Writing in Forbes, Bob Bruns, CISO of leading business anaytiscs firm Avenade has picked out the the five things that he thinks will play a pivotal role in Cyber Security in 2019.
As Avanade Chief Information & Security Officer, Bob Bruns is responsible for Avanade’s internal enterprise technology and for delivering the technology capabilities that power the company’s people and operations worldwide. In addition, he is responsible for Avanade information security, client data protection, incident management, asset protection, and business continuity programmes. As CI&SO, Bob and his teams work with clients to ensure we meet their information security obligations.
Analytics and Automation:
The intelligent enterprise of the future will use artificial intelligence (AI) and machine learning to evolve, mature and even disrupt current business practices to get more effective results. Cybersecurity is an area that is ripe for the machine learning evolution where we can take massive sets of data, analyze them, and take action in an automated way or recommend action through insights and patterns developed over time. Protecting against ransomware is a good example of this and is an area that is maturing quickly, as organisations will use AI to identify attempted attacks and problem-solve ways to proactively protect themselves before they even get to the targeted person(s).
Cloud and Hybrid Environments
Security concerns used to keep organisations out of the cloud. Now, security is one of cloud’s strongest selling points. There are many reasons for this, including, the sheer ability for these large providers to invest at a magnitude and pace that few consumer companies might be able to. Many companies simply can’t afford to keep up. Another reason is the ability of big providers to aggregate and make use of massive sets of data to identify and address threats. Effective machine learning requires significant amounts of data, and nobody has access to more data than aggregate providers of cloud services.
On the other side of this, it also creates aggregated risk and a higher-profile target, which obviously needs to be managed through leading and innovating. Hybrid environments do create some complexity here as well, which is likely where most companies are today. This will be a continued focus for organisations in the coming year. We need hardware to work seamlessly with software across a variety of platforms to move data securely. That means embedding security controls into applications and data to secure them inside and outside the organisation. Building in security from the start should be the default will be a key skill for anyone developing in or managing hybrid environments.
Preparation for the General Data Protection Regulation (GDPR), the EU’s strict set of regulations on handling personal data, exposed some gaps and opportunities for organisations to develop more robust security practices. While GDPR is aimed at protecting people’s personal information and identities, individuals remain vulnerable, largely due to our reliance on passwords. We need to evolve beyond passwords to create a new perimeter and safeguard around one’s identity. Imagine how eliminating passwords would change hackers’ ability to do harm or compromise a person’s identity.
Biometrics will be a key next step, and it’s a form of technology we as consumers are already used to. Many of us are already using our fingerprints or our faces to unlock our smartphones. But in 2019, I think we’ll see the need to think beyond that and include other control points like using contextual controls such as location to determine if someone is really who they say they are.
As we see the Internet of Things (IoT) as a top priority across many businesses, we need to think carefully about how we secure devices and information. There are now electric toothbrushes that track the way you brush and provide analytics sensors to improve your brushing habits.
While you might think no one is really going to do anything nefarious with your tooth-brushing habits, this is still an IoT device that can be compromised through a variety of means, including required firmware updates, which could give bad actors a front door to other information.
According to Symantec, the number of IoT attacks increased 600% in just one year, from 2016-2017, and that risk will likely continue to accelerate. The relevance also changes when you think about applications on your phone and how a breach in one app could expose all sorts of personal or private information. We need to secure applications and data. Embedded security might be the answer here, too, and I expect to see some major movement in the secure-by-design space across the IoT industry.
The previous four items are about protecting ourselves and our businesses, but we are also seeing a growing trend of governments stepping into the cybersecurity arena with an agenda of their own. Europe has GDPR. China is likely to come up with its own regulations on data privacy and security. Within the United States, while federal regulations seem unlikely in 2019, there is movement is afoot within state legislatures. This year will probably bring the first wave of litigation around GDPR enforcement. Enterprises that are thoughtful and organised now with a strong governance, risk and compliance program to address the evolving regulatory environment will ultimately create time and capacity to focus on their customers and their core business.
In the end, cybersecurity is an area where the best interests of business, customers and government need to align. Together, we can continue to leverage the latest innovations to make the digital world a safe place to be.
Source: Cyber Security Intelligence