Todd Kelly, CSO at Cradlepoint, discusses the main cyber security themes that have been shaping the IT landscape and look to continue as major issues over the next 12 months.
The pace of change in cyber security brings with it constant new themes and trends. Artificial Intelligence (AI) and Machine Learning have already been hot topics so far this year, but what other issues will emerge in the remainder of 2019 as major security talking points?
Also of interest: Cyber security trends to watch in 2019
Fragmenting Data Privacy Regulations
Just over a year after GDPR arrived, many businesses now have a much better understanding of how to work with it, and as a result, have improved their approach to regulation in general.
GDPR has been a positive framework for data privacy and protection, but some industry experts are concerned that a more fragmented global regulatory landscape is beginning to emerge. In the US, for example, layers of data privacy regulations at a State level – and even a municipality level in some cases – have the potential to become so complex that even the largest organisations will struggle to meet the various requirements.
At the moment, there’s no clear solution to the challenge. But, what does seem likely is that if this trend is repeated across other geographies, and organisations can’t navigate regional or even national data privacy regulations, global compliance could become almost impossible.
Also of interest: Don’t be a data hoarder
Better transparency and openness
The influence of regulations such as GDPR on statutory accountability has helped build wider momentum towards transparency and openness across the security industry.
The effect is that security professionals are talking more than ever before about the importance of due diligence throughout the development process. For many organisations, a laser-like focus on securing platforms in now being enhanced by a genuine drive for openness.
Also of interest: Can defenders trick their attackers?
The Vulnerability of IoT
Gartner has predicted that businesses will connect more than 7.5 billion IoT devices by 2020, and while some will be securely tied to networks, others will be connected more randomly and unsecured. This lack of security for IoT devices presents many vulnerabilities with adversaries establishing new ways of profiting from IoT hacks.
For example, 75% of IoT attacks target routers, acting as the gateways to countless other connected devices. And the increasing deployment of cryptojacking malware means attacks are likely to become even more common. As such, organisations need to take IoT security much more seriously, both for industrial deployments and consumer devices.
The approach being taken by many organisations to address IoT security shortcomings is to focus on Zero Trust software architecture. Taking an authenticate-first, connect-second approach to securing the ever-increasing diversity of endpoints is one of the best ways to prevent even a single device from being breached.
For unsecured IoT devices, connecting to the perimeter network behind a router that acts as a software-defined perimeter (SDP) gateway reduces the attack surface. It can also prevent a compromised IoT device from infiltrating core business information systems. Indeed, the Cloud Security Alliance has found that adopting a SDP model is one of the most effective ways to stop nearly all network attacks, including DDoS, man-in-the-middle and advanced persistent threats.
Also of interest: How to turn your people into your best defence
Integrated security systems
As organisations adopt an ever-increasing array of security products, it becomes more difficult to integrate disparate systems. To address this problem, the use of security platforms is growing in popularity as vendors develop their systems to prioritise interoperability, data sharing and collaboration in areas such as threat intelligence.
Moving away from a siloed approach to one that focuses on security as an ecosystem is undoubtedly the best way forward for the whole industry. It makes everyone smarter and more effective, while also enabling customers to leverage best-in-breed technology for all their priorities. The net result of this welcome trend will be to help make everyone more secure.
With security trends and challenges are constantly shifting, despite the best efforts of a dedicated and talented community, cyber criminals still continue to make their way into what many believe are secure networks.
Many organisations remain vulnerable to hackers who are becoming bolder and more sophisticated, and it’s becoming clear that the traditional ‘fixed perimeter’ based approach to network security is quickly becoming obsolete.
Instead, security leaders need to examine security practices and consider adopting new approaches like zero-trust, SDP and cross-platform security analytics. As we move even further into the era of the Connected Enterprise, the need for extending security to the expanding 4G LTE and 5G edge will become particularly important.