacious programme for change based on such initiatives?
Today’s multi-generational organisations value youth and verve, but it still takes maturity and judgement to decide to take the resources of the organisation and put them behind a sea change in operation, even with a hard business case based on clear evidence.
A key highlight from the Voyager example is the creativity that was shown with the message to be found in the form of the golden disc.
The gold-plated copper disc carried by probe is 12 inches in diameter (305mm or so) and contains, in outright terms, less information capacity that your average memory stick. However, under the direction of legendary scientist, author, philosopher and visionary, Carl Sagan, contains just enough information to give a flavour of this ‘pale blue dot’.
Sagan realised that NASA was not the best organisation to determine what should be put on the record and so enlisted the help of a committee of people, from artists to historians and anthropologists, to achieve a broad enough spectrum of what would, in such a tiny space, represent our Earth.
This realisation that diversity in thinking and experience was required, again, showed maturity in realising limitations and a willingness to seek help beyond the organisation, even one as accomplished as NASA.
Though now a project from 40 years ago, the continued wealth of information that the probes deliver, as their distance from earth is now measured in light hours, reminds us how the lessons learned also persist.
As the unknowns of space have been replaced by the uncertainty of political turmoil, fickle markets and a pace of change that is unprecedented, the application of rigour, research, analysis, planning and governance, driven by vision and leadership, can still navigate that maelstrom. Openness to new ideas and willingness to support ambition in inclusive organisations receptive to change, will still win out.
Per aspera ad astra, it says on that golden disc – through hardship to the stars.
More of the same
Chatbot backlash may smooth the way for deeper AI, writes Alex Meehan
More of the same and then some. That is what commentators, experts and forecasters are predicting will rule the world of corporate IT in 2019, with one significant wildcard in the mix – Brexit.
To be specific it seems we can expect blockchain technology, quantum computing, artificial intelligence and augmented analytics to be the driving trends for the year ahead. Such is the opinion of Gartner, which recently published its Top 10 Strategic Technology Trends for 2019, incorporating these themes and more.
“The future will be characterised by smart devices delivering increasingly insightful digital services everywhere,” said David Cearley, Gartner vice president at the company’s 2018 Symposium/ITxpo in Orlando, Florida. “We call this the intelligent digital mesh.”
The idea behind this term ‘intelligent digital mesh’ is that 2019’s emerging trends will bring these three concepts together – intelligent, digital and mesh. ‘Intelligent’ refers to the inclusion of AI in nearly all new technologies while ‘digital’ refers to the ongoing trend for the blending of the digital and physical world to create something new and immersive, effectively redefining what the word digital means.
‘Mesh’ refers to the concept of exploiting connections between expanding sets of people, businesses, devices, content and services. “Trends under each of these three themes are a key ingredient in driving a continuous innovation process as part of a continuous next strategy,” Cearley said.
Is Gartner right? A quick look back at the issues that occupied enterprise IT in 2018 suggests they are on to something. Artificial intelligence is being seen in more and more applications and systems. Autonomous systems are becoming more common and augmented analytics – the application of automated algorithms to explore potential trends in data – is producing better analytical insights.
Elsewhere in the enterprise automation is also to the fore of other 2019 predictions as Forrester suggests a backlash against chatbots and AI is imminent in the area of sales and marketing. It conducted a survey that showed that 46% of companies said this area is leading investment in (and adoption of) AI systems, closely followed by customer support at 40%.
“Human resistance against ineffective chatbots is on the way and a groundswell of jaded customers will crowdsource tips for end-runs around chatty chatbots. A movement similar to the GetHuman movement from 2005 will start,” said Tom Kaneshige, senior analyst with Forrester.
“Forrester suggests a backlash against chatbots and AI is imminent in the area of sales and marketing. A survey that showed that 46% of companies said this area is leading investment in (and adoption of) AI systems, closely followed by customer support at 40%”
“The majority of chatbot deployments will provide poor escalation paths to agents. Chatbots aren’t contact-center saviors with lifelike responses that help customers avoid the dreaded phone tree — many are just as bad. For all the hype about chatbots handling customer service, they’re little more than the interactive voice-response systems that make customers scream into their phones.”
“A whopping 60% of chatbot deployments in 2019 will not have effective live-agent safety nets attached to web chat sessions,” he said.
In addition, Forrester warns of knock-on effects from the widespread adoption of AI-embedded sales technology. In particular, it suggests that installing such systems is likely to lead to more cases of sales fraud with sales reps falsifying data.
“In 2019 sales managers will use AI to micromanage salespeople. In turn, salespeople will regularly falsify data to hide their tracks or game the system thus undermining the data that machine learning depends on,” said Kaneshige.
Meanwhile 5G technology is also predicted to make an impact in 2019 when it will be an important enabler of edge computing.
“5G will enable a multitude of new application types and I can think of a few areas in which it will drive the adoption of edge computing. One is that ultra-high speed data transfer will enable better video streaming,” said Dr Csaba Kiss Kallo, head of connectivity mobility and security portfolio at Vodafone Ireland.
It is thought that more than 60% of the traffic on the average mobile network is made up of video and this is expected to grow significantly, with some estimates putting that figure at around 80% by 2020.
“That growth needs to be catered for and speed of processing is important. For example, at the moment we know that many people experience buffering problems when they attempt to watch video on a mobile device and according to statistics from Marx.com – 39% of users stop watching after just one buffering event,” said Dr Kiss Kallo.
“Edge computing can reduce that latency by allowing us to buffer video closer to the user at the 5G base station. This will reduce, or this will increase things a lot. Another massive area would be Internet of Things adoption which will bring huge amounts of scale.”
From a security point of view, Kaspersky Lab has issued a number of interesting predictions for 2019. To begin with, it’s suggesting that despite their prevalence in the past, the day of the advanced persistent threat (APT) is rapidly coming to a close.
Its reasoning is that the security industry has consistently discovered highly sophisticated government-sponsored operations that took years of preparation.
“What seems to be a logical reaction to that situation from an attacker’s perspective would be exploring new, even more sophisticated techniques that are much more difficult to discover and to attribute to specific actors,” said Vincente Diaz, principal security researcher with Kaspersky’s global research and analysis team.
“Instead of creating more sophisticated campaigns, in some cases it appears to be more efficient for some very specific actors who have the capability to do so, to directly target infrastructure and companies where victims can be found, such as ISPs.”
Kaspersky Lab has also flagged the emerging growth of so called ‘spear phishing’ attacks in 2019. It believes that this most successful ‘infection vector’ will become even more important this year.
“The key to its success remains its ability to spark the curiosity of the victim, and recent massive leaks of data from various social media platforms might help attackers improve this approach. Data obtained from attacks on social media giants such as Facebook and Instagram, as well as LinkedIn and Twitter, is now available on the market for anyone to buy,” said Diaz.
“In some cases, it is still unclear what kind of data was targeted by the attackers, but it might include private messages or even credentials. This is a treasure trove for social engineers, and could result in, for instance, some attacker using the stolen credentials of some close contact of yours to share something on social media that you already discussed privately, dramatically improving the chances of a successful attack.”
You have been warned.
The wait and the worry
2018 was not a year of bombshells; even GDPR has had a slow start, and 2019 looks set to play out similarly, writes Jason Walsh
Cynically, it is tempting to say that the biggest trend in IT will continue to be marketing jobs being passed off as somehow being something to do with technology. This year, however, there is at least some meat on the bones as marketeers have to do more than just think about how to get their message across on Facebook and Instagram. And for a simple reason: front and centre in 2019 will be the GDPR.
The GDPR, the EU’s new general data protection regulation, is much ballyhooed but we still do not yet know how it will play out beyond making us all click on slightly annoying – and some would say needlessly obscure – cookie notices when we visit web sites.
Ironically, the explosion of interest about the GDPR – panic, even – in 2018 seems to have created something of a paradox: there can be no-one who has not heard of the regulation, but as yet nothing much has happened. This lacuna should not be taken for the legislation being a damp squib, though. In fact, it is simply a perfectly ordinary lag, and we have already seen significant breaches and potential breaches in 2018 including Fifa, Quora and Eurostar.
It is safe to assume that more than one investigation into breaches that occurred after May 2018 are now underway and Irish Data Protection Commissioner, Helen Dixon, has indicated that she expects significant cases to come to the fore in 2019.
And it is not only the commissioner herself who is taking note, however. Indeed, in its annual report for 2018, published in December, the office of the commissioner, described 2018 as “truly extraordinary”. Over 9,900 emails and 10,200 telephone calls to the commissioner were received in the first five months of 2018, just before the GDPR came into force. In May, the month when the regulation replaced the previous data protection regime, the office of the commissioner saw 6,000 contacts made – an average of 270 per working day.
“The fact of the matter is that technology is now a way of getting to people, for good purposes and bad, and while the generalist press continues to struggle with reporting technology, the fact that it matters more than ever is not, to coin a phrase, ‘fake news’”
This neatly encapsulates a development we have all been experiencing in the last decade: technology is no longer ‘pure’; today it is nothing less than politics.
Data has also taken on a geopolitical dimension: although the idea that Brexit was won by Russian ‘bots’, or that Trump is in the White House solely because of Twitter and 4Chan, may warm the cockles of the hearts of those who feel horrified that the world is in flux, the truth is that the most extreme claims do not stand up. That does not mean that bad actors, both state and non-state, are not engaged in what is now called, perhaps stretching the metaphor a little too far, ‘information warfare’, however. The fact of the matter is that technology is now a way of getting to people, for good purposes and bad, and while the generalist press continues to struggle with reporting technology, the fact that it matters more than ever is not, to coin a phrase, ‘fake news’.
Unsurprisingly then, 2018 has been a boom year for the infosec sector and 2019 will be no different. The need for infosec professionals will continue to grow, and there is no sign that Ireland has anything like enough qualified and skilled people on tap.
For the wider cohort of technology professionals the upshot of all of this is that tech issues are being taken more seriously than ever: freed from the constraints of simply being the cost of doing business, IT is now taken seriously at board level and expected to make a strategic contribution to business. Compliance and security particularly are not longer ‘mere’ tech, but technology professionals will need to develop new and better strategies to deal with ever more pervasive, and occasionally innovative, threats.
On the hard tech side, one of the most interesting developments is the continued growth of artificial intelligence (AI) and machine learning (ML), both of which are now part of everyday life for tens of millions of people.
Of course, as always the hype is hard to see past. For some, AI is a job-killing machine, while for others it is poised to revolutionise human life for the better.
The darkest fears of all are over autonomous weapons. So it seems that killer robots might exist, but in the form of military drones not that of Roy Batty from Blade Runner marauding around Los Angeles in 2019. It may sound absurd to talk about this but there is a point: as always with developments in technology, the deepest questions that need to be asked are human ones, not merely matters of efficient coding.
The philosophers’ musings are most welcome, but one thing about AI and ML that we can say for sure is that it will change particularly as it moves to the network edge — and with the expansion of internet of things (IoT) radio connectivity the network will become more and more pervasive, producing a step change, particularly in the logistics sector. This is no small thing: it may be an invisible industry, but as the panic over a potential ‘hard Brexit’ has demonstrated getting goods into people’s hands is a complex business. And where logistics goes you can be sure the rest of industry will follow.
But the limits of AI are worth talking about, too: as society is increasingly driven by algorithms there must be a conversion about how they are created. It’s one thing for Amazon to endlessly recommend the same product, but it is entirely another if supply chains come to be driven by the noise mixed into the signal.
The longer term effects of AI and ML are more difficult to talk intelligently about precisely because they represent uncharted waters. Modelling has been with us from day one – after all that is, fundamentally, what computers were developed to do in the first place – but we still do not understand how replacing intuition and hypotheses with live information will feed back into the world, potentially changing how we all behave.
The continued growth in processing power and storage will ensure that more and better information can be used to understand and model the world as it is, rather than simply predict how we might like it to be – but, again, the human element will remain the key.
For some of us, though. perhaps the strongest trend in 2019 will be a wistful desire for the days when technology was straightforward and easy to define.
|The future is bright – but is it secure?|
|“Security and privacy are related – but different. In 2019 we must hope that people will finally be able to tell them apart”||
Threatscape Dermot Williams, CEO
|The phrase “digital transformation” was a rarity in our client conversations with CIOs and CISOs five years ago — but today it is unusual for the topic not to be mentioned. The drive to leverage IT for greater operational effectiveness and business innovation has reached even those industry sectors we thought might never embrace it. Thankfully we are also seeing a greater awareness and prioritisation of the need for information security to “have a seat at the table” from the start of these projects so that they are not belatedly asked to find ways to secure new systems and processes when plans are already near completion. I’ll begin my look ahead to 2019 with a wish that this particular trend continues.2018 has been a year not only of fake news but also of big news. Trump, Brexit, North Korea, China – and of course GDPR… it seems that almost every major business or geopolitical headline has somehow had a cyber angle. We see this continuing in 2019. There are significant uncertainties regarding Brexit as I write with daily twists and turns, but whatever eventually happens is likely to impact cyber security in many ways. While the near term impact may be limited to a predictable wave of Brexit related phishing campaigns, a greater and longer term concern is how Brexit may affect the operation and legality of future cross-jurisdiction investigations involving UK and EU stakeholders.
Will anyone trust their hardware in 2019? Spectre and Meltdown have reminded us that CPUs have become a computer within a computer, and that a consequence of advanced performance improvement techniques such as branch prediction and speculative execution can lead to low level vulnerabilities capable of being exploited by attackers. The jury still seems to be out on whether Chinese intelligence did or didn’t implant an almost invisible “spy chip” on SuperMicro motherboards, western countries are thinking twice about whether it is prudent to entrust large swathes of their 5G infrastructure to Huawei and Kaspersky has been forced to defend their products against claims of hidden backdoors being exploited by Russian spy agencies. Where does it end? One easy prediction for 2019 is that the mantra of “trust … but verify” will be applied to every element of IT systems, and the supply chains which deliver them, in future.
A frequent source of confusion in the past has been the difference between security and privacy. GDPR has precipitated numerous projects and investments amongst our clients, with the most impact felt by those who must store or process large volumes of personal data. Many already had very strong security but needed to make operational changes to ensure they also complied with privacy legislation. Finally, people also seem to realise that it doesn’t matter if your social network of choice has armed guards at their data centre and millions of dollars of the latest IT security tech – if their sales people are selling your personal data to all comers. Security and privacy are related – but different. In 2019 we must hope that people will finally be able to tell them apart!
Another source of confusion which should finally be cleared up by 2019 is that of cyber security versus operational security. Did your financial controller accept an authentic looking email as confirmation that they should send out thousands of euros to a faceless fraudster? Yes it would be good if your IT security systems could have spotted and flagged the email as suspicious, and many do get flagged. BUT if you still accept a single email as the key to unlock your bank vault, you have a much bigger operational or process security issues than cyber security one. Those who have been impacted by “Business Email Compromise” and attempted to claim on a cyber security insurance policy have learnt this the hard way.
In 2019 we predict many more attacks – but hope that targets are now more informed and less susceptible.
|Exiting the complexity trap|
|“The ability to respond quickly and accurately to shifts in customer behaviour will be vital in tomorrow’s world as businesses and people become more demanding, as well as tech savvy. Machine learning will assist in these efforts. Machine learning is as much about the organisation’s buy-in and availability of quality data that will make it successful”||
Singlepoint Rob Curley, managing director
|We are already seeing massive growth among businesses that are aggressively executing a clear digital transformation strategy and looking to capture ideas and get prototypes delivered much faster than before. Digital change will be harnessed through a combination of digital technology, digital culture and partnering with specialists to accelerate digital transformation. Successful transformation is as much about people and processes as it is about technologies. To shift into digital speed, companies need to look into their decision-making processes and tackle the bottlenecks.The ability to respond quickly and accurately to shifts in customer behaviour will be vital in tomorrow’s world as businesses and people become more demanding, as well as tech savvy. Machine learning will assist in these efforts. Machine learning is as much about the organisation’s buy-in and availability of quality data that will make it successful.
At Singlepoint, we have built and continue to build our own solutions in areas that we see high growth, so we can come in and just switch it on for clients. We have had much success with our DAPx platform last year with many implementations taking place in 2019 too. It is a cloud-ready digitised platform that provides a framework for delivering solutions and services reliably and quickly and is now implemented in several customer sites and we use it ourselves. It allows customers to cut up to 50% off delivery costs as it can save 300 – 1000 man days on mobilisation, design and development. With all our solutions, we are building in that capability and automating them so we can get people moving quickly. Digital technologies and methods are supremely flexible. They enable businesses, end users, and IT departments to work interactively to design applications and user journeys that are ‘just right’, and to adapt processes accordingly. In essence, the transformations that emerge from the digital era itself may well spell the end of the complexity trap.
Organisations are looking into how they can leverage their infrastructure, applications and services in order to cut out hardware costs and increase scalability and we are working on cloud adoption architecture which will increase commitment to connecting clouds and this will be the big movement in 2019.
Chatbots are another area that is of particular interest to us. We have built a number of them and we see there is a big opportunity for them in terms of cost optimisation. Already, we are seeing that a lot of people are happy to use bots if they get the answer they need, they are intuitive, equipped with the ability to improve their efforts from continual learning algorithms and serve to meet the demands of the fast-paced, hyper-connected digital world in which we live.
Following decades of rapid growth and disruption, the dominant forces shaping the digital landscape have shifted, and we will be entering a period with fewer ground-breaking changes but far greater transformation. We’ll see major shifts in culture and in the broader conversation about the digital landscape.
|Vision 2019: Rapid advances in 3D|
|“Additive manufacturing is also a useful way to make spare parts for machines that have been operating for decades, for example in trains or power plants. If an upgrade is desired, the digital twin of an original component can quickly be optimised before the replacement is produced”||
Siemens Ltd Michael O’Connor, communications director
|Products that were once forged, milled or cast are increasingly being produced with 3D printing, a process in which objects are created layer by layer. Also known as additive manufacturing, 3D printing has been around since the 1980s. Back then, only plastics were used: 3D Printing now makes it possible to create innovative components made of metals, polymers or ceramics that in most cases already perform better than their conventionally manufactured counterparts. Indeed, applications are proliferating in fields such as power generation, aerospace, health care, rail transportation, the automotive industry, and motorsports.
Data-Driven Production Processes: This revolution in industrial production is now underway thanks to advances in additive manufacturing that itself would not have been possible without the comprehensive digital transformation of production processes, from design and engineering software, and simulation tools for printing all the way to control and monitoring of printers. Siemens sees this trend accelerating in 2019.
The global market for additive manufacturing is booming – and so is the market for associated printing materials, machines, software, and services. Analysts estimate that the volume of this market, which amounted to €9.7 billion in 2017, will reach €26 billion by 2021.
An Optimised Twin: Additive manufacturing has developed into an independent production route that makes it possible to create completely innovative components in small batches as well as in individualised mass production runs. For example, it is possible to produce chassis for racing cars, complex components for aircraft engines, hip joints, and gas turbine blades. It is also a useful way to make spare parts for machines that have been operating for decades, for example in trains or power plants. If an upgrade is desired, the digital twin of an original component can quickly be optimised before the replacement is produced.The 3D printing process makes it possible to design almost any kind of complex structure. This means that the shape of a component can be designed in line with its function. In addition, such components can be made lighter without sacrificing stability. And because of optimised designs, components benefit from less wear and tear and a longer service life.
Siemens is a pioneer in this field producing the first 3D-printed burner tips for gas turbines we in 2013. In 2014, we opened a competence center for additive manufacturing that designs and produces spare parts for rail transport. In 2017, Siemens engineers were the first in the world to successfully print and test blades for gas turbines. Not long after that, the blades were followed by printed burners, which have been successfully operating in a commercial gas turbine in Sweden. We recently established an Additive Manufacturing Experience Center (AMEC), a lab which allows customers to explore 3D printing and experience the individual steps of the printing process. In the field of energy alone, Siemens is planning to qualify a total of 200 components for manufacture by means of 3D printing by 2025.
|Achieving information resilience in today’s ever-changing cyber landscape|
|“A simple but effective solution for mitigating future risks, has and will always be considering security controls at the early stages of a project. This is the well-known process of security by design. Unfortunately, without clear and mature processes this approach can lead to uncontrolled results. For this reason, the certification of devices and services aid in mitigating risks”||
BSI Stephen O’Boyle, global head of Cybersecurity and Information Resilience Services
|The evolution of future threats, opportunities and the advances in modern technology have provided us with innovative solutions to address cybersecurity risks in today’s ever-changing cyber landscape. Last year, cybersecurity emerged as a cornerstone of our digital economy and in the coming year this will develop further.At BSI, we focus on achieving information resilience throughout our client’s organisations to ensure infrastructure is protected against pervasive cyberthreats, regulations are met, and trust is maintained. We operate within four interconnecting areas, namely Cybersecurity; Information management and privacy; Security awareness and training; and Compliance to requirements.
When it comes to good cybersecurity governance, it is essential that this is designed from the top down and for organisations to enforce strategies with the right policies and procedures. Our role in this as consultants involves identifying opportunities that support our clients needs. This requires us to forecast upcoming threats, new ways of resolving vulnerabilities and mitigating risks so that our clients are prepared.
As such, we have identified areas most likely to present the greatest impact this year in the cyber landscape as:
International Organisation for Standardisation (ISO) is expected to release new standards to support this regulation. The ISO/IEC 29101 ‘Privacy Architecture Framework’ – will define the concerns of ICT systems that process Personal Identifiable Information (PII). The ISO/IEC 19086-4 ‘Cloud computing – Service Level Agreement (SLA) Framework’, will set the SLA’s for cloud-based services processing PII.
These two standards will have an interesting role to play in applying the ePrivacy Regulation with the EU approach to compliance suggesting the adoption of general recognised standards as a guideline.
Considering security controls at the early stages of projects: A simple but effective solution for mitigating future risks, has and will always be considering security controls at the early stages of a project. This is the well-known process of security by design. Unfortunately, without clear and mature processes this approach can lead to uncontrolled results. For this reason, the certification of devices and services aid in mitigating risks.
We predict that a future trend in cybersecurity will be for an increase in the demand of certification schemes, which are based on general recognised security standards.
Malware: We have already witnessed an increase in targeted MacOS based devices but in the last two years an increase in Linux malware has been noticeable. AV-TEST highlighted in their annual security report* that the development of Linux malware has tripled since 2016. This report is alarming as Linux based systems are often perceived to be not commonly affected by malware and therefore may have fewer security controls configured compared to a Windows based system. Likewise, most IoT (Internet of Things) devices and many web-based systems use Linux operating systems, which could lead to an increase of security breaches if this trend continues to grow.
The year 2019 may also bring an increased threat in UEFI (Unified Extensible Firmware Interface) malware attacks. An example of UEFI malware, named “Lojax”, was discovered last year by ESET – an antivirus provider. This malware exploited a vulnerability in “LoJack” (an anti-theft tracker software), causing infected devices to communicate with a malicious server instead of the providers server.
With the rise in the adoption of Cryptocurrencies, crypto mining malware has become a popular alternative to ransomware attacks as criminals realise the benefits of long-term gains versus a one-off payment. This year will likely see a different focus for it, leading to a decrease of browser based and an increase in operating system based crypto mining malware.
Advanced malware detection will demonstrate its true potential this year in the fight against malware attacks. This technology continuously analyses activity in a network in order to acquire regular behaviours and detect suspicious ones, typically referred to as Entity and User Behaviour Analytics (EUBA).
Phishing: Phishing campaigns will continue to be present into the future as the most prolific form of cyber attacks that target corporate and private emails. It is a key focus that we work on with our clients to implement awareness training for employees that help them to avoid easily recognised phishing attacks and to implement active anti-phishing solutions.
The best solutions are based on revisions of policy and procedures, user awareness training, and Artificial Intelligence (AI) based technologies. Specifically, AI anti-phishing solutions will analyse incoming emails in order to detect suspicious patterns. These solutions can be used to enforce the redesigned policy and procedures, run simulated attacks and intervene in suspicious behaviour. Examples of truly effective solutions are a combination of mail filters (SPF, DMARK, DKIM checks), anti-spam, web filters, sandboxing and next generation EUBA.
|“Over time the protections which people put in place become useless. This is a fundamental issue and concern that all those involved in cyber security have”||
Renaissance Michael Conway, director
|Wikipedia says: “The future is what will happen in the time after the present. Its arrival is considered inevitable due to the existence of time and the laws of physics.”So, what is coming over the next while, and particularly in 2019, that is considered inevitable?
Within the area of cyber security and compliance you can be sure of one thing and that is the bad guys will continue to become ever more demanding, innovative, unrelenting and will continue to reinvent themselves. They will continue to attack and with all attacks from unknown and unexpected sources they only have to get lucky once! They may already even have got lucky but not yet detonated their payload or become known to you as statistically, it is many days (between 100 to 200) that the bad guys typically sit in your network before being detected.
Over time the protections which people put in place become useless. This is a fundamental issue and concern that all those involved in cyber security have.
So, let’s take a look at some examples of technology changes that have occurred over recent times and that have perhaps not hit the radar just yet:
TLS 1.3 Encryption: TLS 1.3 now removes obsolete and insecure features from the previous version. This means in practice that many firewalls and other perimeter protections don’t support the newer protocol and never will.
Traditional Virus versus Ransomware: Old style simple viruses versus intelligent attack based on social engineering
Basic Authentication versus Multi Factor Authentication (MFA): Simple authentication versus sophisticated authentication.
Traditional email protections are no longer effective.
These are simple and classic examples of key elements within our typical and simple technological environments.
The bottom line is any old technologies will probably not work and probably not protect your environment. In 2019, we expect to see and hope to see that people have realised that not investing in protection is a foolish way to manage your business and in order to be safe and secure you must invest and do your very best to keep up.
So, the key message is that everything changes from an attack point of view, so we should also change our defences!
One of the other elements we expect to see people investing in and working through, is their ability not just to detect, but to also prepare for the inevitable – what happens when!
The ability to recover is now key and play books and recovery and response plans are necessary for when there is an attack, not if!
|Managed services partnerships to increase in 2019 as organisations focus on value from IT|
|“There is an increasing focus on having IT deliver value to the business. Boards and senior managers are asking more of their IT, yet budgets are staying the same. The message is: do more with less, be more responsive, provide value and innovation – but we’re not going to give you any more money to do it”||
SureSkills Kevin Reid, chief technical officer
|One of the biggest trends I expect to see in 2019 will be an acceleration towards managed services partnerships between organisations and third-party providers. Companies will take platform-level technology that isn’t unique to them, and that confers no competitive advantage, and hand over the responsibility of managing that infrastructure to a specialist provider.There are a few reasons why I believe growing numbers of companies will take this approach. Firstly, certain types of IT systems, like hypervisor platforms, back-ups and disaster recovery, desktop provisioning or line of business applications, are essentially utility-like services; we now expect them to run in the same way we expect water or electricity. We pay for how much or how little we use.
Secondly, IT departments are moving away from multi-year capital investment projects for infrastructure. Now that the technology tools are available to scale up or down quickly and easily if the business needs dictate, it makes little sense to stay wedded to a particular technology infrastructure for, say, five years. That model limits the very responsiveness that IT is now expected to provide.
That leads directly to the third reason: there is an increasing focus on having IT deliver value to the business. Boards and senior managers are asking more of their IT, yet budgets are staying the same. The message is: do more with less, be more responsive, provide value and innovation – but we’re not going to give you any more money to do it. So the natural consequence of that is, IT departments need to be smarter with their spending, and invest the budget they have more cleverly. In light of this trend, it makes sense to minimise investment in activity that keeps the lights on, and to focus spending instead on delivering business transformation, digital adoption and agility. (It is a related point, but as anyone who’s hiring will confirm, it is very hard to recruit in the current climate where IT skills are highly in demand. That forces the cost of talent to rise, which further eats into IT budgets.)
Moving to a managed service model will change the role of IT from delivering technology towards vendor management. From a career perspective, I believe this is a positive step for IT professionals. By becoming a partner to the business, they gain valuable experience – and potentially upward mobility – that they would not get in a purely technical role.
I expect more IT departments will take a smart spending strategy in 2019 by developing partnerships with third-party managed service providers who can take away the resource challenges and deliver IT to the business in a cost-effective way. That saves costs through predictable service level agreements, while freeing up time for IT departments to move from handling routine tasks to providing value to the business by harnessing technology to make the organisation flexible and better able to change and adapt.
The success of this trend will depend on choosing the right partner. That is why it’s vital to choose a managed service provider that’s aligned with best-practice service management processes, to deliver IT services reliably, repeatably and transparently.