Cybersecurity Trends: What to Expect in 2018 and BeyondTo combat growing threats, the need for speed will reach critical mass as organizations struggle to contextualize the volumes of data needed to provide the confidence to take action.
By: Jon Ramsey
The last year saw huge spikes in ransomware and threat actors have become even more proficient at lateral movement. Organizations aren't getting breached by advanced persistent threats specifically targeting them – at least for the most part. Opportunistic threat actors are taking advantage of poor security practices that leave businesses vulnerable. With advancing and emerging technologies, we face an increasingly complex landscape to protect, and to successfully defend against threats in the coming year, we must get faster and more confident about what actions will reduce the most risk.
Trend 1: Mounting Exploitation of the Internet of Things
Today a person has two or three dozen sensors on them. A modern-day car has 500 sensors in it, 600 sensors in the modern home, 6,000 sensors in a modern airplane. All of these things are generating information. Cloud computing enables us to connect with all this information and make sense of what's going on. With smart anything, we will be able to control data from both the virtual and physical worlds and make decisions.
Imagine if a threat actor manipulated the data that drove the production of a company's flagship product, and the changes caused quality and customer satisfaction issues. The result would have a huge impact on the company's reputation and financial health. To guard against this type of compromise, first, IoT manufacturers need to assume they are deploying in hostile environments so the devices must be able to defend themselves; and second, the environments need to presume the devices are easily compromised and whoever owns the perimeter must be prepared to prevent someone from getting to those IoT devices. Ultimately it's imperative that we validate and make sure that the confidentiality, integrity and availability of the data in the systems are intact from a cybersecurity perspective.
Trend 2: Increased Reliance on Data Sciences
Speed is always a factor when it comes to security. If the adversary can outpace us, they can outmaneuver us. What complicates the issue is an ongoing industry talent shortage and an exponential growth in data. As online criminals seek to take advantage, we have to better understand what they're doing in a way that gives us the confidence to take action – we have to identify the signal through the noise. This is why data sciences and machine learning will play important roles in how we defend.
In cybersecurity, we're trying to understand ground truth – what the bad guy is actually doing. But identifying a signal through the noise is a challenge in the industry. By using data sciences, we turn what we do today around. When you aren't sure how to find the threat actor (i.e. when you have no signal), instead of humans telling machines what to look for, you need machines telling humans what they think might be happening. If you have to scan an ID badge to get into different parts of your organization, could you tell your security team the details of your last 50 scans? This is where machine learning can give us insights into ground truth, processing large amounts of data to identify anomalies humans can't easily detect.
With the complexities of today's landscape and the growing cybersecurity skills gap, machine learning is critical to resource allocation. When you integrate data sciences into your security program and have machines do what people used to do, you can redeploy human intelligence to focus on bigger, more complex problems.
Trend 3: Fundamental Shifts in How We Deliver Security
Traditionally, a software developer writes a piece of code, then security comes in, scans it for vulnerabilities, and conducts testing and review. It's a long, manual process. DevOps is about continuous integration and continuous deployment, and DevSecOps is about attaching security to that process. There's a perception that security and DevOps are a bad match, and because of how security is delivered today, it is. But think about how we measure security:
- How quickly were we able to deliver a patch?
- How long did it take us to determine we were compromised?
- How long did it take us to respond?
- How long did it take us to remediate?
Like DevOps, security is all about speed, and we now have to modernize its delivery to support a DevOps process. In the next 12-18 months, security is going to experience more automation and will move earlier in the development process. Ultimately, it's about shortening the time to value. Security is not an IT issue – it's a business imperative and security pros need to start thinking like software developers to find ways to automate what we do in a way that allows us to assert that the code is safe.
Risk Reduction Relies on Confidence
The old way of thinking is, “If it ain't broke, don't fix it,” but to be secure, we need to be thinking, “Fix it before it breaks.” Fear, uncertainty, and doubt have led to inaction, and if you're not preventing or responding to something, you're not reducing risk. Orchestration and automation are giving us the ability to contextualize the data so that we have the confidence to act. We're moving beyond adding new security controls for each new threat (defense-in-depth) and investing in data sciences and collaboration that act on observations instead of inferences (defense-in-concert). In the year ahead, organizations will face new challenges, and as we adopt technological advances that help automate our processes, we'll be better equipped to defend evolving environments.