In the battle for cybersecurity, never stop moving forward
The ingenuity of hackers, scammers and fraudsters appears to know no bounds, writes Ichiro Ohama, SVP of Enterprise Cyber Security at Fujitsu. Here he outlines five key trends we expect to see in 2019 that will impact your organization.
2018 always looked like it would be a fascinating year for cybersecurity – not least because of GDPR – and as the year progressed, we saw some very high-profile attacks and data breaches. Some very large organizations made the wrong type of headlines, with the full implications of these breaches on their businesses still to be seen.
Although there is no denying that organizational awareness is on the rise, one thing is clear – those behind breaches and hacks are finding new and creative ways to bring organizations to their knees. This is being driven by the rise of cloud, Internet of Things (IoT), as well as the fact that the amount of data stored and analyzed continues to explode, forcing organizations to focus more on safeguarding their business, employees, and customers.
Predictions for the year ahead
One thing we can predict for 2019 is that, as threats continue to grow, we’ll be working hard to help our customers across the world to prepare their people, processes and technology to deal with these threats, through our approach of intelligence-led security. Technology alone cannot stop a breach; it requires a cultural shift to embed strong data and security governance throughout an organization. With that in mind, we expect to see the following top five trends in security in the coming year.
Secure Multi-Cloud will emerge as the path to secure and agile operations.
More organizations will adopt a multi-cloud strategy to accelerate digital transformation objectives. There are clear business advantages to adopting a multi-cloud approach, but this also has the potential to create disparate cloud silos, each requiring an individual security perspective. Perversely, this increases management complexity of any corporate cybersecurity posture; introducesa possible inconsistency in the application of security controls and can bring a lack of or disjointed visibility across a dynamic hybrid threat landscape.
These security challenges, coupled with the development of advanced attacks by cyber-criminals, present an ever-increasing risk to the financial and reputational integrity of any business. This challenge will drive the rise of secure multi-cloud – an integrated security framework capable of delivering consistent security in a multi-cloud environment. This is supported by highly-integrated cloud-agnostic security tooling, automation and orchestration to provide a holistic view of corporate cybersecurity posture, increased security visibility, and elastic application of relevant security controls.
Gamekeepers will turn poachers – the growth of threat hunting
As the threat landscape continues to grow in size and sophistication, threat analysts will need to take a proactive approach to protecting organizations. The concept of threat hunting is supported by initiatives such as automation and orchestration, allowing analysts to proactively look for threats that conventional detection tools may miss.
This concept, and the tools enabling it, such as Endpoint Detection & Response, give analysts the ability to better identify both known and unknown attacks earlier in the lifecycle. This requires a change in mindset, from protector to hunter. Analysts need the right tools to be effectively equipped as hunters. Threat hunters who combine human intelligence with the right digital intelligence from EDR and AI-based technologies will make significant progress in protecting organizations from the financial and reputational damage that we are seeing today as the result of breaches.
Legitimate services abused for illegitimate causes, delivered via email
We expect a further rise in abused legitimate services, as witnessed towards the end of 2018, in the form of phishing links sent via email, and linked to otherwise-legitimate websites. Services created for legitimate reasons, such as file-sharing or questionnaire hosting, will be subverted by attackers. Hackers continue to abuse sites like these, using free hosting capabilities to host phishing content, and leveraging the trust of vendors such as Microsoft and Google to avoid reputation blocks from proxy services. Examples include using questionnaires designed to represent login portals, hosted on the very same service as the one they are phishing.
Automatic detection of such services becomes difficult since traditional methods such as Indicator of Compromise detection and SSDeep hashes will point to ‘legitimate’ content. This will make it necessary for network defenders to either understand URL structure, to detect the differences on a legitimate login portal, or to identify such sites in advance, instead of relying on traditional defenses. It remains to be seen whether the rise of services such as Slack will lead organizations to move away from the traditional use of email, which is how phishing scams are carried into organizations.
Privacy will be designed for the people, by the people
We will stop looking at people as the weakest link and instead consider how we can empower them to be the strongest link, as advocated by institutions such as the UK National Cyber Security Centre. For privacy-by-design to truly work and be embedded in everything we do, we must take a step back and understand the data, so privacy is designed for the people, by the people.
That means applying human intelligence to the process of classifying data, to provide crucial context. For example, ‘Name’ and ‘Address’ details should be kept securely, but if those details apply to a vulnerable group in society, such as a child, even greater levels of protection are needed. Applying generic rules to types of data without considering the implications will lead to data being classified incorrectly. Privacy needs to combine the benefits of technology with human intelligence to ensure that the right details are kept secure, in the correct way.
Investment in Identity and Access solutions will be wasted unless implemented with a greater understanding of end-user requirements
In many recent cases, end-user requirements have not been taken into consideration when Identity and Access solutions have been implemented – leading end-users to findworkaroundss and introduce shadow IT, and in the process, complicating or damaging security governance and compliance processes. This wastes investments and increases operational costs.
To avoid this, we’ll see forward-thinking organizations adopt as-a-service delivery models and consumption-based cost models, allowing them to change direction easily when needed. As-a-service solutions (IDaaS, PAMaaS, etc.) will be mainstream to buy; IAM services will be evaluated more from an end-user perspective. Password-less usage, single sign-on and user-friendly, strong/multi-factor/biometric authentication are good examples that best fulfil end user requirements and provide compelling reasons to buy IAM services.