Five key cybersecurity capabilities you’ll need in 2019 Posted on January 24, 2019 by Tim Burke As I mentioned in my last post, effective cybersecurity is a cost of doing business — and staying current with cybersecurity requirements has never been more important. Cyberthreats are evolving fast — as are the technologies that counter these threats and the regulatory environment that protects individual personal data and privacy. In 2019, these five cybersecurity capabilities are essential for any business that wants to stay in business: 1 A cybersecurity technology platform Your cybersecurity technology platform should centralize security policy and configuration management as well as administration/reporting, and it should aggregate and integrate cyberthreat prevention, detection, and response capabilities with coverage that spans endpoints, networks, servers, cloud-based workloads, and even patch management. Since at least 90% of cyberattacks are spawned via phishing emails, malicious attachments, or weaponized URLs, your cybersecurity platform must be able to monitor these vectors and apply filters that block malware and provide visibility into anomalous, suspicious, and malicious behaviors. 2 SIEM Security Intelligence Event Management (SIEM) offerings — including SIEM — collect, process, and interpret data from multiple sources; incorporate cyberthreat intelligence feeds; correlate alerts; perform analytics and profiling; and automate responses to potential cyberthreats. Traditional, labor-intensive SIEM is challenged by exploding volumes of security data and too many cyberthreat false-positives. But newer SIEM offerings deploy user and entity behavior analytics (UEBA) and AI/machine learning to boost real-time correlation capabilities and effective integrated cyberthreat response. 3 Two-factor authentication The age of (only) passwords is coming to a close. You’ll need to commit to two-factor authentication (2FA), which significantly reduces account takeover fraud. Biometrics will play a major role here; MasterCard, for instance, will require biometric identification of all its UK users by April, 2019. 4 DevOps that puts cybersecurity first Now that companies conduct much of their interaction with customers via web applications and/or mobile app APIs, the DevOps teams building those apps and APIs need to craft security practices and incorporate them into application code, design, and processes from the outset rather than as an afterthought. These DevSecOps practices should also be applied to cloud, infrastructure, and work with partners. 5 Cloud-based managed security services In a world where line-of-business employees mostly don’t understand or care about IT security, and where finding necessary cybersecurity expertise is difficult, cloud-based managed security services offer a viable and cost-effective option. Not only are managed security services more agile and extensible than traditional on-premises offerings, they come with cybersecurity experts to whom you have access. To get the most from a cloud-based managed security service, make sure the service you choose comes with a full complement of APIs that enable integration into larger ecosystems.