As we enter the second half of 2019, several key themes in the cybersecurity arena have come to the fore. Artificial intelligence and machine learning continue to take center stage, but a raft of emerging system threats and a host of new app vulnerabilities are also making themselves known. Here, we take a look at some of the cybersecurity themes that have shaped the IT landscape so far this year and look set to continue as major issues over the next 12 months.
Securing the Internet of Things (IoT)
The scope and volume of emerging threats, particularly those leveraging machine learning, is substantial. The news is rife with talk of state-sponsored attacks, ransomware and social engineering—including the view that we, as humans, are increasingly the ones being hacked. The security (or lack) of IoT devices sits at the heart of many of these vulnerabilities, with adversaries establishing new ways of profiting from IoT hacks. The deployment of cryptojacking malware, for example, means attacks are likely to become even more prevalent. As such, organizations need to get serious about securing their IoT deployments.
Gartner predicts 20 billion IoT devices will be connected by 2020, some securely tied to networks, others connected more randomly over unsecured networks. One of the things I was surprised to learn is that, at present, 75% of all botnets reside on routers, acting as the gateways to countless other connected devices. As IoT continues to expand, it’s clear we need to increase security across the board—both for industrial deployments and consumer devices.
Many organizations have decided that zero trust software architecture is the best way of addressing this issue. Taking an authenticate-first, connect-second approach to securing the ever-increasing diversity of endpoints is one of the best ways to prevent even one device from being breached. For unsecure IoT devices, connecting to the perimeter network behind a router acting as an software-defined perimeter (SDP) gateway reduces the attack surface and prevents a compromised IoT device from infiltrating core business information systems.
The cybersecurity sector is talking more than ever before about the importance of due diligence efforts throughout the development process. It seems that for many organizations, in addition to a laser-like focus on securing platforms, there is also a genuine drive for openness. This has almost certainly been influenced by the focus in recent years on meeting the requirements of new regulations such as GDPR. But in 2019, it is also clear that this is part of a wider general movement toward transparency and openness.
Supporting the Ecosystem
Many large enterprises are now managing huge volumes of security products. As a result, they are struggling to integrate the various systems. Security leaders are, therefore, looking at platforms to solve multiple problems. This means we’re going to see the partnership trend continue to grow in importance, with many vendors evolving their platforms to prioritize interoperability, data sharing and collaboration in areas such as threat intelligence.
It’s becoming clear that moving away from a siloed approach to one that’s more ecosystem-focused is undoubtedly the best way forward for the cybersecurity industry. It makes everyone smarter and more effective, while also enabling customers to leverage best-in-breed technology at every turn. This is the best thing for customers and ultimately makes us all more secure.
Achieving Data Privacy
This year, we mark GDPR’s one-year anniversary and it’s no surprise that, 12 months on, data privacy is still a major concern for organizations. But while many have come to terms with GDPR, a fragmented global regulatory landscape is beginning to emerge. GDPR is a positive framework for data protection, but some industry commentators and luminaries are concerned that the model emerging in the U.S. will be an even greater hurdle.
Enacting data privacy regulations at a state level—and even a municipality level in some cases—has the potential to become so complex that even the largest organizations will struggle to navigate and meet the requirements. As yet, no one seems to have an answer for this problem. But if organizations struggle to understand state-by-state or even national data privacy regulations, global compliance will be almost impossible.
It’s also worth noting that many of regulations such as GDPR have significant scope for interpretation, such as holding data for a legitimate business purpose. As data processing continues to rise in complexity, many companies will be unclear on how they prove their business interest is legitimate. What is clear, however, is that no one yet has a workable solution. Eventually we may see changes at a federal level, but until then, it’s down to the industry itself to manage the uncertainty by working together—promoting collaboration and transparency with data privacy and beyond.
Despite the best efforts of the global IT community, cybercriminals continue to make their way into what many believe are secure networks and harvest private data. The fact is that when it comes to IT security, our businesses, organizations and government agencies remain outmatched by hackers who are becoming bolder and more sophisticated.
Even while the network security industry introduces more effective detection and defense solutions, the traditional “fixed perimeter”-based approach to network cybersecurity is quickly becoming obsolete. My advice for the remainder of 2019 is to recommit to trusted security practices while adopting new approaches that leverage wireless, software-defined and cloud technologies. This is especially important as we move even further into the era of the connected enterprise and the need for more agile and pervasive networks.