Conversations around the strength of a company’s cybersecurity have never been more pertinent. We’re generating more data than we know how to deal with and our digital footprints are rapidly expanding. As the opportunities for cybercriminals proliferate, so their approach matures.
With the cloud continuing to aid digital transformation, and artificial intelligence (AI)/machine learning finally realising their potential, cybersecurity defences are beginning to migrate to a more predictive model – allowing companies to create digital fingerprints of their employees and improving access to data and applications.
But how else will the cybersecurity landscape shift in 2019? And what measures can companies take to stay one step ahead of the bad guys? Dimension Data’s new Technology Trends 2019 report explores seven key areas of focus for companies next year, with cybersecurity playing a critical role.
Here are five trends that will dominate cybersecurity in 2019.
1. Zero trust is maturing into digital trust
Last year, we predicted that organisations would adopt a zero-trust security model. Due to the increasing sophistication of attacks and the emergence of insider threats, IT teams adopted a mindset of ‘we don’t trust anybody’.
This meant verifying the identity of anyone or anything in or outside their network trying to connect to systems or access data before granting access. But zero trust proved difficult to roll out – especially for organisations with legacy networks – and often posed a barrier to employee productivity and customer engagement.
In 2019, digital trust will emerge as the next security model. Zero trust has laid the foundations for digital trust by allowing IT to build a ‘digital fingerprint’ of their users. They established a comprehensive behavioural profile for each user, which includes information such as the devices they use and their location, granting a user access to applications and systems, provided they remain consistent with their profile.
1. Improved threat detection
Digital trust involves the deployment of different tools such as deception technologies and robo-hunters – essentially automated threat seekers. If information regarding a genuine or decoy user is being used on the dark web, organisations will be notified that they’ve been breached. They can then immediately erase the breached digital identities and – through their backup and recovery systems – reinstate the known, accurate version of the user’s digital fingerprint.
An organisation’s repository of digital identities represents a gold mine of opportunity for cybercriminals, so the security surrounding that repository needs to be rigorous.
2. Organisations will focus on cloud-based security platforms
In 2019, cloud-based security providers will begin to gain traction in the security market. Cloud-based security is appealing for the same reasons organisations are drawn to cloud-based services: they’re platform-delivered, flexible, and scalable.
Because they’re built with open application programming interfaces (APIs), security teams can integrate technologies into the platform with relative ease and switch certain security services on or off, depending on their needs.
Cloud-based security is especially important in a hybrid-cloud era, as cloud services have historically presented many security challenges. Often, IT would have no knowledge of new cloud services being switched on or connections being made. But because of the flexibility and scalability of cloud-based security, organisations now have additional visibility and flexibility to scale security across their dynamic IT environments, rather than a static view of the organisation with a defined set of technologies, protecting specific points of the network.
Cloud-based security also allows for more automation and orchestration. With the advent of runbooks (compilations of routine procedures and operations carried out by the system administrator), security practitioners have a knowledge base that gives them a view on what, how, and when to respond to unusual new connections and cybersecurity incidents. It also lets them automate responses where appropriate. Leveraging machines, they can scan the environment for changes, gather and build intelligence back into the platform (and into runbooks), taking action where there is a clear threat.
3. Organisations now aim to be secure by design
For many years, organisations would build technology solutions and then ‘bolt on’ security measures as an afterthought. This would often lead to deployment delays and additional costs. Organisations then shifted towards ‘building in’ security at various stages along the way. The security team was engaged periodically during development, but cybersecurity was still largely tagged on at the end.
This mindset is changing yet again. With business leaders now confident digital is here to stay, they’re recognising they must be secure by design; being cybersecurity-conscious at every point in their digital transformation journey.
Cybersecurity is being built-in as technologies and applications are conceptualised, designed, adopted, and created. DevOps and security operations teams are beginning to work more closely – as a DevSecOps team – creating the tools that enable secure digital transformation.
Encouragingly, cybersecurity is increasingly being seen as an enabler of the business and we expect to see closer collaboration between cybersecurity and all levels of the organisation.
4. Cybersecurity will become intelligence-driven
In a world of fast-moving, automated attacks, intelligence is the key to responding swiftly or even predictively, rather than reactively, to individual threats. Additionally, it will allow an organisation’s overall cybersecurity posture to change dynamically in response to the changing threat landscape.
Machine learning will play a critical role in gathering intelligence. Moreover, machines will start making more of their own decisions and execute changes themselves based on intelligence, to minimise the threat of attacks and human error.
The need for speed
While machine learning is helping organisations to protect themselves, we need to be mindful that cyber criminals are also using machine learning in their attacks.
This is going to let them move much faster. Once malware has infiltrated a network, its decision-making will be instantaneous. It will be able to move laterally within the organisation, across different ports and domains, more rapidly than ever.
This means security needs to be invulnerable 100% of the time. Organisations can’t afford to make one mistake, whereas cybercriminals only need to get it right once. Intelligence is becoming the new arms race between adversaries. That’s why getting ahead of the curve by using predictive intelligence is going to be critical in the year ahead.
5. Tighter regulation is affecting risk profiles
Standards groups, industries, and governments are constantly implementing new security policies. Compliance pressure on organisations has grown in the last year with the introduction of the General Data Protection Regulation (GDPR) in Europe and the Notifiable Data Breach (NDB) scheme in Australia, for example.
Continuous risk profiling will be key
As a result, we expect to see governance and compliance playing an increasingly important role in how organisations manage their risk profile in 2019. If they’re deploying a new application or technology, for example, they will be more critical in their decision-making process. They will need to carefully consider what additional risk it might add and how it will affect their risk posture.
Security operations can be complicated by regulations that lag behind the criminals’ strategies. As criminals keep coming up with new ways to attack, regulation – while necessary and important – can sometimes make security harder. Organisations, many of which have limited IT and security resources, need to find a way to adapt to ensure IT operations are compliant with these new regulations, managing compliance reporting, while still managing day-to-day operations and supporting the business with secure digital transformation and innovation.
A chief information security officer (CISO) has a doubly difficult job – balancing IT operations with concerns about regulatory compliance. This is why we will increasingly see the CISO split into two new roles: the chief information security officer and chief risk officer.
Matthew Gyde is group executive for cybersecurity at Dimension Data.