As employment rates hit all-time highs, human resources offices are looking to technology to help with the burden of managing employees, benefits and business operations. According to Gartner, “by 2025, at least 50% of large enterprises in service-centric industries will successfully implement an ‘all in’ cloud SaaS strategy.”

Advances in these software platforms give HR departments more control over how to tailor the technology for in-house best practices. At the same time, the software platform must be secure because HR handles the most sensitive data within any organization.

Factors to Consider When Purchasing HR Software

For your HR software to be most effective, you need to onboard the right platform for your needs. Consider the following:

On Premise or Cloud

On-premise or cloud? Do you want – or need – a platform that is installed directly onto computers and can be used only by specific users on a limited network? Or do you prefer cloud-based software that can provide more flexibility in access?

Tasks Required

What tasks do you need performed? There are different software platform options available, depending on the type of tasks you will be running. While some software platforms are comprehensive, others are very task oriented. Options include Human Resources Information Systems (HRIS); Human Resources Management Systems (HRMS); Human Capital Management (HCM); Applicant Tracking Systems (ATS); and Payroll Software.

Tech Support

Technical support. The amount of technical support needed from IT to get the platform up and running, and then maintained, as well as the tech expertise of the users, should be taken into consideration.

How It Fits Into the Overall Strategy

How will the software platform fit into overall business operations? The software should meet the mission of the organization and streamline HR processes for everyone while improving the communication between HR and staff.

Key Features for HR Software Platforms

Cloud/Mobile Platform Capabilities

Accessibility from any type of device is a vital factor in any HR platform. The system will be accessed by workers in the office or by telecommuters; an update by an employee must be readily accessible to HR. The platform should offer a cloud-based system compatible with multiple operating systems/devices, with mobile applications available for easy download.

Personnel Tracking

HR software should allow for tracking all the pertinent information about each employee, from their SSN to contact information to past employment records.

Learning and Development

This HR function should work in tandem with performance management functions to schedule employee training, track completion and certifications, and budget expenditures involved.

Compliance Regulations

HR software shows how the company should meet privacy regulations, from GDPR to CCPA and beyond, ensuring employee personal information is kept safe and secure while allowing the organization to have a smooth flow of operations.

Performance Management

HR software allows for monitoring of each employee’s performance data.

Benefits Management

HR software allows for tracking of vendors and their benefits and the different packages offered, as well as expense monitoring.

Time Management

The HR software is aligned with company policies to manage employee work schedules and vacation time, calculates overtime, and ensures budgets are matched with the right projects in accurate time intervals.

Top HR Software Platforms and Vendors

Kronos Workforce Central

Kronos is one of the most established HR software platforms available, engaging employees and increasing productivity. Workforce Central allows managers to have more control of data-powered decisions. Centralized solution.

Cloud/Mobile Platform Capabilities: Unified cloud solution. Mobile apps for iPhone, Android, Windows.

Performance Management: Ability to track workforce trends and productivity.

Time Management: Offers tools to monitor and enforce absentee policies and flags concerns like late/early punch in, missed breaks, or other time-management policy violations with real-time email alerts.

Pricing: Contact company

Oracle HR Analytics

Oracle’s software suite analyzes staffing needs and productivity and management, as well as designs accurate compensation packages to match employee outcomes. Employees are able to easily track their performance on the system. The platform offers AI and ML to assist with recruitment.

Cloud/Mobile Platform Capabilities: Cloud-based platform

Personnel Tracking: Provides workforce reporting and visibility into new hires and retention.

Learning and Development: Allows HR to assess learning opportunities, rate their effectiveness and monitor employee enrollment.

Time Management: Monitors paid time off and absences and tracks trends in employee attendance.

Pricing: Contact company

Zenefits

Online dashboard setup gives everyone – HR, management, and employees – a single place to manage their work life, including payroll, benefits and paid time off. High ease of use and easily connects all aspects of HR processes and systems into one location. With a mobile-first platform, it is ideal for very small companies. Three plans to choose from.

Cloud/Mobile Platform Capabilities: Mobile-first platform

Performance Management: Provides templates for performance reviews, goal management, tools to encourage collaborations and set up one-on-one meetings.

Benefits Management: Simplified benefits management through online portal

Time Management: Can create PTO policy accessed and managed on the online portal.

Pricing: Starts at $8/month/employee, depending on package

BambooHR

Popular software platform for SMBs that tracks applications and provides on-boarding tools for new hires, and easy paid-time-off tracking and performance management for current employees. It has the capability to sync with other HR software. Offers e-signatures and a user-friendly interface – no need for an account manager. Has two package levels.

Cloud/Mobile Platform Capabilities: Offers cloud and mobile platforms, as well as web-based.

Personnel Tracking: Offers onboarding and offboarding solutions and an employee database that tracks all information on file for each employee.

Performance Management: Offers questions to encourage employee activity and engagement and reviews performance in an objective manner.

Benefits Management: Centralized database that manages up to 12 different types of benefits.

Time Management: Online time tracking for employees with easy to manage time sheets.

Pricing: Per employee pricing depending on the package type; under $10/employee

UltiPro

Cloud-based solution designed to improve the overall employee experience with people-focused results. Security-based features are a plus for those companies managing multiple subsidiaries. There is a learning curve with this platform, but offers an online learning center.

Cloud/Mobile Platform Capabilities: Cloud-based solution. Mobile offerings.

Personnel Tracking: Allows HR to track human capital management information.

Learning and Development: People-centric approach to learning access.

Compliance Regulations: Navigates ACA compliance issues and updates with changes in legislation.

Benefits Management: Intuitive benefits management and sign-up

Time Management: Time tracking capabilities

Pricing: Contact company

15Five

This is a performance management solution that requires weekly check-ins from employees to track goals and ensure employees are meeting objectives from evaluations. The name comes from the idea that employees will check in for 15 minutes each work day. Allows employees to drive their performance goals and tasks and offers management improved direction on how much guidance to provide.

Cloud/Mobile Platform Capabilities: Cloud and mobile platforms

Performance Management: Focuses on Objectives and Key Results (OKR) goal-setting process, self-review process.

Pricing: $7/month per user

SentricWorkforce

Handles all aspects of human resource tasks, from benefits management to payroll to employee lifecycle through a cloud-based system. Easy for employees to learn and no storage worries. Geared toward mid-sized companies and can be customized to the organization’s specific needs.

Cloud/Mobile Platform Capabilities: Mobile platforms

Personnel Tracking: Manages employee profiles

Learning and Development: Color-coded course tracking and training resources

Compliance Regulations:  Manages compliance issues like ADA.

Performance Management: 360 review process and customized performance evaluations

Benefits Management: Can match people to the right benefits package and manage life events affecting benefits.

Time Management: Uses different time tracking tools like punch-clocks or biometrics.

Pricing: Contact company

Optimum HR

Employee records are updated once and then applicable across the system on software designed for both Windows and IBM i (AS/400, iSeries, and System i) as well as a cloud-based SaaS solution. Specializes in companies with more than 100 employees and in government reporting tasks.

Cloud/Mobile Platform Capabilities: Cloud and mobile platforms

Personnel Tracking: Provides onboarding, salary benchmarking, background checks and employee database for staff management.

Benefits Management: Partners with insurance carriers to manage benefit costs and packages.

Pricing: $10,000 one-time fee

Namely

SMB-targeted HR software to handle all HR-related tasks, from benefits to payroll to talent management. Offers in-person, live online, or documentation-based support. Can customize reports, either in-house or through Namely tech support. Handles the employee promotion process in one location rather than relying on email chains and multiple in-person meetings.

Cloud/Mobile Platform Capabilities: Web-based platform

Personnel Tracking: Offers a social news feed and organizational charts.

Compliance Regulations: Manages compliance issues.

Performance Management: 360 performance reviews

Benefits Management:  Offers automatic benefits enrollment and paperless documents.

Time Management: Tracks requests for paid time off and time clocks.

Pricing: Contact company

Zoho People

Zoho People is a comprehensive online HR offering. Offers a secure self-service portal for employees to access and modify their personnel information. With 360 insights, management can work with employees to identify and reward performance.

Cloud/Mobile Platform Capabilities: Cloud and mobile platforms

Personnel Tracking: Case management tool to answer employee questions, automates HR tasks.

Performance Management: Simplified performance reviews

Time Management: Consolidates attendance management from multiple devices.

Pricing: Starts at 83 cents/employee/month

Dayforce HCM

Dayforce is a workforce management suite that specializes in human capital management. The end-to-end solution covers all areas of employers’ and employees’ human resources needs on a single platform. The Dayforce Touch feature handles time management via a tablet-based clock.

Cloud/Mobile Platform Capabilities: Cloud-based platform

Personnel Tracking: Employees can control what information is displayed and notifications to receive. Offers talent management features.

Benefits Management: Handles all types of benefits packages, manages retiree benefits.

Time Management: Dayforce Touch allows employees to punch in and out via a tablet-based time clock.

Pricing: Contact company

Gusto

This HR software platform focuses on compensation and payroll. It provides all the information on one screen for managers to access easily. Brings payroll and benefits into one system and is all customizable. Ideal for small businesses.

Cloud/Mobile Platform Capabilities: Cloud-platform

Personnel Tracking: Integrates HR with payroll and benefits.

Compliance Regulations: Fully compliant with a variety of standards and prepares compliance reviews.

Benefits Management: Integrates all benefits administration tasks and offers dedicated benefits advisers.

Pricing: Starts at $45/month

SAP Successfactors

SAP has the reputation and Successfactors provides the software suite to attract companies of all sizes. The platform handles all aspects of HR on a single dashboard. It also allows access to SAP’s other offerings, as well as other external platforms.

Cloud/Mobile Platform Capabilities: Cloud-based platform

Personnel Tracking: Tracks employees from recruitment and onboarding.

Learning and Development: Offers a variety of learning management features, including built-in course authoring, academic course tracking and gamification tools.

Performance Management: Highlights poor performance issues before they cause trouble to the organization. Targets top talent through AI to weed out bias.

Pricing: Contact company

How to Decide Which Tool is Right for You 

Picking the right tool depends on several factors. A small business with a small HR department and little IT support may want to go with a more comprehensive HRIS or HRMS platform in a cloud format to handle all aspects of the HR process, or they may decide they only need the extra help with payroll. A startup or growing business that is flooded with applications and new hires may opt for an ATS platform. Large companies may appreciate an HRMS with mobile and cloud features that allow employees flexibility to track their hours and benefits, while a company with strict compliance regulations may find that a computer install and limited access is the best option.

The post The Best HR Software Solutions for 2022 appeared first on IT Business Edge.

I’ve been hearing a lot of chatter about 5G as we approached 2019. It certainly had a lot of buzz at CES this month, as CNN reported we should see the first 5G smartphones on the market by the end of the year, ready to connect as 5G comes online in 2020. A Forbes article added that we can expect 60 million devices with 5G by 2020, with 2019 focusing on “future-proofing devices to ensure they’ll work with the technology.”

Despite the bold predictions and general excitement from CES’s vendors, the actual rollout will likely be slow, beginning first in large metropolitan areas before spreading out nationally and globally, as Sascha Giese with SolarWinds explained in email commentary:

Low frequency will be deployed first, but there will be a time delay, similar to when we all bought phones with LTE capabilities years before the benefits were fully available. In the year ahead, we predict there will be a growing awareness that while 5G innovation exists, the infrastructure will need significant time and investments to catch up.

That slow rollout may not be a bad thing, because just as sure as 5G is coming, so is a new level of security worries. As Laurence Pitt, global security strategy director with Juniper Networks, pointed out in an email statement, 5G will make our connections faster and easier . . . for hackers to break in, adding:

Regardless of the purpose of the device, any device connected to 5G has the potential to become a target for hackers – even if it runs on a secured 5G network, it is still a wireless device and therefore available as a target for a breach. The growth of 5G means that the industry needs to be considering how to have an effective security posture and a solid foundation of security before these new networks are deployed.

5G will likely be a powerful asset to business operations, but is your security going to be able to keep up with it? As James Willett, vice president of Technology at Neustar, said to me in an email, in tandem with the advent of 5G is the rise of IoT within the workforce. We need to expect to see new threats targeting both of these technologies. It isn’t enough to add the new technologies, but your employees need to be prepared to recognize and address security threats. 5G could be such a game changer on the security front – and not in a good way – that Willett added:

… even an organization that “does everything right” to combat threats posed by 5G could still be impacted just as easily as those that are less security savvy.

5G and its impact will definitely be high on any list for 2020 security predictions, but talking about it in 2019, with predictions of 5G devices on the way, gives organizations the opportunity to be ahead of the game and addressing security now, rather than after the hack.

Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom’s Guide. You can reach Sue via Twitter: @sueporemba

The post 5G in 2019: Are We There Yet and Will It Be Secure? appeared first on IT Business Edge.

The supply chain has garnered a lot of conversation over the past couple of years, and that conversation is ramping up as blockchain begins to play a major role in the supply chain infrastructure, especially in terms of security. As CyberArk Labs head security researcher, Lavi Lazarovitz, said in an email comment:

Blockchain will transform the supply chain in 2019. Following allegations of nation-states targeting the supply chain at the chip level to embed backdoors into both B2B and consumer technologies, organizations will embrace blockchain to secure their supply chains. The distributed nature of blockchain makes it well suited to validate every step in the supply chain – including the authenticity of hardware and software.

Blockchain as a way to improve supply chain security is a major prediction for the coming year, because I’ve seen a lot of commentary surrounding cybersecurity and the supply chain, a lot more than I’ve ever seen in the past. Lazarovitz also pointed out that we should expect to see increased attacks on the supply chain, which is why the need for blockchain to transform its security is vital.

Another reason to believe that supply chain security will take on greater urgency in 2019 – NIST developed a new framework focusing specifically on supply chain security. A Bitsight blog post explained:

The framework recommends that organizations identify the most high risk suppliers, incorporate cybersecurity into contracts with those suppliers, and regularly assess and monitor the cybersecurity posture of those suppliers.

Cybercriminals are more frequently using those third parties as a way to get to a bigger prize, according to Maxim Frolov, managing director of Kaspersky Lab North America, but those smaller companies that were hit with supply chain cyberattacks were just as adversely affected. Frolov offered this bit of predictive advice in an email comment:

While both software and hardware supply chain attacks are already a reality, we believe to see more of them in the future — and organizations will need to come up with new approaches, including more strict requirements for service providers, hardware and software makers to reduce the risks.

There have always been concerns with third-party suppliers and cybersecurity, but as they become a more integral part of organizations and technology advances, expect criminals to take more advantage than ever of supply chain weaknesses. It will be interesting in another 12 months to look back and see if blockchain really does supply the security answer for supply chain protection.

Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom’s Guide. You can reach Sue via Twitter: @sueporemba

The post Supply Chain Security to Become a Higher Priority in 2019 appeared first on IT Business Edge.

Data privacy was the buzz phrase of 2018, a year when the letters GDPR were rubbed off my keyboard because I’d typed them so many times. But that was last year. What do experts think will happen in 2019 when it comes to data privacy?

“In 2019, privacy will continue to be an area of focus for the global market, as new regulations such as ePrivacy start to be fleshed out and additional regions such as the U.S. look to implement their own data privacy laws, all of which could have global financial impact,” said Mounir Hahad, head of Juniper Threat Labs, Juniper Networks, via email.

One thing is that we can expect more legislation surrounding data privacy. In fact, expect data protection legislation to influence societal expectations on security, which will trickle down to companies and their supply chains, according to Geoff Forsyth, CTO at PCI Pal.

“Consumers have always felt protective of their data, but with new legislation redefining the data landscape, consumers have grown more confident and firmer in demanding their data be treated with respect, that its uses are kept visible and clear, and that it is used only as they agreed,” Forsyth said in an email comment. “The pressure these new societal expectations will exert cannot be overstated, both on public-facing companies and through them all the way down their supply chains.”

Security and Privacy Will Merge

We’ve already begun to see a convergence of security and privacy; data privacy and data protection are separate but equal in this privacy-centric outlook. Consumers and employees – everybody, really – are paying more attention to how well organizations protect data and ensure data privacy. According to network security expert and Portnox CEO Ofer Amitai, expect to see more companies seek guidance and solutions to keep up with all the new compliance regulations.

However, privacy will take priority this year, as organizations adopt a “Privacy First” approach, Don Foster stated in a Commvault blog post. But he doesn’t anticipate adopting this approach will be easy. “The challenges these enterprises will face as they seek to integrate data privacy best practices into their existing applications, as well as new mobile, IoT and other applications, will be significant,” he wrote. “Enterprises will need AI-powered, automated, outcome-driven data management solutions to address these challenges if they hope to implement strong data privacy policies without sacrificing productivity or agility.”

GDPR at a Year

A personal prediction: In May, there will be countless evaluations of GDPR as the regulation hits its first anniversary. Okay, that’s not a difficult prediction to make because we’re already seeing evaluations of how GDPR has been working. Luther Martin, Micro Focus security technologist, predicted that GDPR will be impossible to enforce as we move forward. There has been a lot of chatter about enforcement and whether the fines will work as a deterrent. But Martin said the fines will be almost impossible to enforce because of political considerations or established laws and regulations.

“In the U.S., for example, 26 USC Sec 891 of the Internal Revenue Code allows the U.S. to arbitrarily double the taxes of business or individuals from countries that unfairly discriminate against U.S. businesses in certain ways,” said Martin. “It’s likely that levying large fines against U.S. tech giants for failing to comply with the GDPR would trigger Section 891 penalties, allowing arbitrary retaliatory doubling of taxes on EU businesses and citizens.”

Expect other countries that don’t already have such laws about penalties against large enterprise to come up with some, rather quickly, because it will be politically expedient to do so. Countries without similar laws, said Martin, will be at a disadvantage, “leaving the world in a situation where all of the privacy laws that assert control over their citizens’ data, no matter where the data is stored or processed, are rendered ineffective against businesses from more powerful countries.” Or, in other words, countries required to enforce GDPR could find themselves between a rock and hard place trying to get organizations in countries like the U.S. and China to follow the regulations and pay the fines.

Even so, researchers at NordVPN think that GDPR has put such an important spotlight on data privacy that we’ll continue to see the trend of more countries outside of the EU and more U.S. states coming up with data privacy laws and regulations. And that’s important, these researchers added, because too many of us are frustrated with the way big tech has handled personal data. Consumer trust, the researchers predicted, will play a major role in how big tech goes forward in their internal data privacy policies.

PJ Kirner, CTO and founder of Illumio, thinks that big tech and other organizations will take data privacy more seriously, and insist that these policies are followed by their vendors. “If a third-party vendor is managing critical data and systems, enterprises will increasingly require these vendors to adopt their internal security standards, Kirner said. “For example, we are already seeing the largest financial institutions executing this practice with the law firms that handle their eDiscovery, regulatory response, M&A, and IP-related transactions. I think we’ll see more organizations push their policies to their vendors in 2019 because they’re starting to recognize the value of consistent and transparent security protocols across the digital supply chain. Not only will this provide peace of mind, it will also increase efficiency, streamline operations, and allow best practices to be shared.”

Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom’s Guide. You can reach Sue via Twitter: @sueporemba

The post Experts Predict How We Will Approach Data Privacy in 2019 appeared first on IT Business Edge.

Will 2019 be the year there is a big push for consolidation between open source and cybersecurity?

Yes, said Sanjay Beri, CEO of Netskope, in an email comment. IBM’s acquisition of Red Hat could prove to be the game changer in how organizations approach security. Beri added:

In 2019, smaller security vendors will be snapped up because of several factors – for talent/acquihire purposes, for a company’s underlying technology, to boost sagging toplines of legacy security or networking vendors trying to modernize themselves, and more.

Also, expect open source to re-energize stagnant security systems at the enterprise level. They might actually see open source as an alternative to the legacy architecture that isn’t keeping up with today’s threats.

Albert Ziegler, data scientist at Semmle, reached out to me with two interesting takes on how open source will be a cybersecurity driver this coming year. First, he said, code quality will be tied to security, and this is tied back to Beri’s thoughts of how acquisitions of smaller companies will play out:

Developers have long realized that open source logically can make code more secure, simply because more people are analyzing the code. For example, Microsoft’s acquisition of GitHub this year portended its status as the world’s largest contributor to open source projects on GitHub, a strong indicator that the world’s most influential companies value code quality. This critical mass will take hold in 2019, and more companies will embrace open source to improve quality of their code.

Second, Ziegler predicted that we’ll see a rise in developer awareness of security. In his conversations with developers, he has noted the increase in conversation about cybersecurity and vulnerabilities in code development. Awareness in this area is a good thing, but awareness doesn’t equal a problem solved. New vulnerabilities continue to be introduced at a higher volume than old vulnerabilities are fixed. Hopefully, as the developers are more aware about vulnerabilities, they’ll be able to address problems before they become serious risks.

Finally, with all of these acquisitions and open source becoming a more important player in security, expect enterprise to develop stronger open source policies, according to Juniper Networks’ VP of Enterprise and Cloud Marketing, Michael Bushong. The policies will cover procurement practices to supply chain.

I’ve been writing about security predictions for a long time, and this is the first I recall open source mentioned in such significant ways. We’ll see if these acquisitions and enterprise turning to open source to address security ends up as a trend in 2019.

Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom’s Guide. You can reach Sue via Twitter: @sueporemba

The post Expect to Hear More About Open Source’s Role in Security appeared first on IT Business Edge.

At the end of last year, when I wrote about 2018 trends, I noted that technologies like AI and ML were definitely popular buzz terms, but as for their potential in cybersecurity, they were most useful in helping to decrease the skills gap.

But that was last year. As 2019 gets under way, AI and ML continue to generate a lot of buzz. Pedro Abreu, chief strategy officer with ForeScout, said we should expect the use of the technologies to be a major player in the skills gap, with an improved collaboration between humans and machines, or intelligence automation. Malcolm Harkins, chief security and trust officer at Cylance, agreed, adding that AI and ML allow organizations to gain better control of their data with improved classification. Harkins added in an email comment another way we’ll see AI and ML affect cybersecurity in 2019:

Companies are also beginning to automate penetration testing, allowing pen testers to work on more unique or advanced red team/pentests. Additionally, these automated processes allow for control validation, which lowers costs and provides researchers with a higher degree of assurance. In order to keep up with this rapid growth, traditional companies will need to accommodate automation by further developing their solutions or seeking integrations with new automation-focused industry vendors.

AI will also help with identity verification, according to fintech and identity expert Sunil Madhu. Writing for the Socure blog, Madhu wrote:

While Artificial Intelligence (i.e. neural network technology) will not become more prevalent in production environments for identity verification in the short term, the technology will become much more involved in the development of production models.

However, not all of the cybersecurity predictions surrounding AI and ML are positive. The bad guys are also eyeing the technology. Avira predicted that cybercriminals will start using AI as a way to generate more targeted yet stealthy attacks. Also, added Ivan Novikov, CEO of Wallarm, as the technology becomes more sophisticated, the chance of vulnerabilities increases. We know from experience, where there are vulnerabilities, there are hackers waiting to exploit them. So in 2019, while we can expect AI and ML to make a greater impact on addressing security within our organizations, we should also anticipate the technologies to be used to generate new and harder-to-detect attacks.

Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom’s Guide. You can reach Sue via Twitter: @sueporemba

The post Is 2019 the Year for Human-Machine Security Collaboration? appeared first on IT Business Edge.

Cybersecurity predictions are both a fun and useful exercise. Fun because you get to see what different researchers and companies are focusing on, and useful because they provide guidance for organizations in the way they approach their internal security. Admittedly, most security predictions are, well, predictable, following on cybersecurity trends that were seen during the months before. As someone who sees a lot of predictions, I can tell you there tends to be a lot of overlap (again, why they are so important for organizations) and, while they are not all identical, you can see patterns.

But every once in a while, a prediction jumps out at you as surprising or rather obvious (as in, how did no one else make this prediction). This piece looks at some of these predictions, things that especially caught my interest enough that I’ll likely follow them to see how accurate they turn out to be.

Of course, the most important thing to remember about any of these predictions is the ability to prepare for and defend against potential cyberattacks. “Cyber criminals are continuing to reshape the threat landscape as they update their tactics and escalate their attacks against businesses, governments, and even the infrastructure of the internet itself,” said Corey Nachreiner, chief technology officer at WatchGuard Technologies. “Organizations of all sizes need to look ahead at what new threats might be around the corner, prepare for evolving attacks, and ensure they’re equipped with layered security defenses to meet them head-on.”

That said, here are some of the more interesting cybersecurity predictions for 2019.

Nation-State Focused Attacks

WatchGuard Technologies mentioned two predictions that involve state-sponsored attacks. First, they predict that escalations in state-level cyberattacks will force a UN Cyber Security Treaty. “The UN will more forcefully tackle the issue of state-sponsored cyberattacks by enacting a multinational Cyber Security Treaty in 2019,” said Nachreiner. As more nation-state attacks are launched and more civilian victims are impacted, WatchGuard predicted the UN will pursue a multinational cybersecurity treaty that establishes rules of engagement and impactful consequences around nation-state cyber campaigns.

Also, WatchGuard predicted that a nation-state will launch a “fire sale” attack. This would be an incident that seems to come straight from Hollywood. In the Die Hard movie series, Nachreiner explained, a “fire sale” was a fictional three-pronged cyber-attack. It targeted a government’s transportation operations, financial systems, public utilities and communication infrastructure. The goal is to strike fear into the citizenry while allowing the bad guys to steal huge sums of money. “Modern cybersecurity incidents suggest that nation-states and terrorists have developed these capabilities, so 2019 may be the first year one of these multi-pronged attacks is launched to cover up a hidden operation,” added Nachreiner.

Another nation-state-related prediction warns of a convergence with organized crime. “In the past, organized crime played a significantly larger threat to the industry than nation-state attacks as the rise in opportunity and capability brought organized criminals into the arena,” said Jason Haward-Grau, CISO at PAS Global. “In 2019, dangerous nation-state alliances will be formed or further cemented, and these groups will leverage organized crime to gain critical insights that are worth far more than the previously coveted financial gains, whilst nation-states will develop the capabilities and deniability that these alliances bring.”

The Advent of Skill-Squatting

According to Laurence Pitt, global security strategy director with Juniper Networks, we can expect skill-squatting to become a legitimate threat. “With more and more voice assistant-powered smart speakers entering the home, ‘skills’ – verbal commands that instruct the assistant to perform a task – are also becoming increasingly commonplace,” he explained. “Skill-squatting is a new threat where a skill is developed to look for certain statements and then re-direct them before running the requested command.” For example, a request to “play some music in the kitchen” could be overtaken to first extract a user’s Wi-Fi information, home network and possibly password, before running the usual command, so the user never knows their information has been stolen.

Cloud App Wars Grow Fiercer While Cloud and Security Vendors Play Nice

Expect the cloud wars to get more intense in 2019, said Sanjay Beri, CEO of Netskope. “It’s healthy competition as a variety of new use cases are made possible by the adoption of multi- and hybrid-cloud, with customers typically opting for multiple vendors versus just one,” he added. That means your security and IT teams need to take a more cooperative approach with cloud vendors. “IT teams will need to ensure that the organization’s application and infrastructure vendors are working alongside one another, and have even more shared responsibility to ensure that physical security and beyond are adequately accounted for — and most importantly protected against cyberattacks,” Beri added.

Breaches Aren’t Equal

It’s easy to think that a breach is a breach is a breach. But in 2019, we’ll see a shift in that attitude, according to Shuman Ghosemajumder, CTO of Shape Security. Expect organizations to change how they approach data breaches; instead of focusing on size and scope, more attention will be on potency and longevity. “Breach impact will be measured by the overall quality and long-term value of the compromised credentials,” said Ghosemajumder. “For instance, do these assets unlock one account or one hundred accounts? As hacker tools become more sophisticated and spills more frequent, businesses can’t afford to ignore downstream breaches that result from people reusing the same passwords on multiple accounts.”

Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom’s Guide. You can reach Sue via Twitter: @sueporemba

The post Cybersecurity Predictions for 2019 appeared first on IT Business Edge.

I know security experts will scoff at this, but I think a lot of people thought that GDPR and other privacy regulations were going to end large data breaches. (I wasn’t one of those people who thought this, but I certainly heard it mentioned enough in conversation.)

The reality, of course, is that as we come to the end of 2018, we’re still seeing large data breaches. As Carbonite’s CISO, Larry Friedman, told me in an email:

While we continue to gain a deeper understanding of the importance (and implications) of data backup and security, so do hackers. This year, we experienced another level of sophistication from hackers, resulting in far more destructive and intelligent breaches.

These data breaches could be showing a chink in the GDPR armor, as well. There’s a lot of ambiguity about the practical application of the compliance, Zack Shulman, compliance research senior engineer with LogRhythm, told me, and despite the breaches we’ve seen since the end of May, the fines aren’t as bad as threatened. Shulman said:

I’d be willing to bet the fines we have seen represent a significantly smaller number of actual breaches relative to the amount of worldwide breaches that have occurred, and each fine is most likely much smaller than the initial threats of revenue percentage-based fines.

I think Facebook is going to end up determining how successful GDPR is – or if we need to go back to the privacy compliance drawing board. It seems like Facebook has had its share of vulnerabilities and data breach revelations in the latter part of the year, including last week’s announcement that a bug allowed access of millions of users’ photos. Facebook apologized for the inconvenience and then . . . nothing. I thought this would have been the big moment for GDPR, the opportunity for the new regulation to show its bite. But that didn’t happen, as Forbes explained:

The company’s nearly two-month wait to notify data protection authorities after it became aware of the breach, in spite of GDPR’s 72-hour notification requirement, reminds us that GDPR is far more limited than the public understands.

If Facebook isn’t going to have to follow the rules of GDPR, why should other companies? And will Facebook and other companies flaunt the new state privacy laws that are set to take effect in the coming months?

GDPR has done a lot of good things. It has started serious dialogues regarding data privacy and how to better secure that information. It has created collaboration across departments and industries to come up with better security solutions. But unless the largest organizations are forced to comply and meet the standards of these regulations, what we’re going to continue to see is bigger and more devastating data breaches because there is no incentive to stop them.

Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom’s Guide. You can reach Sue via Twitter: @sueporemba

The post Despite GDPR, Data Breaches Still a Problem appeared first on IT Business Edge.

A recent consumer study from Arm and Northstar told us something that most of us already knew – technology is taking over our lives. Two-thirds of the respondents said that technology took on a bigger role in 2018. We want our smart technologies in our homes and we want to live in smart cities. But here’s an interesting point from that survey. While we like the conveniences that the Internet of Things (IoT) provides, we don’t trust them. Seven out of 10 want to see more effort put into improving IoT security.

The popularity and the reliance on IoT has been trending upward for quite some time now, but despite the dire warnings and the raised awareness about targeted attacks, IoT security has flatlined. It doesn’t seem like the people who should take it seriously are doing so. Just the other day, I saw someone post a picture on social media of an ATM that was booting up through Windows XP. The commentary was along the lines of “oh, this looks secure!”

And that’s the problem; It’s not secure. The IoT continues to be filled with all kinds of vulnerabilities and bugs, but we continue to plod along using devices that use outdated software and flawed technologies. It’s surprising when you think about it. As Jonathan Couch, senior vice president of Strategy with ThreatQuotient told me in an email comment, the IoT has been the whipping child of security predictions for the past few years, yet security remains weak:

IoT devices are flooding the market and they are still at that point in the maturity curve where usability is much more important than security. The providers are trying to create and expand a market of users with new and unique ways to automate your life so the focus is on capabilities and being first to market vs. secure automation and investing their limited development resources to doing whatever they do securely.

This means we continue to play right into the hands of hackers, Couch continued, because they want an easy path to your data. The IoT is an easy target.

And it is a target that has moved into your office space, Brandon Thompson, a managing consultant at A-LIGN, told me via email. Employees are bringing in an overwhelming amount of internet-connected gadgets and toys to their offices, and many of these devices rarely (if ever) are properly configured with the security features in place. And again, it comes down to easy access:

This lack of protection can make for an easy entry point for attackers. Once an attacker gains direct entry through an employee’s IoT device, bypassing a company’s primary defenses, they can quickly compromise an environment. This ever-growing threat has contributed to the rise of data breaches in 2018.

Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom’s Guide. You can reach Sue via Twitter: @sueporemba

The post IoT Security: Still Bad appeared first on IT Business Edge.

I had the pleasure of attending several conferences and security-related events over the past year, and once you got beyond the conversations about data privacy and GDPR (because that was clearly the number-one issue on everyone’s mind in 2018), there was a lot of chatter about the use of artificial intelligence (AI) and machine learning (ML) in the cybersecurity space. The feelings about AI and ML are mixed, and that kind of surprised me. There are those who believe the technologies will revolutionize cybersecurity. Then there are those who are convinced that it is overhyped.

From my vantage point, in 2018, AI and ML looked to be most utilized as ways to address the skills gap. Peter Evans, CMO at security solutions integrator Optiv, told me in an email comment that enterprise is turning to the technologies to eliminate manual tasks in security operations, adding:

Many of the tasks executed by the typical security practitioner or SOC analysts are repetitious, in some cases as much as 90 percent of the tasks. This begs for a solution whereby software is the proxy for labor, improving costs, efficiency, and risk response time. Enterprises are still in the early stages of adopting these technologies, but the trend is undeniable: Security operations is moving to an era where “software robots” will execute repetitive and mundane tasks, which will enable operations personnel to focus on higher-level tasks that actually improve security posture.

I think Evans makes a good point here. AI is in its beginning stages. And we aren’t sure where it is going to take us. Michael Nizich, director, Entrepreneurship & Technology Innovation Center/Director, NSA/DHS CAE Cyber Defense Education Program with the College of Engineering and Computing Sciences at New York Institute of Technology, believes that even in this early stage of AI/ML adoption, more solutions are starting to emerge that use some sort of AI to analyze historical logs and to analyze medical device data. On the other hand, Jeff Williams, co-founder and CTO, Contrast Security, doesn’t think that AI is going to get us very far in terms of cybersecurity, telling me via email:

For threats we understand, like SQL Injection, for example, we are better off using strong detection and prevention technologies where we have confidence in exactly what is being checked. For threats we don’t understand, AI/ML also don’t get us anywhere. We need data to train the models that simply doesn’t exist for novel threats. There are some corner cases where AI/ML can be very useful, but it’s not going to fundamentally change security.

So, looking at AI and ML in terms of 2018 security and compliance trends, I’d say that the technologies are generating buzz, but the jury is out on how (or if) they can be most effectively used.

Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom’s Guide. You can reach Sue via Twitter: @sueporemba

The post AI and ML in Cybersecurity: Talked About in 2018, but Jury Still Out appeared first on IT Business Edge.