Three top trends that will impact cyber security strategies in 2019
Effectively managing cybersecurity continues to be a top challenge for enterprise. More and more companies are undergoing digital transformation, and the tools and technologies with which business is conducted are changing rapidly. With those changes, approaches to cybersecurity must evolve as well.
The following are three key predictions for major shifts in cybersecurity in 2019.
The need for security teams to match the effective Continuous Integration/Continuous Deployment (DevOps) capabilities of development teams will cause security teams to continue to move towards automation and orchestration.
DevOps is changing the way (and speed at which) software is being developed, and this greatly impacts security. How security is applied today is very different from how security was applied to legacy infrastructure built in the past. Security teams must become faster and more efficient, and this means embracing automation tools that can assist with tasks like applying patches to vulnerable services.
Similarly, many companies are adopting new technology while still relying on some legacy systems. Security must be applied differently in these hybrid environments, too. Gartner predicts that DevSecOps will be embedded in 80 percent of development teams by 2021, up from 15 percent in 2017. I certainly hope that’s true, as we will surely see even more breaches in 2019 if security does not adapt to the new processes, capabilities and tools of DevOps.
In an effort to measure the effectiveness of security people, processes, tools and technologies, vs pure compliance, we will see wider-scale adoption of MITRE ATT&CK.
In 2019 we will see companies shifting beyond simply being compliant, and instead focusing on the effectiveness of the security controls and processes they put in place. The MITRE ATT&CK framework offers a descriptive approach to testing the defenses along the path that a typical attacker follows to compromise an organization’s business processes, and steal sensitive information.
The model is quickly gaining in popularity because it enables organizations to proactively test the various aspects of their security capabilities, and pinpoint areas for improvement. They can emulate attacker behavior and remediate the gaps before an actual attacker finds those weaknesses and breaches their defenses.
Continued public breaches will encourage organizations to go back to the basics and review and measure fundamental security capabilities like asset management, network segmentation and public disclosure policies and procedures.
In evaluating the public breaches that make headlines daily, we see that companies are failing at very basic security best practices, over and over again. Rather than simply deploying the latest and greatest security tools that promise to thwart new attack vectors, companies need to take a step back and add or fix security fundamentals that are broken.
A common mistake we see is companies not having accurate inventory of all of their assets, and so databases, machines, etc. are overlooked, neglected and left vulnerable. We see this happening especially when companies acquire smaller organizations and don’t take thorough inventory of the assets of those companies—leaving the acquirer responsible for data they may not even know they have, let alone know where it is, how it’s being protected, and what other assets it might be linked to.
Organizations should first focus on frameworks like the top 20 Critical Security Controls, and perform thorough testing to make sure their implementation is working as it should. Then, when companies choose to add new technologies and processes, they should re-test and continuously test to ensure those technologies continuously work with their environment and compliment other technologies already in place.
It’s far too easy for security teams to get distracted by new and shiny products that promise to protect against the latest threats—but what companies are getting burned by most are elementary, silly mistakes. In 2019, the theme will be “don’t go chasing waterfalls.”
In addition to revisiting basic best practices, we will also see companies revisiting their PR policies and procedures around handling breaches. This past year, we’ve seen CISOs fired for breaches not necessarily because of the breach itself, but because of failure to properly communicate details of the breach to affected customers and the general public. Companies need to ensure their policies/processes for handling breaches are buttoned up.
As major data breaches continue to make headlines and companies struggle to formulate strategies to keep their own assets secure, the above cybersecurity shifts are sure to be part of the conversation. The public demands companies keep their data safe, and increasing government regulations will hold companies accountable.
Cybersecurity must evolve to keep pace with the speed and efficiency of DevOps, companies will put more of an emphasis on the effectiveness of policies and tools in reducing breach risk, and organizations must stop exposure of sensitive data due to basic security mistakes. These changes are not optional, but a necessity.