Top 10 cybersecurity trends and how to avoid stepping on a rake
Cybersecurity is arguably the most challenging and dynamic domain within the technology sector; core drivers include accelerating threats that are increasing in subtlety and sophistication, the ecosystem-wide adoption of next-level technologies and a regulatory environment that keeps getting tighter. While we all tend to watch what’s directly in front of us while sprinting, it never hurts to see what’s down the road (and how to plan for it) in order to avoid becoming another cautionary tale. There are many potential ways for things to play out, but these trends appear mostly likely to hit first:
1 – Accelerating Adoption of AI and Machine Learning: This genie is definitely out of the bottle. AI and its shadowy wing-man machine learning will continue to play a significant and expanding role in both cyberattacks and defense mechanisms. Cybercriminals with deep pockets and no constraints will leverage AI to launch more sophisticated attacks, while organizations will use and embed AI-driven tools to enhance threat detection and response/remediation capabilities. Also keep in mind that what we’re seeing now (and it’s a lot) is AI in its infancy. Just wait until it’s a teenager.
What do do about it: You cannot let this technology randomly seep into your organization. While AI is hitting everything at the same time, its adoption has to be methodical and systematic, otherwise you’re making it up as you go along. Form a cross-functional group to track adoption, contingencies, and dependencies. Include development, finance, sales/marketing, operations, and customer support teams. And do it now.
2 – Dark Data gets bigger and darker: This is already a huge risk for most organizations, and it’s about to get a whole lot bigger. Estimates from IBM (and others) categorize as much as 80%+ of an organization’s data as being “dark” (unstructured, redundant, inaccurate or unused). Aside from the obvious waste of storage resources, there are significant security and compliance risks. And with the rise of IoT and OT (operational technology) data this is going to start growing exponentially. This is going to be tough to get ahead of, but it is very much in your interest to do so.
What to do about it: Start with an IT audit mapped to your potential attack surface to identify and track potential exposure points. Look at how system resources are being used and look for dormant files – given how vast the datasets are this is something that can (I hate to say) be accelerated by the use of the right AI applications. This is also something you need to do regularly, since the amount of data entering your system is never going to decrease.
3 – Increased focus on Zero Trust Architecture: Zero Trust Architecture (ZTA) is gaining momentum as organizations move away from traditional perimeter-based security models. ZTA assumes that threats can come from both inside and outside the network (basically once you’re in, you’re not), requiring strict identity verification and access controls. This is super tedious (you have to keep proving who you are), and super necessary (because it is).
What to do about it: Like it or not, just do it. IT will need to implement enforcement protocols, but the marching orders for this should come from your CISO. No one is going to push back when the CISO says it’s time to tighten up.
4 – Expansion of IoT Security Concerns: While the internet of things has been around for quite a while, devices have become more sophisticated and therefore a more tempting target for ne’er do wells. With the accelerating adoption of increasingly smarter “things”, the attack surface for potential cyber threats is expanding exponentially. This is particularly scary because it takes threats to a very personal level (hacking into your home security system, hacking into a hospital and changing the settings on a critical medical device, hacking into your car while you’re driving, the list goes on, and it’s consistently ugly). Securing IoT devices and the networks that feed them is incredibly important, and up to this point is not getting the full attention it deserves.
What to do about it: IoT has a heavy presence in operational technology. Because of this, your IT and OT teams need to align, particularly around integrations and workflows. Start with an attack surface audit that goes beyond traditional IT infrastructure and covers OT and ICS (industrial control systems). This is a lot bigger than you probably think it is, but a comprehensive audit will give you a clear picture of what’s in place. And given the context, it probably makes sense to fold this under the CISO
5 – Heightened Regulatory Compliance: Compliance mandates have two elements, both of which have a significant impact. The surface reason for compliance is protection of data and privacy in the context of preventing threats – unfortunately most organizations are not particularly good at self-regulation, and compliance mandates are an effective way to ensure they are paying better attention. The subsurface reason is that compliance violations are a potentially juicy revenue source, particularly at the state level. California has CCPA/CPRA, and now other states (New York, Texas, etc.) are looking at what California has done, and are like “Whoa! Let’s do that as well!” This is the organizational equivalent of a speeding ticket – a self imposed tax. The laws are also dense, opaque, nit-picky, subject to retroactive enforcement, and most regulators seem very willing to test the statutory limits on fines. There is a significant downside to this; states (potentially all of them, plus GDPR, industry-specific ones like HIPAA, etc.) will see this as an opportunity, so you can expect this whole area to get increasingly tighter and even more complex over the coming years.
What to do about it: If you don’t have someone focused on compliance at the executive level, it’s probably a good idea to pull that in sooner rather than later. They should also work hand-in-hand with your in-house counsel. And your in-house counsel needs to be backed up by a law firm that specializes in compliance. And you’ll need more than one, since regional or domain requirements tend to be specialized (CPRA vs. GDPR vs. HIPAA, etc.). This sounds expensive (and it is), but it’s way cheaper than paying the fine.
6 – Increased Focus on Supply Chain Security: Supply chains are particularly vulnerable, since one weak link can affect a whole lot of downstream events, and the chains themselves are spectacularly complex. And as is usually the case, the only thing worse than a breach is a very public breach. As demonstrated by recent high-profile attacks (UCSF, Airbus, Norton, etc.), supply chain vulnerabilities present significant risks to organizations, their partners, and their customers, and it’s reasonable to assume that with increasingly complex infrastructure and the wide availability of AI, this is going to get a lot worse, and probably a lot faster than you think. At an organizational level you can expect a greater emphasis on securing the entire supply chain; this is like living in an apartment, it doesn’t matter how neat and clean you are if your neighbors are slobs. Your whole supply chain (vendors, partners) has to be air-tight, and keep in mind this is not just security, it’s also compliance.
What to do about it: Your compliance and security teams need to set a regular audit/review cadence with their partner counterparts; take the initiative on this and get ahead of the curve. This is also going to be enormously complex and will require a dedicated resource that is part of your CISO’s team.
7 – Accelerating Shift to Cloud Security: The widespread adoption of cloud computing is already leading to an increased focus on cloud security strategies, and specifically for the need for a more robust cyber threat intelligence (CTI) response. The increasing urgency for the implementation of CTI in an organization’s security posture marks a maturation from reactive to proactive security strategies driving two crucial strengths – preparedness and resilience. Going forward, companies will be able to gain a much better understanding of adversaries’ tactics, techniques, and procedures that will enhance the protection of their cloud environments. The main advantages of CTI include delivering specific, actionable intelligence, which will allow your team to focus on and neutralize the most pressing threats.
What to do about it: Expect a much bigger investment in tools and technologies to secure cloud environments and data stored in the cloud. If you don’t have a CTI program in place, get one. And make sure your CTI data correlates with data tracked in your SIEM, so your SecOps team is aligned with your CTI team.
8 – Cybersecurity Skills Gap: Analysts are tasked with processing hundreds of IOCs per day, where each one can take 20-30 minutes of painstaking work to review (if they’re lucky). Add in the potential downside of letting something unintentionally slip through, and this is one of the reasons analyst burnout and turnover is a real issue (3M open reqs globally, 700K in the US alone). On top of which drilling into the incident details often requires a nuanced grasp of specialized query languages, which are often beyond the reach of relatively junior security analysts. Because of this, the shortage of skilled cybersecurity professionals will continue to be a challenge for organizations.
What to do about it: Keep in mind this is not just about investing in training and education programs, this is also about implementing AI technology such as applying NLP to query languages to let analysts ask straightforward questions (ideally spoken, and in any language) and get prioritized returns off petabyte scale data sets in a matter of seconds. This will make it far easier for analysts to do their work, and in the long run should start to narrow the coverage gap.
9 – Increased Cyber-Physical Security Integration: As operational technology (OT) and industrial control systems (ICS) become more interconnected with IT systems, the potential attack surface is going to expand exponentially, the risk of operational disruption increases, as does cross domain threats (malware originally targeting IT systems) which will spread laterally across interconnected systems. Going forward the convergence of cyber and physical security will become increasingly important to protect critical infrastructure. This is already happening on larger and larger scales, and similar to the effects of IoT breaches, it becomes very personal (utilities are compromised, traffic control systems stop working, etc.). No one wants life to imitate art when the art is a disaster movie.
What to do about it: This is very similar to securing your supply chain or IoT infrastructure. IoT and OT have a significant overlap, and most of this is spread across your supply chain. Start with an audit to get a clear sense of how much work your team is facing, correlate this information with both operational and partner teams, manage it through your CISO’s organization, then update on a regular cadence.
10 – Continued Evolution of Threats: Cyber threats will continue to evolve in a broad variety of increasingly sophisticated attacks, with the most likely being 1) Advanced Persistent Threats (APTs) targeting critical infrastructure which is increasingly interconnected and therefore a tempting target. APT groups will escalate their efforts to infiltrate and disrupt critical infrastructure sectors such as energy, transportation, and healthcare using zero-day exploits, supply chain attacks, and covert network infiltration, posing significant challenges for detection and mitigation. 2) Ransomware targeting cloud environments and IoT devices: cloud services and IoT ecosystems present lucrative targets for ransomware operators due to their widespread adoption and potential impact on business operations and personal privacy. Future ransomware variants will exploit vulnerabilities in cloud infrastructure, misconfigured IoT devices, or weak authentication mechanisms to gain unauthorized access and encrypt critical data, creating challenges for incident response and recovery. 3) AI-Powered cyber attacks and deepfakes: the integration of AI/ML into cyber attack tools and techniques will pose a significant threat. Malicious actors are leveraging AI to automate and enhance various stages of the cyber attack lifecycle, including reconnaissance, evasion, and obfuscation. And if that wasn’t enough, the proliferation of deepfake technology raises concerns about the manipulation of digital content for malicious purposes, such as creating convincing impersonations or spreading disinformation campaigns. This is going to become particularly acute as the election cycle gets closer to November.
What to do about it: This is about as complex as it gets. To address these threats, organizations must immediately prioritize cybersecurity investments in areas such as threat intelligence, threat identification, correlation and remediation, vulnerability management, secure software development practices, and continuous employee training. Organizations also need to take a holistic approach to security; normally CTI and SecOps are separate functions, and both of those are one step removed from OT and ICS systems. All of this needs to be fully integrated with real-time correlation, NLP-driven interfaces for ease of access and backed by increasingly sophisticated and configurable dashboards to track petabyte scale datasets that are constantly in motion. This is effectively a next-gen security operations platform that includes cloud-native SIEM, SOAR, UEBA and TIP capabilities. Also, keep in mind the whole process is non-optional. The sooner you get started, the sooner you’ll be glad you did.