Matthew Gyde, Group Executive ─ Cybersecurity, shares his views on the top cybersecurity trends for 2018.
Trend 1: ‘Zero trust’ security makes a comeback
This year, we can expect to see significant disruption in the cybersecurity industry. Organisations are spending millions ─ and in some cases, hundreds of millions of dollars ─ on technologies aimed at bolstering their cybersecurity posture. But to no avail. Attacks are becoming more sophisticated. Cybercriminals have as much – if not more – funds to invest in developing new attacks than the businesses they are targeting have to spend on defence.
As a result, in this year we will see the ‘zero trust’ security model re-emerging. With this approach, the IT team adopts a mindset of ‘we don’t trust anybody’, and only by explicitlyallowing users to access systems, can trust be established.
A decade ago, the ‘zero trust’ approach implied that the IT team would simply prohibit people from using non-corporate issued devices and applications. However, the more modern ‘zero trust’ model will accommodate individuals’ personal preferences. But it does mean that there will be more rigorous authentication measures in place that will require users to verify their identities through multiple layers of credentials. Enterprise systems will vigorously authenticate whether users are indeed entitled access to specific sets of data, before making them available.
Some might question whether the ‘zero trust’ approach will lead to bottlenecks and delays in getting tasks accomplished. The answer is no: if you are running a cloud-based system, the authentication and verification process will be near-instantaneous, so people’s productivity won’t be inhibited.
Re-examine policy and process
Organisations that revert to this model will use it as an opportunity to re-examine their cybersecurity policies and processes. This will result in a new generation of policies and processes that take into account the organisation’s on-premise infrastructure as well as the cloud services and platforms that they utilise. Businesses will carefully scrutinise how they are using the cloud and identify ways to make better use of microsegmentation in multi-cloud environments, to raise their cybersecurity defences.
Organisations that embrace a ‘zero trust’ model will increasingly turn to managed security services providers to augment their security monitoring and management capabilities. This will allow them to focus on deriving maximum value from their investments in security controls and resources, and ensure that they are being applied appropriately and effectively.
Trend 2: Deception technologies become the security enablers of The Internet of Things (IoT) and operating technology (OT)
Increasingly, we are seeing OT enabling IoT in industries such as automotive and manufacturing. The benefits are compelling: organisations can closely monitor the status of their equipment, which results in increased productivity, better safety, costsavings, and the ability to perform pre-emptive maintenance.
A new frontier of cybercriminal enablement
However, this is also ushering in a new element of risk because the sensors attached to OT devices are enabling a new breed of cyberattack. In the last year, the industry has been exploring ways to defend against them, but it’s not easy: Most manufacturers aren’t considering security in the development phase of their products. And sensors are typically light-weight devices with minimal storage capacity, which makes embedding encryption chips into them unfeasible.
In 2018, we foresee deception technologies playing a significant role in ensuring that security is maintained across the supervisory control and data acquisition (SCADA) control system architecture, operational technologies, and wider IoT infrastructure.
Many cyberattacks begin when cybercriminals successfully penetrate an organisation’s perimeter firewall. Once they have accessed the network, they start moving laterally, searching for user identities, which will allow them to take control of different devices. Often, they go undetected for months, stealing confidential data and intellectual property.
Deception technologies introduce thousands of fake credentials onto an organisation’s network, which makes it mathematically impossible for cybercriminals to gain access to a legitimate set of user identities. And, once a cybercriminal has used a fake credential that has been generated by the deception technologies, the security operations team will receive an alert that an unauthorised user is lurking on the network. They can then immediately initiate incident response.
Deception technologies also allow organisations to determine exactly how the cybercriminals gained access to the network, and to analyse their subsequent pattern of attack.
Trend 3: Behavioural analytics and artificial intelligence demand a relook at identity
In the last year, we have seen more organisations exploit the power of artificial intelligence and machine learning to bolster their cybersecurity defences. However, until now they have faced limitations: the machine programmer must still provide the machine with algorithms that instruct it about what types of malicious software or activity to search for.
In 2018, we will see this change, thanks to a technique known as ‘deep learning’.
With deep learning, rather than providing the algorithms to the machine, you can enable it to learn itself. The potential of this technology was recently demonstrated when Google took the decision to turn off its machine learning toolset because, through deep learning, the machines were educating themselves to the extent that they had begun to create a new language which system developers did not understand.
In the next 12 months we will see deep learning enabling us to take behavioural analytics to a new level. Machines will start undertaking highly granular analyses of users’ activities. For example, they will detect that every morning I log onto the network at a certain time, check my email, and then visit a certain website to read the news. Next, I’ll typically initiate a couple of Facetime sessions with members of my team, and so on.
By analysing my behaviour over a period of time, machines will be able to predict whether or not the person attempting to access my data or applications, is indeed me.
This provides organisations with an additional layer of defence over and above standard authentication methods.
In 2018 we expect to see more security vendors starting to integrate artificial intelligence into their products to improve their ability to detect cyber threats in this manner.
Trend 4: Robo-hunters are the new norm
Most cybersecurity experts agree that it is critical to have access to threat intelligence about the latest types of attacks and tactics. However, intelligence alone is not enough. Organisations must proactively ‘hunt down the enemy’.
In 2018, we will start seeing machines entering the enterprise ─ the kind that our colleague, Mark Thomas, Dimension Data’s Group Cybersecurity Strategist ─ has dubbed ‘robo-hunters’.
Essentially, robo-hunters are automated threat-seekers that can make decisions on behalf of humans. Enabled by artificial intelligence, they continuously scan an organisation’s environment for any changes that might indicate a potential threat.
They learn from what they discover and then take appropriate action, for example by isolating a bad packet or compromised device.
We believe that the rise of robo-hunters will enable more businesses to move from a proactive to a predictive security posture. Many of our clients have invested in threat hunting personnel and capabilities and Dimension Data is already offering it as a service. Those organisations that are leading the charge are starting to look at ways to automate threat hunting cycles and are conducting retrospective analysis to identify patterns in historical incursions.
Trend 5: Blockchain is the disruptor
The opportunities and applications of Blockchain in the world of cybersecurity are only just emerging.
Blockchain allows a digital ledger of transactions to be created and shared among participants via a distributed network of computers. The system is highly accessible and transparent to all participants ─ all transactions are publicly visible.
This means it is possible for businesses to make Blockchain ‘corporately visible’ within their organisation so that they can see every transaction that takes place between one individual and another, one piece of data and another, or one machine and another. This enables companies to build up a comprehensive history of every transaction that occurs. We believe this has significant potential to allow organisations to boost their defences in the areas of user authentication and identity and access management.
For example, when a longstanding employee attempts to access a particular corporate system, the Blockchain will recognise that they have logged in previously and are deemed to be trustworthy, and will therefore grant them access.
However, if the Marketing department brings in a new contactor to help on a project, the first time he or she attempts to log onto the network, the Blockchain ledger will detect that it’s neither engaged with the user before, nor interacted with their device. The Blockchain will also pick up if an existing user tries to access a particular file or set of data that they have not accessed before, or whether they are attempting to log onto the network from an unfamiliar location.
The implementer of ‘zero trust’
In the scenarios we have mentioned, the Blockchain will isolate the connection and give the user restricted access until the transactions have been expressly sanctioned by system administrators or the IT security team. So essentially Blockchain will become the implementer of the ‘zero trust’ policy mentioned earlier.
It also holds potential to assist in forensic investigations. For example, an organisation that has had confidential intellectual property stolen can take their immutable ledger to court and prove that an unauthorised person extracted or copied a set of data.
There are other use cases for Blockchain in the realm of cybersecurity that we believe will emerge in the year ahead. It has already being used in public key infrastructure (PKI). PKI is cryptography that is used to secure emails, websites, and messaging applications. Most traditional PKI implementations rely on centralised certificate authorities to generate and store keys, which renders them susceptible to attacks from hackers.
Blockchain-based implementations of PKI remove the central certificate authorities completely and make use of a distributed ledger of domains and their related public keys. This is an inherently more secure approach as there is no central database to attack.
Continue reading here to find out what 2018 holds in store in the areas of digital business, digital infrastructure, hybrid cloud, digital workplaces, customer experience, and cybersecurity.