Organizations can no longer think of information security and operational risk as two separate things. IT no longer just supports the business, but increasingly is the business. The best way to defend against threats is with a structured, enterprise-wide risk-management strategy that includes well-defined governance and policies, and no single point of failure.

Information security and operational risk converge

1

Rather than waiting to have their hardware systems attacked, smart organizations should take three defensive actions: stay current with the latest announcements from hardware suppliers, stay current with patching, and automate as many repetitive processes as possible.

Hardware attacks proliferate5

In past 20 years, almost every computer chip manufactured was affected by vulnerabilities to Meltdown and Spectre5

Adversaries become more elusive once they’re actually in the network. So organizations will look to new tools and new ways to bait attackers just to the point where they become detectable. By tricking criminals into going where they’re observable, organizations can profile the criminals and detect what they’re after.

Cyber security learns counterintelligence 7

31% Compound annual growth rate predicted for AI-security sales worldwide, 2018 to 2025 7

Zero Trust is catching on as remote employees and partners need access to corporate systems and data from a wide range of devices. However, many organizations have simply shifted trust from the network to user devices in the belief that devices can authenticate themselves, leading to complacency.

Zero trust = no trust?2

1.65Number of smartphones predicted to ship worldwide in 20222

billion

Many organizations will realize that when it comes to compliance with Europe’s General Data Protection Regulation (GDPR), they haven’t yet done enough. Organizations should take a proactive approach to GDPR, re-evaluating their compliance posture now.

GDPR’s ripples spread 4

€20 or 4% of an organization’s annual revenue, whichever is higher: Maximum GDPR fine per violation4

million

Criminals will continue to refine their operating models, hoping to take advantage of endpoint access. Calibrating against traditional attacks will no longer be enough. Security staff will have to prepare for social-engineering attacks. And organizations should install threat-intelligence capabilities to help spot new attack methods.

Criminal attack models gain sophistication 6

90%Year-on-year increase in the number of malware attacks against businesses in 20176

1 in 10 Number of cyber security jobs held by women3

84% Percentage of North American CISOs who believe cyber security breaches are inevitable1

Learn more at dxc.technology/security19

#SecurityPredictions2019

About DXC Technology• Leading independent, end-to-end IT services

company

• Global security operation centers on 5 continents,supporting clients in 70+ countries

• Full suite of cyber security services and solutions,including advisory services, security operations andrisk management

• 4,000+ security and compliance specialists

• Blueprints for rapid deployment

• Proven cyber-reference architecture

8

The world’s geopolitical balance is shifting, and that will affect attribution, the act of publicly naming a nation-state believed to have conducted an attack. Until recently, most attributions were made by Western nations against non-Western nations. However, this will change. Amid the uncertainty, organizations can and should ensure that they have robust defenses in place, especially for post-breach detection.

Attributionleads to tit for tat

Pricingsuffers commoditization

9141+ Number of U.S. companies believed to have been attacked by a Chinese military-affiliated group, Comment Crew, between 2006 and 20109

Ransomware is giving way to out-and-out blackmail. Blackmailers steal incriminating data, such as photos, email messages and personal data, then threaten to make the information public unless the victim pays them an extortion fee. Enterprises should ensure they have playbooks for dealing with blackmailers. What’s more, these plans should be tested regularly.

Extortion evolves 10

46%Annual increase in the number of ransomware variants seen in 201710

Digital technologies deliver useful innovations, but they can also help criminals. Make sure you’re ready for new threats by staying on top of these 10 security trends anticipated by DXC Technology’s experts and partners.

1 Survey Finds That 84% of CISOs in North America Believe Cybersecurity Breaches are Inevitable,”StreetInsider.com/, May 24, 2018.

2 “Worldwide Smartphone Volumes Will Remain Down in 2018 Before Returning to Growth in 2019 and Beyond,” IDC, May 30, 2018.

3 “The 2017 Global Information Security Workforce Study: Women in Cybersecurity,” Frost & Sullivan, 2017.

4 “Fines and Penalties,” GDPR EU.org, accessed Dec. 1, 2018.

5 “Spectre and Meltdown explained: What they are, how they work, what’s at risk,” CSO.com, Jan. 15, 2018.

6 “Malwarebytes Annual State of Malware Report Reveals Ransomware Detections Increased More Than 90 Percent, Malwarebytes, Jan. 25, 2018.

7 “Artificial Intelligence in Security Market to Mark a Revenue of USD 34.2 Billion by 2025, Growing at a CAGR of 31.2% from 2018 to 2025,” SBWire, Oct. 22, 2018.

8 “Gartner Forecasts Worldwide Information Security Spending to Exceed $124 Billion in 2019,” Gartner, Aug. 15, 2018.

9 “McAfee Discovers New Cyber Espionage Campaign Using Source Code from Chinese Hacking Group,” McAfee, October 17, 2018. 10. “2018 Internet Security Threat Report,” Symantec, March 2018.

10 “2018 Internet Security Threat Report,” Symantec, March 2018.

The security workforce, historically lacking diversity, is becoming more inclusive. Diversity improves our communities, strengthens our organizations, and helps drive positive social change around the world. It also can help organizations attract, hire and retain the best employees. Diversity fuels innovation and business.

3Diversity enriches the security workforce

Differences among security products are fading, while the number of competing suppliers is increasing. The net result? Suppliers of security products have little choice but to lower their prices. Managers should review their current contracts, looking for opportunities to save money.

Amount predicted to be spent worldwide on information-security products and services in 20198

$124 billion

10 top security trends for 2019

© 2018 DXC Technology Company. All rights reserved. MD_9388a-19. December 2018