Cybersecurity Trends in 2019: Zero Trust, Biometrics, IoT, and GDPR

Aaron Walker
Aaron Walker  |  December 3, 2018

Another year is winding down within the ever-changing world of cybersecurity, as digital threats continue to evolve.

Like last year, identity management has been the most-discussed area of innovation in the cybersecurity world, thanks in part to GDPR and other compliance-related legislation. We have talked a lot about risk-based authentication on G2 Crowd before, specifically regarding its evolution into a more all-encompassing field of zero-trust security practices. 

Biometrics, artificial intelligence (AI), and the internet of things (IoT) are also evolving. The adoption of iPhone security measures has proven that people will accept biometric authentication through FaceID alone.

Cybersecurity Trends in 2019

AI continues to expand its reach within the cybersecurity world, becoming embedded into applications, improving identity management, and producing more effective threat intelligence solutions. In the meantime, companies continue to produce tools to protect your emerging IoT endpoints with potential vulnerable exploits.

Interested in protecting your company? Discover the best cybersecurity services in 2019.

To the surprise of few, 2018 was another great year for cybersecurity venture capital funding. The amount of capital invested this year is set to outpace 2017’s total of $3.6 billion. It’s already almost there, totaling $3.3 billion through October 2, 2018. Some of the year’s largest deals included Series E funding of $200 million to Crowdstrike, $120 million to Cylance, and $50 million to Darktrace.

Established companies and emerging startups have both seen an influx of funding. But the huge series E numbers hint that investors are more willing to spend capital on proven products rather than potential ones.

As every industry adapts to new and emerging threats, new trends and solutions continue to emerge like ransomware and DDoS protection software last year. For 2019, our focus will revolve around the “zero trust model,” biometric authentication, IoT security, and information compliance technologies.

1. The Zero Trust Model

Let’s start by defining the zero trust approach. The zero trust model eliminates the idea that internal players are trustworthy individuals who mean no harm. Zero trust security continuously evaluates an individual’s behavior and actions to identify and eliminate potential threats.

This is accomplished by defining parameters of legitimacy via a range of factors that determines the validity of a user’s behavior in the form of a risk score. These determining factors may include a user’s physical location, IP address, and permissions, among many others.

The zero trust system will continually run a simulation, calculating risk from the designated factors to generate a risk score. If the risk score surpasses a threshold, the user may be disconnected from the network or be prompted to fulfill a multi-factor authentication process, such as answering a security question or receiving an SMS code, before they can continue utilizing the network.

2. Biometric Security Growth

Biometrics is an intimidating concept. They connect your real-life, physical self to digital records and your online accounts. Historically, many people are initially hesitant to give away their fingerprints or willingly have their appearance documented for a facial recognition scan.

But as the technology becomes more streamlined within hardware or software access, biometric security access becomes less of a hinderance. As long as user experience is not significantly affected, the issue essentially disappears.

Individuals may think of retina scans out of Black Mirror or a Philip K. Dick novel when someone brings up biometrics, but once they realize they’re already using it, the panicked-induced stigma dissipates. For example, one of the simplest and most ubiquitous examples of biometric security is the use of FaceID and fingerprint scans for iPhone access.

Companies will use biometric tools because they do, in fact, significantly increase the effectiveness of security practices. And as venture funding continues to funnel resources to the providers of biometric technologies, the user experience integration will only improve while the stigma associated with fingerprinting or facial scans dissipates at the same time.

The biometric security market is already valued at around $16.8 billion, according to MarketsandMarkets, who predict a 20% compound annual growth rate (CAGR), increasing the valuation to $41.8 billion by 2023. We predict it will grow faster and quicker than MarketsandMarkets’ prediction, reaching roughly $20.16 by the end of 2019. 

3. IoT Security Evolution

The rapidly growing number of IoT endpoints has not lost momentum and will not lose it any time soon. These new endpoints are outpacing innovation in the security space. Companies have made a “smart” version of basically everything you can think of, but many of those products have glaring security holes.

Previously, my colleague discussed IoT security and the very real danger posed by billions of unsecured IoT endpoints and I have discussed such IoT-powered threats such as DDoS attacks. These threats and cybercriminals have only gained power as the number of unsecured endpoints explodes.

There are some technologies that can help protect businesses against bot-based attacks, like DDoS protection software, but these solutions do not address the problem at its core. Until security professionals and/or experts can determine and resolve the underlying issue of unsecured endpoints, incidents will continue to arise.

As a result of this disproportionate growth of vulnerable endpoints and lack of effective security solutions, attack frequency and scale will rise. Businesses will become financially impacted as well as lose the trust of their consumers once their sensitive information is hacked or stolen.

4. GDPR Compliance as a Service

Governmental and international regulation regarding data privacy has been brought to the forefront of countries across the globe. The massive breaches from financial institutions have resulted in a collective demand for regulation of personal information.

These regulations are definitely a good thing, but do pose a new issue for businesses. Companies have to rapidly adopt multiple international regulations so that they can keep up with and satisfy consumers’ expectations regarding the secure storage, sharing and management of personal information.

Vendors in the data security, privacy, and security risk analysis markets are likely very happy as a result of increased demand. These evolving markets can provide companies with the tools they need to meet compliance across a number of industries.

For smaller businesses, hiring and training new staff can be time-consuming and expensive. Many of the compliance-related tasks can be automated or optimized with workflows via software solutions. Instead of unnecessarily investing money on staff to deal with increasing overhead, companies will simply adopt new GDPR and compliance-related technologies.

In fact, companies that struggle to comply with the software solutions that are supposed to help them adhere to GDPR regulations will opt for managed services. By turning to managed services, companies can completely avoid the crucial step of training new employees to master such software. This trend will continue to grow and become a fully fledged market.

Moving forward in 2019

The evolution of risk-based authentication tools, the widespread acceptance of biometric-infused security measures, the increased risk of IoT-related security incidents, and the rise of compliance-as-a-service providers are just a few trends related to emerging security technologies. However, we believe they are the most significant trends, indicative of overall market changes, that will have the biggest potential impact on the largest number of companies.

These aspects of cybersecurity are becoming necessities to businesses that are embracing the security-centric business world of 2018, and will only continue to so even more in 2019.

Ready to learn more about trends in 2019? Learn about artificial intelligence trends causing business innovation.
Aaron Walker
Author

Aaron Walker

Aaron is a Senior Research Specialist who focuses on cybersecurity, information technology and software development. He began at G2 Crowd in 2016 after graduating from The University of Iowa. Aaron has written for The Daily Herald, Tribune Media, and The Daily Iowan, among other media outlets. In his free time, Aaron enjoys shooting film photography and fine-tuning his illustration skills.