Trend 1: ‘Zero trust’ security makes a comeback
In 2018, we can expect to see significant disruption in the cybersecurity industry. Organisations are spending millions ─ and in some cases, hundreds of millions of dollars ─ on technologies aimed at bolstering their cybersecurity posture. But to no avail. Attacks are becoming more sophisticated. Cybercriminals have as much – if not more – funds to invest in developing new attacks than the businesses they’re targeting have to spend on defence.
As a result, in the year ahead we’ll see the ‘zero trust’ security model re-emerging. With this approach, the IT team adopts a mindset of ‘we don’t trust anybody’, and only by explicitly allowing users to access systems, can trust be established.
A decade ago, the ‘zero trust’ approach implied that the IT team would simply prohibit people from using non-corporate issued devices and applications. However, the more modern ‘zero trust’ model will accommodate individuals’ personal preferences. But it does mean that there’ll be more rigorous authentication measures in place that will require users to verify their identities through multiple layers of credentials. Enterprise systems will vigorously authenticate whether users are indeed entitled access to specific sets of data, before making them available.
Some might question whether the ‘zero trust’ approach will lead to bottlenecks and delays in getting tasks accomplished. The answer is no: if you’re running a cloud-based system, the authentication and verification process will be near-instantaneous, so people’s productivity won’t be inhibited.
Re-examine policy and process
Organisations that revert to this model will use it as an opportunity to re-examine their cybersecurity policies and processes. This will result in a new generation of policies and processes that take into account the organisation’s on-premise infrastructure as well as the cloud services and platforms that they utilise. Businesses will carefully scrutinise how they’re using the cloud and identify ways to make better use of microsegmentation in multi-cloud environments, to raise their cybersecurity defences.
Organisations that embrace a ‘zero trust’ model will increasingly turn to managed security services providers to augment their security monitoring and management capabilities. This will allow them to focus on deriving maximum value from their investments in security controls and resources, and ensure that they’re being applied appropriately and effectively.
Trend 2: Deception technologies become the security enablers of The Internet of Things (IoT) and operating technology (OT)
Increasingly, we’re seeing OT enabling IoT in industries such as automotive and manufacturing. The benefits are compelling: organisations can closely monitor the status of their equipment, which results in increased productivity, better safety, cost savings, and the ability to perform pre-emptive maintenance.
A new frontier of cybercriminal enablement
However, this is also ushering in a new element of risk because the sensors attached to OT devices are enabling a new breed of cyberattack. In the last year, the industry has been exploring ways to defend against them, but it’s not easy: Most manufacturers aren’t considering security in the development phase of their products. And sensors are typically light-weight devices with minimal storage capacity, which makes embedding encryption chips into them unfeasible.
In 2018, I foresee deception technologies playing a significant role in ensuring that security is maintained across the supervisory control and data acquisition (SCADA) control system architecture, operational technologies, and wider IoT infrastructure.
Many cyberattacks begin when cybercriminals successfully penetrate an organisation’s perimeter firewall. Once they’ve accessed the network, they start moving laterally, searching for user identities, which will allow them to take control of different devices. Often, they go undetected for months, stealing confidential data and intellectual property.
Deception technologies introduce thousands of fake credentials onto an organisation’s network, which makes it mathematically impossible for cybercriminals to gain access to a legitimate set of user identities. And, once a cybercriminal has used a fake credential that’s been generated by the deception technologies, the security operations team will receive an alert that an unauthorised user is lurking on the network. They can then immediately initiate incident response.
Deception technologies also allow organisations to determine exactly how the cybercriminals gained access to the network, and to analyse their subsequent pattern of attack.
Trend 3: Behavioural analytics and artificial intelligence demand a relook at identity
In the last year, we’ve seen more organisations exploit the power of artificial intelligence and machine learning to bolster their cybersecurity defences. However, until now they’ve faced limitations: the machine programmer must still provide the machine with algorithms that instruct it about what types of malicious software or activity to search for.
In 2018, we’ll see this change, thanks to a technique known as ‘deep learning’.
With deep learning, rather than providing the algorithms to the machine, you can enable it to learn itself. The potential of this technology was recently demonstrated when Google took the decision to turn off its machine learning toolset because, through deep learning, the machines were educating themselves to the extent that they had begun to create a new language which system developers didn’t understand.
In the next 12 months we’ll see deep learning enabling us to take behavioural analytics to a new level. Machines will start undertaking highly granular analyses of users’ activities. For example, they’ll detect that every morning I log onto the network at a certain time, check my email, and then visit a certain website to read the news. Next, I’ll typically initiate a couple of Facetime sessions with members of my team, and so on.
By analysing my behaviour over a period of time, machines will be able to predict whether or not the person attempting to access my data or applications, is indeed me.
This provides organisations with an additional layer of defence over and above standard authentication methods.
In 2018 I expect to see more security vendors starting to integrate artificial intelligence into their products to improve their ability to detect cyber threats in this manner.
Trend 4: Robo-hunters are the new norm
Most cybersecurity experts agree that it’s critical to have access to threat intelligence about the latest types of attacks and tactics. However, intelligence alone isn’t enough. Organisations must proactively ‘hunt down the enemy’.
In 2018, we’ll start seeing machines entering the enterprise ─ the kind that my colleague, Mark Thomas, Dimension Data’s Group Cybersecurity Strategist ─ has dubbed ‘robo-hunters’.
Essentially, robo-hunters are automated threat-seekers that can make decisions on behalf of humans. Enabled by artificial intelligence, they continuously scan an organisation’s environment for any changes that might indicate a potential threat.
They learn from what they discover and then take appropriate action, for example by isolating a bad packet or compromised device.
I believe that the rise of robo-hunters will enable more businesses to move from a proactive to a predictive security posture. Many of our clients have invested in threat hunting personnel and capabilities and Dimension Data is already offering it as a service. Those organisations that are leading the charge are starting to look at ways to automate threat hunting cycles and are conducting retrospective analysis to identify patterns in historical incursions.
Trend 5: Blockchain is the disruptor
The opportunities and applications of Blockchain in the world of cybersecurity are only just emerging.
Blockchain allows a digital ledger of transactions to be created and shared among participants via a distributed network of computers. The system is highly accessible and transparent to all participants ─ all transactions are publicly visible.
This means it’s possible for businesses to make Blockchain ‘corporately visible’ within their organisation so that they can see every transaction that takes place between one individual and another, one piece of data and another, or one machine and another. This enables companies to build up a comprehensive history of every transaction that occurs. I believe this has significant potential to allow organisations to boost their defences in the areas of user authentication and identity and access management.
For example, when a longstanding employee attempts to access a particular corporate system, the Blockchain will recognise that they’ve logged in previously and are deemed to be trustworthy, and will therefore grant them access.
However, if the Marketing department brings in a new contactor to help on a project, the first time he or she attempts to log onto the network, the Blockchain ledger will detect that it’s neither engaged with the user before, nor interacted with their device. The Blockchain will also pick up if an existing user tries to access a particular file or set of data that they’ve not accessed before, or whether they’re attempting to log onto the network from an unfamiliar location.
The implementer of ‘zero trust’
In the scenarios I’ve mentioned, the Blockchain will isolate the connection and give the user restricted access until the transactions have been expressly sanctioned by system administrators or the IT security team. So essentially Blockchain will become the implementer of the ‘zero trust’ policy I mentioned earlier.
It also holds potential to assist in forensic investigations. For example, an organisation that’s had confidential intellectual property stolen can take their immutable ledger to court and prove that an unauthorised person extracted or copied a set of data.
There are other use cases for Blockchain in the realm of cybersecurity that I believe will emerge in the year ahead. It’s already being used in public key infrastructure (PKI). PKI is cryptography that’s used to secure emails, websites, and messaging applications. Most traditional PKI implementations rely on centralised certificate authorities to generate and store keys, which renders them susceptible to attacks from hackers.
Blockchain-based implementations of PKI remove the central certificate authorities completely and make use of a distributed ledger of domains and their related public keys. This is an inherently more secure approach as there’s no central database to attack.