Cybersecurity Predictions for 2018
Dennis Moreau, Senior Engineering Architect
With the increasing sophistication, frequency, and damage caused by cyberattacks, organisations of all types continue to prioritise security. At the same time, eroding effectiveness, growing complexity, high costs, and limited talent pools are challenging existing security frameworks and methodologies. The cybersecurity industry is ripe for disruption. Here are five security trends to watch for in 2018:
The Security Market Breaks Itself
Security disruption was an emerging theme in 2017. While the major breach at Equifax and the WannaCry virus stole headlines, news of greater significance to the future of the security industry flew under the radar. Last year, two major vendors—Symantec and Palo Alto Networks—launched venture capital funds to identify and nurture emerging security solutions. A third major vendor, Kaspersky Lab, saw its software permanently banned by the Trump administration and pulled from Best Buy shelves. The 2017 emergence, and recent public disclosure of Meltdown and Spectre, has led the industry to question just how much it can lean on any individual security technology that is acting alone. The entire security industry is on the precipice of dramatic change.
As cloud, the Internet of Things (IoT), machine learning (ML), and artificial intelligence (AI) infiltrate the enterprise and further challenge conventional security portfolios, long held security assumptions about asset identifiers, platform integrity, and application and service dynamics are increasingly tenuous. Expect new and more adaptive security capabilities that integrally leverage intention, context, advanced analytics, and software-defined flexibility to help address the cybersecurity and resilience needs of these highly-dynamic technologies.
Apps Increasingly Become the New Perimeter
In many recent breaches, the underlying problem was the misconfiguration of security policy. These errors are a direct consequence of both limited policy visibility and complex policy management. There is a need across the enterprise to simplify security policies by focusing on the application, the service, the data, and the device. At this level, identifying both proper and malignant behavior is at its least complex, and therefore easiest to automate and manage consistently. Expect organisations to increasingly rely on more granular, straightforward enforcement of security policies, both throughout the infrastructure and across infrastructures. Beyond firewalls, this applies to anchoring and aligning granular layers of protection including microsegmentation, intrusion prevention, vulnerability remediation, application control, and encryption— all focused on the applications, devices, services, and data requiring protection.
Artificial Intelligence and Machine Learning Brings Resilience to Security
There are an estimated 1.3 million new instances of malware every day. And no security solution that detects attacks by looking for specific patterns, such as known malicious instruction sequences used by malware, no matter how technically advanced, can protect the enterprise from these ever-changing threats. While AI techniques are currently leveraged to help detect evolving malware, there have been significant challenges with distinguishing noise levels, retraining latency, curating training sets, and identifying emergent legitimate behavior.
2017 saw a rise in skepticism about machine learning due to overly-simplistic implementations in security products that did not perform as advertised. And although its role is still evolving, machine learning is expected to play a significant and continuing role in enterprise security. In 2018, expect enterprises to increasingly turn to machine learning to leverage explicit intention and the principle of least privilege to prevent accidental disruptions of legitimate behavior. One advantage of machine learning and related technologies is the promise of improved policy expressiveness and flexibility. Expect a growing use of data science, deep learning, and improved analytics to support identity governance, risk mitigation, and to deliver new levels of resilience to the enterprise.
IoT Cybersecurity Starts to Get Real
Several unique aspects of IoT present fundamental challenges to conventional security technologies and methods. Some IoT devices are expected to function for decades, extending well past the life expectancy and patch delivery services of many current manufacturers. IoT manufacturers have very large supply chains and partner ecosystems, making the curation of all constituent parts and software extraordinarily challenging. Finally, IoT devices can have numerous communications channels, making them hard to isolate completely, and are often deployed with limited power and processing capacity, making them unlikely to be self-defending. These considerations, and many others, add up to a difficult security scenario.
Expect a greater emphasis by IoT manufacturers to standardise intentional behaviors for all versions of all devices and to automate security monitoring, control and detection at IoT device gateways. Finally, this year will bring a growing emphasis on end-to-end security across IoT systems from sensor to backend services and analytics.
Governments Push Privacy Regulations
Expect the U.S. to create regulations around data privacy similar to Europe’s General Data Protection Regulation (GDPR). With the emergence of IoT, self-driving cars, and a new era of big data regulators will recognise that cyber attacks cause more than monetary damage and can now potentially result in personal injury. Governments around the globe will move to mitigate the risks.
Expect organisations to prioritise cyber hygiene, rather than a maniacal focus threats, across the enterprise. Businesses will focus on technologies such as compartmentalisation, least privilege, encryption, strong authentication, and patching–all with an increased focus on applications and services as the aligning abstraction–to both simplify and improve enterprise security.
Security, like much of the enterprise, faces major disruption in the year ahead, but new and more integrated solutions that leverage emerging technologies to shrink the attack surface will change the entire security landscape for businesses and consumers alike.