2019 wasn’t the year of the artificial intelligence (AI), cloud computing or automation – but all were part of the overall trend in information technology advances. In many ways the decade concluded not with a major leap forward, but rather by making solid footing for the next advancements.
ClearanceJobs reached out to numerous technology experts across the country to get their insight into the top IT trends of 2019 – and what might be in store for next year.
“2019 has cemented itself as a foundational year for the Fourth Industrial Revolution (4IR), with three trends dominating the market,” said Brendan Walsh, senior vice president of partner relations at the 1901 Group.
Walsh told ClearanceJobs these include, “AI moving from a research concept to an operational reality; IT as a Service and IT consumption models being implemented at the agency program level and accepted by the government acquisition community, and industry-wide acknowledgement that there is a cloud engineering and cyber talent deficit, which requires us all to invest in growing the next generation of IT professionals from both traditional technology sources and non-IT backgrounds.”
Tech Giants and the Run-up to the 2020 Election
Several presidential hopefuls are asking whether some tech giants had simply gotten too “gigantic,” and whether these companies now have too much influence in the average American’s life.
“Another story that developed over the course of the year was the manageability of massive Web-centric companies, including Facebook, Google and Twitter,” explained Charles King, principal analyst at Pund-IT. “All were apparently manipulated during the 2016 election, and all are being targeted by various interests in the run-up to the 2020 contest.”
“Those issues are partly fueling speculation over antitrust investigations, another somewhat modest trend that might pick up speed/weight in 2020,” he added. “Climate change is an issue that touches IT in various ways, from the insights that technologies and tools can provide about environmental shifts and solutions to the huge and continually growing power requirements of global data centers.”
Automation and CyberSecurity Threats
The self-driving car likely won’t be heading to public roads across the country in 2020, but 2019 saw some significant milestones in the future for this technology. As tech advances, it also faces the same challenges – with ransomware attacks, phishing scams and other cybersecurity breaches.
“Within the IT industry, two of the top trends in 2019 were an increase in IT automation and an increase in ransomware attacks, which led to the increase in security awareness training programs,” said James McQuiggan, security awareness advocate at KnowBe4.
IT automation could help combat the threat from cyber attacks in 2020.
“Organizations are shifting to more IT automation to increase the productivity of IT employees by implementing new technologies to support Endpoint Detection and Response (EDR) to identify and contain any known malware discovered on a system,” McQuiggan told ClearanceJobs. “Organizations are implementing Security Operation Centers (SOC), whether their own, or from a managed service provider, and utilizing an automated response system through SOAR (Security Orchestration, Automation and Response) to rapidly address incident through a variety of tools, which is reviewed by an analyst, versus having multiple people or departments reviewing data.”
Despite renewed awareness of the risk of cyber attacks, along with more focus on employee education, cyber threats paid a heavy toll in 2019.
“As ransomware is heavily targeted at healthcare organizations, municipalities and education institutions, their employees are not able to effectively recognize the phishing or spear phishing attacks,” said McQuiggan. “This in turn has more organizations (not enough yet) recognizing the need to educate their employees to detect and react properly to email scams.”
Ransomware creativity also increases in 2019, a disturbing trend that will likely continue.
“Ransomware has always been a crude, blunt instrument for attacks that remains popular because it works,” warned Willy Leichter, vice president at Virsec Systems.
“Once attackers have a foothold, it’s easier for them to encrypt data for ransom, than to exfiltrate data to sell on the dark web,” Leichter told ClearanceJobs. “Ransomware can be thwarted with frequent backups, and runtime attack detection, but there are still many soft targets, and entrepreneurial criminals with new creative schemes.”
Clouds on the Horizon
The role of the cloud also continued in 2019. The global public cloud computing market was set to reach $258 billion for the year, and organizations’ average yearly cloud budget was $2.2 million in 2018. About one third of companies’ IT budget now goes towards cloud services.
“As enterprises are moving to the cloud, cloud-based authentication and IAM solutions will be needed to ensure secure access to migrated systems,” noted Yaron Kassner Ph.D., co-founder and CTO at Silverfort.
“We will also see a wider adoption of identity-based zero trust solutions as securing access of anything-to-anything becomes a priority, within internal corporate networks and across corporate cloud environments,” Kassner told ClearanceJobs.
Other experts suggested that 2019 was the year of two steps forward and one step back towards the cloud.
“The cloud changes everything… or does it?” pondered Satya Gupta, co-founder and CTO at Virsec. “While cloud growth will inevitably continue, some enterprises are questioning whether they’ve rushed too fast into the cloud and have ignored security basics.”
“The Capital One/AWS breach revealed serious gaps and misconceptions about who is responsible for cloud security, and what are acceptable basic levels of protection,” added Gupta. “This incident seems to have split the line of shared responsibility and has resulted in finger-pointing between Capital One and AWS. It has also sent a chill through many enterprises, causing them to rethink their cloud security strategy and move to more hybrid models. In fact, a recent survey found that 74% of enterprises move apps to the cloud, and then move them back on-premises or to hybrid models.”
Fake Learning and Software Supply Chains
There were several other notable trends in cybersecurity in 2019, including how AI systems could become increasingly susceptible to the emerging technology of “fake learning.”
“AI systems can learn quickly, but do we know if they’re learning the right lessons,” explained Gupta. “We expect attackers to increasingly flood AI security systems with fake patterns, causing many false alarms, which then lead enterprises to dial down security policies, opening opportunities for real attacks. With all the hype about AI in the last few years, we expect healthy skepticism to increase, questioning some of the magical thinking about AI, while being realistic about practical implementations. No doubt that AI is a powerful tool, but there’s no reason to believe it won’t also be a powerful weapon in the wrong hands.”
There were also reasons to be far more vigilant about software, as the software supply chain became less trusted in 2019.
“Security experts will increasingly ask a basic question – are they positive that the mission-critical software they are running is pristine, and that none of the thousands of processes in an enterprise application have been tampered with,” said Ray DeMeo, co-founder and COO at Virsec.
“For example, many attacks have changed DLL libraries used across multiple applications to insert malicious code, unnoticed by conventional perimeter security tools,” DeMeo told ClearanceJobs. “We expect in 2020 that enterprises will look for tighter controls and more assurance of the integrity of their applications from developers, through the supply chain, and while they are executing in runtime.”
Increased Cyber Threats Increases Demand for Cyber Insurance
Given the costs that a breach can entail, 2019 was the year that cyber insurers came into the spotlight, and moving forward those same insurers will likely require better security.
“While cyber insurance isn’t new, it’s still in its infancy, and premiums vary widely, as insurers don’t have reliable models to estimate risk,” explained Shauntinez Jakab, director of product marketing at Virsec Systems.
“Small claims can be easily settled, but massive attacks have caused inevitable battles of fine print in cyber insurance policies,” Jakab told ClearanceJobs.
“For example, after the NotPetya attack, an insurer denied a massive claim because the attack was supposedly perpetrated by an adversarial government and was deemed to be an ‘act of war’ – not covered in the policy,” he added.
“A positive sign is that insurers are becoming more proactive about examining company’s security posture and recommending security best practices and solutions to reduce risk,” Jakab noted. “The recent Cyber Catalyst program is a consortium run by Marsh with participation from major insurers – including Allianz, AXIS, Beazley, CFC, Munich, Sompo International, and Zurich – has tested security solutions and recommended specific products that can reduce risk, and qualify the company for better terms on their policies.”