The notorious data breaches of 2017 -- especially Equifax, Verizon and Deloitte -- have proven that the traditional approach to shielding IT ecosystems is no longer working. For example, defending your perimeter is no longer sufficient. Hackers are constantly inventing new ways to penetrate networks and your own employees and contractors can easily become malicious insiders given the right motivation.
Forward-thinking organisations are already starting to completely rethink their security approaches to keep up with evolving cyber threats. What can we expect in the future? Here are the top five global cyber security trends that will define how businesses fight back in 2018:
1. Blockchain for IT security
Using blockchain principles to improve cybersecurity across industries is set to become one of the hottest trends for 2018 and beyond. Blockchain technology enables data to be stored in a decentralized and distributed manner, which means that instead of being stored in one vulnerable location, data is stored as an open source ledger. This eliminates the traditional single point of failure and prevents hackers from compromising large volumes of sensitive data, thus enabling organisations to address threats like identity theft, data tampering and DDoS attacks. Use of blockchain also enables organisations to easily determine when data has been manipulated, which makes the technology invaluable for industries with high security requirements, such as banking and law.
2. Focus on insider threats
Perimeter-based security mechanisms are designed primarily to address external threats. However, experience shows that external defences alone are not enough. Attacks by employees and contractors can be much more devastating and difficult to spot. Organisations are realizing this. In our own 2017 IT Risks Survey of more than 700 IT pros, 66% of respondents named internal staff as the biggest threat to security. The survey also showed that most organisations lack visibility into user behaviour, which is the main reason why they are so vulnerable to insider threats. The need to ensure the security of sensitive information and mitigate the risk of employee data theft will force organisations to pay more attention to user activities and establish stricter control over who is doing what in the IT environment.
3. Adaptive approaches to security
Since many organisations lack proper protection against inside-the-perimeter attacks, they need flexible ways to mitigate the risks associated with aberrant user activities. In 2017, Gartner proposed a Continuous Risk and Trust Assessment Approach (CARTA), which may become a core strategy for CIOs and CISOs in 2018. This approach is based on an assumption that security is not a set-it-and-forget-it thing, but a continuous process of regular review, re-assessment and adjustment. Real-time assessment of risk and trust will enable organisations to make better decisions regarding their cybersecurity posture; for example, to prevent privilege abuse, they might grant certain access rights to a user only after careful monitoring and review of the history of their actions in the environment.
4. Advanced analytics
Security software generates massive amounts of data, which is hard to navigate through if you have multiple solutions, such as a SIEM, data loss prevention (DLP) tools, a firewall, antivirus software, etc. As organisations start to focus more on insider threats rather than external attackers, they need to leverage advanced analytics that can collect and process data from multiple sources and provide a unified picture of what's going on in their IT environments. The most relevant example is user and entity behaviour analytics (UEBA), which provides visibility into roles and privileges in the IT infrastructure as well as activities that could pose threat to data security or integrity. The growing adoption of UEBA will help organisations understand their weak points better and focus on areas that matter the most.
5. IT security tailored to the organisation
Every organisation develops its security strategy according to its individual needs. Therefore, we expect vendors to offer a more personalized approach to customers that is flexible enough to take into account their size, industry, IT infrastructure complexity, security issues, budget and other factors. Since the global cybersecurity market is evolving, the number of solutions that address similar issues (e.g., mitigating insider threats) in different ways is steadily growing, which gives businesses the chance to find the product that best matches their IT environment and security requirements. The demand for a customized approach to IT security also creates an opportunity for smaller vendors with a single focus (e.g., security monitoring or threat intelligence) to compete with large players that provide wider range of services, but are less flexible in terms of resolving specific pain points.
The data breaches of 2017 demonstrate that traditional security models do not work anymore. Each organisation has different needs and requires different security tools and frameworks to mitigate both insider and outsider threats. Businesses recognize the need for better protection strategies and are ready to put in the effort to develop individual cybersecurity plans that take into account their size, structure, IT environment characteristics and other factors. This approach can potentially make hackers' jobs much more difficult. These technology trends will help businesses to fight back. It will now take cyber attackers a lot more time and effort for them to avoid detection and gain access to sensitive data.