Hadi Hosn, Secureworks
Amy Blackshawk, RSA
Mathew Long, RSA
Jim Ducharme, RSA
The New Year is here and one prediction that we know will come true: more organizations will be impacted by cybersecurity threats than ever before. The reason being: as more organizations pursue digital transformation initiatives, they’re encountering new, complex risks that are expanding their attack surface.
Looking at what challenges and opportunities are ahead for organizations in 2019, it’s important to remember that whatever threat trends proliferate, business leaders cannot overlook the role security and risk management play in their overall strategy. By not recognizing security as a potential business inhibitor, organizations open themselves to potential blind spots and vulnerabilities that have the ability to hit the bottom line and tarnish brand trust.
To that end, here are the trends our organizations predict for the cybersecurity market in 2019:
Effective Automation Solutions Will Go Beyond One-Size-Fits-All
Automation is a boon for the cybersecurity industry. The ability to automatically process vast swathes of event logs to identify suspicious activity has freed-up an invaluable amount of time and resources, and drastically reduced the number of false positives. Machine learning enables this process to become even more effective.
But automation is nothing without human intelligence and expertise.
This year will likely see an increase in the number of vendors promoting one-size-fits-all solutions that use automation and machine learning. Security professionals should be wary of companies that claim no human input is needed. It takes an experienced security analyst backed by world-class threat intelligence to identify whether or not an event poses a serious threat. Even the most advanced AI security algorithms will not be able to replace human expertise in the foreseeable future.
It’s Time to Consider Securing the “Identity of Things”
From virtual assistants, home automation, to wearables, mobile devices and more, there is no shortage of connected devices that help us get through our day. Within the enterprise: DevOps, continuous development, and dynamic workloads have created more autonomous infrastructure and processes to drive the modern business. The explosion of IoT and IT automation has reached a tipping point where the conversation of identity will take on a whole new meaning. The number of identities associated with things or autonomous processes will dwarf the number of real humans these things often act on behalf of. It’s time to put new security methods in place to deal with the risks associated with these new identities especially as it relates to the most critical areas of identity risk:
- Identity assurance – are these things who they claim to be
- Access assurance – do we understand what they should be able to do
- Activity assurance – are they behaving appropriately
Connected Devices Will Continue to Grow Along With the Need for Standardization
As of last year, there was an estimated 8 billion connected devices in the world. Analyst firm, Gartner, estimate that adoption of IoT devices will grow to 20 billion by 2020. Threat actors now have a larger attack surface than ever before, and it will continue to expand. But worse than the sheer size and scale of the attack surface is the fact that IoT device companies are often not giving security enough consideration.
Additionally, a lack of globally agreed- upon IoT security standards makes life harder for InfoSec professionals. IoT cyber security is such a vast topic that even seasoned security experts are struggling to know exactly what they should be protecting against. A set of global standards would give experts and ordinary security professionals a good grasp of how they should be securing all the connected devices within their IT ecosystem.
Without standard industry regulations, governments and municipalities are developing and enforcing data privacy regulations as an answer to this growing challenge. As consumer concerns grow about data use, regulations such as GDPR are likely to develop across the globe. The compliance landscape will continue to evolve but will also be more risk-based – organizations will need to carry out their risk assessments and control that risk rather than rely on the regulators to roll out a checkbox- based approach to assessments.
The Dark Web Gets Darker
There’s a reason leading cybersecurity companies rarely talk about the dark web: professional threat actors simply don’t do business there. Despite a number of high-profile cases capturing the public’s attention in recent years, the most dangerous cybercrime professionals know the dark web is heavily monitored by law enforcement.
The biggest threats to businesses and organizations are in the murky world that exists beneath the dark web. This year, expect to see highly-organized actors with rigorous operational security, methodical approaches to avoiding detection, and private communication channels execute attacks in shadowy corners.
Yet, there is also a burgeoning community of both novice and mainstream fraudsters that are using popular social media platforms like Instagram, WhatsApp and Reddit to conduct cybercrime. The ease of use and broad availability will make these channels even more popular for cybercrime activity in 2019.
A Lack of Cyber Hygiene Requires Increased Network Detection
Every year, companies learn the importance of basic cyber hygiene the hard way. Expensive cybersecurity tools can be effective when used correctly, but if it takes your company weeks to apply patches, or if your employees rely on weak passwords, then your organization is still vulnerable to some of the most common and effective threats. Poor cyber hygiene leaves the door to your organization’s networks wide open. Good cybersecurity basics cannot guarantee your company will be safe from all attacks, but they make it much harder for adversaries.
As a result of the vulnerability created by humans, the need for network detection is expanding – especially as the number of ransomware and cyber-extortion cases grows. An organization’s Security Operations Center (SOC) needs the right people, process and technology to understand what threats are lurking on the network and how best to respond before critical business data is compromised.
The speed of innovation has opened the world to new opportunities, but has also become a Pandora’s Box of risk. Security savvy organizations are taking the right precautions by making cybersecurity more than an IT priority. Rather, they are making the connection to how a single attack could compromise and impact the business as a whole. In 2019, all businesses need to be thinking like this, and not assuming that simply having the right tools in place will automatically make the organization immune to a targeted, complex attack. The right security posture will require an adequate amount of support from the C-Suite and an investment in people and processes that help make the tools more effective.