The corporate world was rocked by a number of high-profile data breaches and ransomware attacks in 2018. Juniper Research estimated that the quantity of data stolen by cybercriminals could rise by as much as 175 percent over the next five years. Add to that uncertainties in the global economy and 2019 looks set to be a challenging year for cybersecurity professionals.

1. Operationalizing GDPR

The EU's general data protection regulation (GDPR) requires every business operating in the EU to protect the privacy and personal data of EU citizens. The penalties for non-compliance are high, and the GDPR takes a broad view of what constitutes personal data, making this a potentially onerous duty. An Ovum reporton data privacy laws from July 2018 suggested that two-thirds of businesses consider they will have to adapt their own procedures in order to become compliant, and over half fear they are likely to be fined for non-compliance. A proactive approach to data privacy is also beneficial for enterprises trading solely in the U.S. Will 2019 be the year we see the adoption of a comprehensive federal privacy law in the U.S.?

2. Managing managed and unmanaged devices

As the number and range of mobile devices (both managed and unmanaged) employed by users continues to grow, enterprise networks have had an uphill struggle to mitigate the risks involved. The IoT has linked numerous connected devices, many of which have little or no built-in security, to previously secure networks resulting in an exponential rise in exploitable endpoints. The enterprise needs to come to grips with this trend and assert some control over the use of unmanaged devices and establish clear protocols for managed devices.

3. Take a complete inventory

A survey conducted by Ponemon in 2018 found that even though 97 percent of security professionals agreed a cyber attack caused by an insecure device could be catastrophic for their company, only 15 percent had an inventory of the IoT devices connected to their systems, and fewer than half had a security protocol that would allow them to disconnect devices seen as high-risk. It’s imperative that the enterprise take a proactive approach to this vulnerability. This year we expect to see more companies follow the best practice advice of NIST in establishing a real-time inventory of all connected devices. Not only those employing a physical connection, but also through Wi-Fi and Bluetooth.