Azeem Aleem, Director, Advanced Cyber Defence Practice EMEA, RSA, talks about the trends that will shape the cybersecurity landscape this year.
Are security investments helping enterprises to reach their business goals?
In 2017, organisations will also face a conundrum, as the pressure of building a more efficient business will likely create more loopholes. The traditional perimeter will melt away and “not in my backyard” siloed approach will not work anymore. Organisations would need to look at cybersecurity as a business enabler rather than a hindrance.
Only security investment made within organisations to express details of security in the language of business risk would be termed effective. Business goals can only be achieved by an organisation through evaluation of converged technical risk and their impact on business continuity, intellectual property, and damage to their reputation, among other things.
What should be the cornerstone of a good security architecture?
With the incremental attack vector sophistication, good security architecture could be developed based on the three-fold strategy/approach.
Firstly, organisations would need full visibility across endpoints, network, logs, VMS and cloud among others, combined with actionable threat intelligence and business context.
Secondly, to support this, organisations would need to perform deep analytics, which is the ability to process threat data to identify the behavioural classification of cybercriminals. This would require the use of deep analytic techniques, the latest science modelling and machine learning.
Thirdly, what we see, as those organisations that understand rational of collecting the data from endpoints, network flow/packets, cloud-based apps and network perimeter, are facing a problem flux of data. To detect the pattern they have a task of finding a needle in the haystack; they lack the capability to integrate into a single normalised platform to detect the behavioural classification of these cybercriminals. Organisations also need to understand the full scope of the attack, which requires a well-coordinated process that can help orchestrate the function of their teams and all available data to produce clear and actionable results.
Is continuous authentication going to be the future of IAM?
The user population is now dense with on-premises / remote employees, trusted partners, vendors, buyers and clients; all of whom require access to corporate applications and services. Also, devices are no longer just corporate desktops but now include corporate and personal laptops, tablets and mobile phones.
In the past, IAM has been based on reaction and detection phased strategy. The future lies in the implementation of an intelligence-driven IAM programme, which can deliver substantial business value by achieving business agility across all operational domains of the organisation by unlocking enormous business value.
Intelligence-driven IAM combines visibility of user context and activities, an analysis that leverages this context, and enablement of appropriate and timely actions to mitigate any threats. The ability to analyse various metrics in real time and take the appropriate action to mitigate threats enables a highly secure way to link users anywhere and anytime while meeting compliance rules and regulations.
Are your users getting the support they need post Dell EMC merger?
For RSA it is business, as usual, providing support to the existing customer towards the enhancement of business-driven security.
With post Dell EMC merger, customers are getting an end-to-end solution by combining Dell’s strength in managed security services and its security offerings in network, endpoint and email security, combined with RSA’s focus on identity, security analytics and GRC.
Do you expect the threat landscape to evolve further in 2017?
Business leaders are still unable to understand the business implication from the risk they face. A business-driven security approach is needed to bridge the gap between the operational risk (e.g. how bad it is) and the technical details – connecting the dots between technical details and the business impact to your enterprise.
Security programmes solely focused on compliance will not work. Cyber-attacks generated through supply chains will be on the rise; there would be a need to manage the whole incident space by developing actionable threat intelligence capability to tackle TTPs (tactics, techniques and procedures).
Co-ordinated ransomware attacks will become more aggressive and diversified, by attacking a multitude of attack vectors. Cybercriminals will find ransomware as an easy hit and run strategy. The traditional target point from SMEs (small to medium size business) will pivot towards larger corporations, mainly around public sector.
In 2017 we will witness a sophisticated surge in the attack domain across industrial control systems (ICS). The shift from legacy systems towards process control networks with connectivity around enterprise and Internet, will create more extensive backdoors around the industrial control systems. Organisations will not even be aware of the device connectivity patterns inside and outside their ICS environment. Attacks through cloud service providers within ICS are on the rise, and there is a dire need of intelligence correlations and reporting mechanisms around SCADA attacks, through behavioural analytics.
Threats against IOTs will be on rise. Recent development in IOTs has created a technological disruption where now it is becoming difficult to contain the genie in the bottle. We have already seen the technological revolution of IOTs with businesses already under pressure to accommodate the flux of IOTs. The potential vulnerabilities from IOTs across the organisation network to home appliances even stretching to medical devices will be used as additional vector exploit against the organisations. IOT connections on corporate enterprise network creating third party breaches would be frequently seen.