Matthew Gyde, Group Executive – Cybersecurity, Dimension Data, provides his opinion on the top IT trends of 2019.
Trend 1: Zero trust is maturing into digital trust
Last year, we predicted that organisations would adopt a zero trust security model. Due to the increasing sophistication of attacks and the emergence of insider threats, IT teams adopted a mindset of ‘we don’t trust anybody’. This meant verifying the identity of anyone or anything in or outside their network that was trying to connect to systems or access data, before granting access. But zero trust proved difficult to roll out – especially for organisations with legacy networks – and, in some cases, posed a barrier to employee productivity and customer engagement.
In 2019, we foresee digital trust emerging as the next security model. Zero trust has laid the foundation for digital trust by allowing IT to build a ‘digital fingerprint’ of their employees. They’ve established a comprehensive behavioural profile for each user that includes information such as the devices they use and their location. Digital trust allows a user access to applications and systems, provided that they remain consistent with their profile.
As a result, users can access data and applications more easily, with a reduced number of authentication hurdles, improving their overall experience.
Improved threat detection
Digital trust involves the deployment of different tools such as deception technologies and robo-hunters – automated threat seekers. If false information regarding a user is being used on the Dark Web, organisations will be notified that they’ve been breached. They can then immediately erase the fraudulent digital identities and ─ through their backup and recovery systems – reinstate the known, accurate version of the user’s digital fingerprint.
Of course, an organisation’s repository of digital identities represents a gold mine of opportunity for cybercriminals – so the security surrounding that repository needs to be rigorous.
Trend 2: Organisations are focusing on cloud-based security platforms
We believe that in 2019, cloud-based security providers will begin to gain traction in the security market. Cloud-based security is appealing for the same reasons organisations are drawn to cloud-based services: they’re platform-delivered, flexible and scalable.
Cloud-based security systems are built with open APIs, so security teams can integrate technologies into the platform with relative ease and switch security technologies on or off, depending on their needs.
Cloud-based security is especially important in a hybrid-cloud era as cloud services have presented many security challenges. Often IT would have no knowledge of new cloud services being switched on or connections being made. But because of the flexibility and scalability of cloud-based security, organisations now have additional visibility across their environments, rather than a static view of the organisation with a defined set of technologies, protecting specific points of the network.
Cloud-based security also allows for more automation and orchestration. With the advent of runbooks, security practitioners have a knowledge base that gives them a view on what, how and when to respond to unusual new connections and cybersecurity incidents. It also lets them automate responses where appropriate. Leveraging machines, they can scan the environment for changes, gather and build intelligence back into the platform (and into runbooks), taking action where there’s a clear threat.
Trend 3: Organisations now aim to be secure by design
For many years, organisations would build technology solutions and then ‘bolt on’ security measures as an afterthought. This would often lead to deployment delays and additional costs. Organisations then shifted towards ‘building in’ security at various stages along the way. The security team was engaged periodically during development, but cybersecurity was still ‘tagged on’ at the end.
This mindset is changing yet again. With business leaders now confident digital is here to stay, they’re also recognising they must be secure by design.
What’s the organisational impact?
This change in mindset is happening at various levels throughout the organisation.
Business leaders are recognising that cybersecurity must be aligned to their overall business goals and, moreover, that they must be cybersecurity-conscious at every point in their Digital Transformation journey.
Cybersecurity is being built-in as technologies and applications are conceptualised, designed, adopted, and built. DevOps and security operations teams are beginning to work more closely – as a DevSecOps team – creating the tools that enable secure digital transformation.
Increasingly, cybersecurity is being seen as an enabler of the business and we expect to see closer collaboration between cybersecurity and all levels of the organisation. We’ve already seen the West Yorkshire Police change their mindset on crowd control by applying cybersecurity expertise to assist with the safety of their supporters.
Trend 4: Cybersecurity is becoming intelligence-driven
We believe that cybersecurity will become more intelligence-driven in 2019. In a world of fast-moving, automated attacks, intelligence is the key to being able to respond swiftly or even predictively, rather than reactively, to individual threats. Additionally, it will allow for the organisation’s overall cybersecurity posture to change dynamically in response to the changing threat landscape.
Machine Learning will play a critical role in gathering intelligence. Moreover, machines will start making more of their own decisions and execute changes themselves to minimise an organisation’s cyber-risk, based on this intelligence.
The need for speed
While Machine Learning is helping organisations to protect themselves, we need to be mindful that cybercriminals are also using Machine Learning in their attacks.
This is going to let them move much faster. Once malware has infiltrated a network, its decision-making will be instantaneous. It’ll be able to move laterally within the organisation, across different ports and domains, more rapidly than ever.
The challenge is that for businesses, security needs to be right 100% of the time. You can’t afford to make one mistake. Whereas cybercriminals only need to be right once. Intelligence is becoming the new arms race between adversaries. That’s why getting ahead of the curve by using intelligence is going to be critical in the year ahead.
As part of the NTT Group, we continually gather intelligence that allows us to help our clients adopt a more predictive stance. For our latest insights into the evolving threat landscape, read our executive guide to the NTT Security 2018 Global Threat Intelligence Report.
Find out how we applied our predictive cybersecurity expertise at the Tour de France to manage the security of data without affecting the viewing experience of the race.
Trend 5: Tighter regulation is affecting risk profiles
Standards groups, industries and governments are constantly implementing new security policies. Compliance pressure on organisations has grown in the last year with the introduction of the General Data Protection Regulation (GDPR) in Europe and the Notifiable Data Breach (NDB) scheme in Australia.
Continuous risk profiling will be key
As a result, we expect to see governance and compliance playing an increasingly important role in how organisations manage their risk profile in 2019. If, for example, they’re deploying a new application or technology, they’ll be more critical in their decision-making process. They’ll need to carefully consider what additional risk it might add and how it will affect their risk posture.
Security operations can be complicated by regulations that lag behind the criminals’ strategies. As criminals keep coming up with new ways to attack, regulation – while necessary and important – can sometimes make security harder. Organisations, many of which have limited IT and security resources, need to find a way to adapt to ensure compliance with these new regulations, while still managing day-to-day operations.
Click below to share this article
