Today's top stories

7 hot cybersecurity trends (and 4 going cold)

Is that security trend hot or not? From tools and technologies to threats, tactics, and training, the numbers don't lie.

Current Job Listings

The whole tech industry is dynamic and constantly changing. And if you're in IT security, you're in a unique position that the changes can be forced upon you by techniques developed by malicious hackers. That means that there's always something new going on in the industry, and there are also some techniques and tools whose usefulness has fallen by the wayside.

It can be hard to cut through the hype when it comes to tech security trends: every company with a product to sell wants to convince you that they're in line with the cutting edge of the market. To help you get a sense of what's really hot or cold in today's security world, we peek under the hood to look at the numbers that matter, from spending to effectiveness.

11 hot (and not) cybersecurity trends:

  1. Hot - Credential stuffing
  2. Hot - Collaboration app security
  3. Not - Ransomware
  4. Hot - Banking trojans
  5. Hot - The internet of things
  6. Not - Artificial intelligence
  7. Hot - Quantum cryptography
  8. Hot - Phishing
  9. Not – Antivirus
  10. Hot - Multifactor authentication
  11. Not - The blockchain

Hot: Credential stuffing

Every year it seems that there's a constant drip-drip of major hacks at big companies that result in millions of username/password pairs being compromised. The real-world consequences of these attacks are what's known as credential stuffing, when an attacker uses long lists of stolen login credentials in large-scale automated attempts to log in to various websites. The attackers are relying on the fact that many of us use the same username and password on multiple sites. Thanks to the attacks' automated nature, even if only a small percentage of the stolen login credentials are a positive match, it can still be worth the attackers' while.

"We need to make user credentials more secure," says Kristen Ranta Haikal Wilson, Cofounder, Head of Product Management, and CMO at PasswordPing. "By screening for compromised credentials proactively during login, password reset and account activation, organizations can heavily mitigate online account takeover and fraud with very little impact to the end user."

Key numbers: In 2018, 60 percent of customer login traffic at airlines — and 91 percent at retail outlets — consisted of credential stuffing, according to Sharpe Security.

Hot: Collaboration app security 

More and more teams are coming to rely on apps that help them coordinate and collaborate at work. Perhaps the most prevalent is Slack, the increasingly omnipresent messaging and collaboration platform, but this category also includes virtual workspaces like SharePoint and filesharing and syncing apps like Dropbox. These tools are great for productivity, but they open another attack surface. "As more organizations adopt these essential applications, they are inadvertently expanding the number of channels that hackers can leverage to distribute malicious content," says Yoram Salinger, CEO of cybersecurity-as-a-service provider Perception Point. And since many are web-based or cloud services that are installed by individual business units without consulting IT, they often fly under the radar when it comes to security.

To continue reading this article register now

SUBSCRIBE! Get the best of CSO delivered to your email inbox.