The cybersecurity landscape in 2019 will likely bolster bigger, more complex threats and developments. Given the intricacy of today’s cyber security challenges, organisations will need to adopt a security approach that requires digital support and increased collaboration from both IT and security teams. So, what key trends can we expect to see in this new year?
Greater uncertainty and a rise in digital tools
Many organisations are often unaware of whether their current software is vulnerable to attack. They often ask the question: what software is inside my estate? This includes identifying what software they know is bad, for example, Java or malware.
The next key questions are: what connections has that software made to other machines, which machines have it, and have those machines reached out to any other machines on the network? And can we find a trend, so we know which machines to go after to remediate the breach?
Breaches are only going to get more complex and harder to beat in 2019 and as a result, there is a greater need for businesses to include endpoint security to protect company machines and stay up to date with patches; yet this is something many organisations fail at surprisingly often.
Organisations need to move the needle from simply protecting their estate to using sophisticated tools that can detect and investigate threats. The industry has adapted the way it protects data by looking to detect and respond with a variety of tools such as next-generation firewall, intrusion prevention systems (IPS) and sandboxes. However, this is not enough in today’s age of complex attacks.
As hackers become more skilled, we will also see more organisations using enhanced cyber security tools, such tools including Artificial Intelligence (AI), to achieve higher speed and intelligence, and allow businesses to find the answers to these common questions more efficiently. What’s more, these tools will be able to track the unusual patterns within company devices and remediate an attack in real-time.
Emergence of AI technology
If someone is copying a large volume of files, shouldn’t we be alerted by that? For example, if an employee that doesn’t usually copy much information, is suddenly copying 70,000 records, shouldn’t this be something we need to be alerted to?
AI has the ability to alert you with this kind of unusual activity. AI opens up realms of possibilities and allows us to explore with more speed and intelligence. However, AI also has the ability to be dangerous as hackers also begin to adapt and inevitably become more AI capable.
Signature based approaches to antivirus systems are also changing. With many antivirus systems being file or signature based, when a new virus is released, the solution to resolving the threat is all based on a signature.
Hackers developing malware understand that everything is signature based today. Many organisations may choose to use more of an AI based structure within security software for malware and viruses. Solutions that will be combating these types of threats will also need to pick up this trend and become AI integrated so that they can react much faster than a signature based approach.
Remediating attacks using real-time remediation strategies
Acting faster to remediate threats has never been more important. The more public a company is, the more desirable it is for hackers. Hackers love to break through the biggest organisations in order to make front page news, just look at WannaCry and Petya as examples of the biggest attacks made in 2018. In the new year, hackers will continue to target the most public organisations.
Large organisations are beginning to look to cyber security software solutions to remediate attacks. It often takes 3-10 weeks to fix an issue, at which point detrimental damage has already been caused. This calls for real-time remediation strategies: the ability not only to detect and protect against singular incidents but to fix the problem for the entire environment. Organisations can move from simply treating the symptom, to fixing the cause of the problem at the root.
Increased collaboration between IT operations and security teams
Typically, the security team is inundated with new threats every day and need to evaluate these threats and give the operational team insight, however, the operations team will already have a list of things that they need to do.
The problem lies with both teams having different mindsets. Security teams focus on risk management and safeguarding a business against threats, whilst operational teams focus on process and performance management.
The key to solving the rift is collaboration and working together to solve the same problem: both teams need to have a SecOps mindset. They need to develop a way of working and thinking that is based around the principles of innovation, speed, security and business value.
Organisations will need to look into how they can bridge the gap in 2019 and understand that integrating IT and security is fundamental for generating value for the business.