What a proactive cybersecurity stance means in 2019

If 2017 was the year of ransomware and 2018 was the year of cryptomining and cryptojacking, what security threat will rule in 2019?

When we consulted security experts, we received long and varied opinions: hackers who employ AI and automation, an ongoing shortage of trained security staff, breaches caused by third-parties, and too many organizations not following basic best practices. The list of threats from those whose job it is to be on the alert for broad trends goes on and on, with no one topic dominating this year.

But the same experts also cited several advanced solutions to the onslaught of threats, such as automated products and managed security services. They also made frequent mention of one more item we'll likely hear much more about -- the increase in the use of proactive cybersecurity tools and techniques. The example that comes up most often is the nonprofit Mitre Corp.'s ATT&CK framework.

ATT&CK stands for Adversarial Tactics, Techniques and Common Knowledge. This huge database contains detailed information about observed methods used in past cyberattacks on organizations around the world. Its value in defense is becoming clearer because of how it enables modeling of likely threats and helps security pros devise mitigation strategies. ATT&CK resources enable security pros to harden their defenses and conduct assessments of their security posture. More recently, the framework has become a means to evaluate specific products and services. In short, it's an excellent proactive cybersecurity tool.

Meeting cyberthreats head-on is no longer a choice; it's a necessity. So let's declare 2019 the Year of Proactive Cybersecurity.