By Ray Kafity, Vice President, Middle East, Turkey and Africa at Attivo Networks
In 2018, organisations in the Middle East invested heavily in multiple solutions to build and strengthen their cyberdefences. This trend will continue in 2019 as well, as organisations steadily increase their cybersecurity investments.
According to Gartner, the Middle East and North Africa (MENA) spending on enterprise information security technology and services is expected to reach US$1.9 billion in 2019, an increase of 9.8% over 2018. In view of this, Ray Kafity, Vice President, Middle East, Turkey and Africa at Attivo Networks, shares his predictions on top cybersecurity concerns and the kinds of threats that will put these investments to test.
IoT security and regulation
IoT will continue its rapid expansion with over 50% of businesses incorporating IoT into their operations in 2019 for economic advantages, market competitiveness and differentiation. IoT-enabled device innovation will continue to outpace the security built into those devices and federal government regulation will continue to fall short in defining the laws and fines required to affect change. State-level regulations will be enacted to improve the situation but will likely fall short in impact and, in many cases, only result in a false sense of consumer confidence with respect to the security of these devices.
Breach disclosure and risk profiles
Many organisations struggle with the lack of clarity of breach disclosure definitions and expectations. States that create notification laws that include defined processes will help organisations be better prepared and compliant to disclosure strategies in the event of a breach. This will promote more strategic thought processes for recording and reporting incidents and will reinforce that it is no longer enough to quickly notify on a breach incident, they will also need to accurately identify the full impact of the event. Going forward, organisations will be expected to fully understand how widespread the attack was, how deeply the attacker penetrated, and how to set the right controls in place to prevent their return.
Companies will need to start looking at security differently, moving beyond IT risk management and into digital risk management. It’s no longer just about protecting a particular asset, server or endpoint, it’s about protecting the entire business and maintaining a competitive advantage. More companies will need to take a closer look at their security risk profiles and assess whether the controls they have in place will scale to facilitate the needs of an interconnected on-demand business, while ensuring the protection of their networks.
Dwell time and detection
Dwell time – the time an attacker remains undetected within the network – currently averages globally more than 100 days. I believe that average will begin to fall as companies become increasingly focused on supplementing traditional preventative cybersecurity measures with detection tools designed to detect attackers early in the attack cycle. We will see increased use of deception technology for its efficacy in detecting early and for its ability to create a proactive defence designed to slow down and derail attackers.
In 2019, an increasing number of enterprises will revise their security strategies to assume that their perimeter will regularly be penetrated. This will cause a shift in strategy to focus on the time to detection as a key performance metrics. There will also be increased investment in tools that will test the reliability of security controls and that are designed to pick up policy violations or misconfigurations that create windows of opportunity for attackers. Reducing the time an attacker spends in the network will prevent them from establishing a foothold, which often makes it more difficult to eradicate the threat and prevent their return.
Understanding the adversary and root cause analysis will be big themes for 2019. Organisations are realising it’s not just about detecting the threat but also about understanding where the attack started, how they are attacking and what they are after. Increased investment will be made in tools that identify how an intruder operates and that gather adversary intelligence for fortifying defences.
Suppliers and third-party contractors as a growing vulnerability
We will see an increased focus on supply chain risk, which will result in higher expectations and more complex cybersecurity assessments of suppliers and third-party contractors in 2019. There was a record number of breaches in 2018 that were driven by suppliers and contractors. A trend we must reverse.
To fix this issue, we will see an increased focused on certifications and compliance with suppliers for their services. As attackers continue to exploit vulnerabilities within these third-party organisations, companies will need to take measures to certify and verify them and to prove they can be trusted.
Cloud and shared security models
Cloud will become an increased target in 2019 as adoption grows and attackers increasingly exploit weaknesses in shared security models. Cloud providers will protect the infrastructure platform with an increased awareness of hardware-based attacks, however the lack of understanding about how best to secure data in and access to the cloud will leave room for errors and misconfigurations. Adoption of technologies like Cloud Access Security Brokers (CASB) and deception will grow significantly as organisations seek new security controls designed to address these challenges.
Mindshift in approach to security
In 2019, defenders must able to think and operate like an attacker by understanding the attack paths and methods that will be used to exploit them. Companies will need to recognise that they cannot be passive and that defence should not begin after an attack has begun. Strategic thinking will shift to that of an ‘active defence’, which will include gaining better understand of one’s adversary and being able to create pre-emptive measures that empower security teams to outmanoeuvre and derail their attackers.
In 2019, we will see an increased focus on internal and external information sharing, along with better incorporation of communication plans that include community notifications of advanced threat activity. In order to better automate information sharing, there will be an increased focus on the quality and reliability of threat intelligence that will provide the confidence in alerts that has been previously missing.
For example, more companies will embrace more native integrations in their platforms and the concept of Security Orchestration, Automation and Response (SOAR) as a framework that helps defenders will be increasingly adopted to fuel collaboration across markets and industries.