What trends can we expect to see in the cyber security arena? We explored this question with different members of CyberProof’s team and uncovered some interesting predictions.
The Skills Gap Connects to Increased Adoption of AI
This is nothing new: The demand for qualified professionals in cyber security continues to grow, and we don’t have enough people available who have the necessary expertise. In fact, one of America’s most senior officials responsible for protecting critical infrastructure recently cited the lack of security professionals as a leading threat to national cyber security.
We anticipate that the intensification of the skills gap crisis will prompt greater adoption of Artificial Intelligence (AI) and Security Orchestration, Automation & Response (SOAR) – which, increasingly, will be seen as the answer, as organizations seek innovative ways to improve the efficiency of their cyber security processes in order to scale their capabilities without increasing the size of the team.
As pointed out in Gartner’s Top Ten Strategic Technology Trends for 2020, “AI and ML are increasingly used to make decisions in place of humans.” Well actually, we believe it’s not just a question of making decisions instead of humans but also of making decisions together with humans - boosting the impact of the time and effort invested by humans to create an optimal effect. Thus, we anticipate that in the cyber security arena, AI will continue to be used to augment the work of human threat intelligence analysts – for example, by helping to gather knowledge held by individual members of staff or collecting data available online and allowing it to be shared in real time with an entire cyber security team, so that the right knowledge can be used at the right time to quickly remediate threats.
We expect our clients to be even more likely to ask for AI and SOAR in planning their cyber security strategies and solutions – and to be interested in checking metrics indicating the impact of leveraging automation & orchestration techniques – as they continue to view these solutions as providing greater speed and accuracy.
Shifts in Data Regulation and Increased Protection of PII
Large volumes of customers’ personally identifiable information (PII) collected and stored by companies will finally be recognized as a security risk – and in the U.S., new state and federal laws will be enacted requiring opt-in, rather than opt-out, with regard to collecting, storing, and selling data.
For example, in California, the CCPA – a new law that went into effect on January 1, 2020 and which has often been compared to GDPR in Europe – gives companies limited time to figure out the best way to appropriately handle their customer information. The CCPA extends its regulations to any organization that does business with Californians, and this effectively makes it the law not just in the State of California but across the entire U.S.
Beyond the introduction of new legislation, we expect existing regulations related to the use of data to be implemented more strictly with high fines for high profile offenders everywhere around the globe. According to Forrester, the shift will disrupt areas of marketing that relate to third-party data and AdTech.
These changes mean businesses need to get into action, identify exactly which regulations apply to their organizations, and adopt the changes to technology and processes that are necessary in order to manage their data legally – and avoid both fines and damage to reputation. Bottom line: Stricter regulations are expected to open up a greater need for compliance assessment, pre-audit checks, and more.
The Growing Involvement of Nation-State Actors in Cyber Attacks
The threat of cyber attack is expected to increase, specifically the threat of attacks and breaches by unattributed nation-state actors. The growth in this type of activity will be prompted by the fact that, increasingly, countries will identify the cyber landscape as an avenue for both attack and defense.
A key shift is expected to take place if a nation-state actor initiates a cyber attack that causes critical damage to another country’s financial system or key infrastructure – and the actor gets caught. In response to this series of events, the attack may be defined as an act of war and, for the first time, this could result in a military response.
Nation-state actors are expected to employ a variety of types of attacks, such as: exploiting known issues in devices; purchasing services that provide knowledge about people inside the country; and purchasing services that provide knowledge about people outside of the country.
Increase in IoT-Related Security Issues – As the Perimeter Extends
Kaspersky reported an increase from 12 million IoT attacks in the first half of 2018 to 105 million IoT attacks in the first half of 2019. Attacks have increased nine-fold year-over-year.
Thus, it’s no surprise that we’re anticipating significant growth in this attack vector, as malicious actors continue to initiate large-scale attacks on compromises devices.
The growth of IoT attacks reflects several factors – among them, the extension of the perimeter. While remote work is leveraged by enterprises to increase productivity, data breaches are likely to involve teleworkers, mobile devices, and assets located outside the premises that do not have a layered security defense.
Further Integration of Threat Intelligence with Vulnerability Management
With the continuous onslaught of data breaches (each bigger than the last) organizations are starting to operate more from a threat hunter’s vantage point – i.e., assuming that they’ve already been compromised and proactively seeking ways to reduce the time it takes for identification and mitigation.
We anticipate that we will see significant growth in adoption of threat hunting techniques – an increase in attempts on the part of enterprises to counter targeted attacks by actively hunting intruders, looking for signs of malicious activity within enterprise networks even without any prior knowledge of an attack.
That’s because enterprises are becoming more aware that traditional cyber security defense is reactive and, as the cost to business of large-scale attack becomes ever clearer, they are realizing that the traditional approaches must be combined with a more proactive approach.
Through the adoption of threat hunting techniques, organizations are realizing that they gain new tools that reduce the time between attack and discovery. This is done by identifying potential exploits of vulnerabilities and new indicators of compromise and revealing suspicious activity and behavioral anomalies – providing knowledge that helps them respond more quickly and limits the business impact of an attack.
Thank you to all of the members of the team at CyberProof who contributed their thoughts to this post. To learn more about how best to protect your organization against cyber threats and prepare for the specific challenges expected to develop, speak with a CyberProof expert today.