IT Focus Area: security
January 7, 2020
7 Cybersecurity Trends for 2020
Developing a proactive approach to the increasingly complex area of cybersecurity is essential for organizations that want to continue to be competitive and profitable. Organizations that shift their priorities and resources towards strategies and tools to achieve this will create new opportunities, build value and align their security program with their risk profile well into the future.
7 Cybersecurity Trends for 2020
Here are seven trending cybersecurity areas to consider for an improved security posture in 2020.
1. Managing the human factor
There’s never been a riskier time for a business to have employees. Businesses need the skills, knowledge and capabilities of people to power their daily operations, but those same people are also the most error-prone and easily exploitable vulnerability inside of any organization. That’s always been true, but the risks are greater now. Organizations have more valuable data accessible to more people than ever before, and the efforts of bad actors are increasingly more sophisticated.
What you can do
An identity and access management (IAM) strategy is essential now and into the future. Single sign-on (SSO) and multi-factor identification (MFA) are making it easier for people to access their needed applications and workflows without the assistance of a password written on a sticky note. Because users benefit, adoption rates and satisfaction are high for these IAM policies and tools, helping organizations improve their security stance while also improving their users’ experience.
IAM Key Stakeholders : Developing a successful IAM strategy includes the involvement of key stakeholders to enable successful identification of business drivers, desired outcomes, and success criteria. Key stakeholders might include:
• IT Operations
• Business unit leads
• Application owners
A solid IAM strategy in 2020 should include these four areas:
- Identity management focuses on individuals and involves on- and offboarding of users and their individual accounts.
- Identity governance identifies the roles and responsibilities of the user base to maintain the right access for the right people at the right time based on the access needs of each role within the organization. It also supports regulatory compliance.
- Access management moves beyond role access to managing the security of how access is achieved. This includes SSO, MFA, biometrics and other security methods that go beyond passwords.
- Privileged access management helps to further protect those employees that attackers see as high value because of their superuser access to data and controls, such as the IT staff.
Identity governance has particularly matured in the last few years, and both cloud-based and on-premise solutions are readily available. Cloud tools often include standard pre-configurations that will work for many organizations. On-premise solutions generally offer much more customizable options which can be beneficial for larger enterprises and necessary for industries with more complicated workflows, such as healthcare.
2. Acknowledging and mitigating cloud vendor risk
Driven by the technical and economic aspects of moving to the cloud, many organizations are choosing to do wholesale moves of entire systems, functions and critical services. While the benefits of this are easy to identify and acknowledge, the risk that comes with shifting assets to a third-party vendor might not be. As cloud services and cloud security gains adoption, and cloud risk and cloud exposure are more widely recognized, it’s going to be harder and harder for organizations to ignore this critical question—what’s at risk for the business with the move to the cloud? Do existing legacy tools work for the new cloud or hybrid environment? Or are new solutions needed?
What you can do
Acknowledging and identifying your organization’s risk won’t mean an end to your cloud strategy. Cloud is the present and future of computing, and integrating cloud services and applications is an essential part of continuing to be open for business. Don’t avoid acknowledging the risk in your cloud deployment, instead, start building a data-centric security strategy now to mitigate it.
Nearly every vendor you do business with has at least some of their operations in the cloud. When there is a transfer of data with a vendor, their risks become yours. And the reality is that you can’t outsource risk. Consider this scenario: your company uses a third-party, cloud-based human capital management (HCM) tool. Your HR team extracts information from that tool to share with someone else. The HCM vendor has no control of the extracted data and your organization now owns the associated risk.
Effective security needs to be closer to the operations of the business, with an understanding of the people and processes using data. Who is interacting with your enterprise data? What are they doing with it? What data does each individual need access to? What risk does that access bring to the organization? Not all data is created equal and recognizing the difference in value and exposure of data sets can help organizations gain an understanding of the levels of protection, compliance and access required for their varying data.
Start your data-centric security journey with data classification to help you identify the varying values of your data so you can treat it accordingly. This is a complex project and organizations should avoid making it so overwhelming that it is either never complete, or never launched. It’s important to start simple, using an understanding of workflows to help reduce complexity and keep the project moving. It can be as simple as starting with internal versus external data, identifying whether the data has restricted or public use, and then developing security policies from there.
Making the move to the cloud in a structured, strategic way will also maintain the confidentiality, integrity and availability (CIA) triad. Your data-classification project can help to ensure confidentiality, with data only accessed by those who should; maintain data integrity for consistency, accuracy and trustworthiness; and provide appropriate availability for data to be used as needed.
3. Vendor consolidation gains traction
During the previous five-nine years there was an explosion of vendors who claimed expertise in the cybersecurity arena. The past year saw a course reversal, with larger vendors acquiring smaller firms who have innovated a compelling use case that solves security problems in a clear and repeatable way. This trend looks to continue in the coming years.
What you can do
What does this consolidation mean for you? Simplification. Now is the time to consider a platform that can consolidate multiple controls to simplify control enforcement and enable better monitoring. Up until recently, organizations have been tasked with creating an in-depth security stance by pulling together multiple vendors with or without the support of vendor integrations. This has caused complexity for IT teams because of the time and resources needed to manage multiple and often overlapping tools. Picking one vendor may have the drawback of narrowing choice, but it helps security teams with what they are struggling with most—managing things at the security program level. With 90% of data breaches tied back to some human element, the security team needs more efficient and effective ways to protect the organization from insider threats and social engineering efforts. Functionality and toolset consolidation can deliver that.
4. Privacy laws driving regulations
At the start of the year, the California Consumer Privacy Act (CCPA) went into effect. Like the European Union’s General Data Protection Regulation (GDPR) which was enacted mid-2018, CCPA gives California residents certain rights in the use of their personal information by businesses, including the right to know what personal data is being used, by who, and for what purpose. Individuals also have a right to have their personal information removed from any data sets the business sells to a third party, and the right to request that their data to be permanently deleted, referred to as the “right to be forgotten.”
A significant difference between the CCPA and the GDPR involves how participation is achieved. The GDPR automatically opts-in residents for protection under the regulation, while the CCPA offers similar protections only when the individual opts out of sharing their data. To meet this CCPA requirement, businesses need to provide a way for individuals to opt-out at the point of data collection.
The California attorney general has said there will not be any enforcement action before July 1, 2020, giving affected businesses the next six months to come into compliance. Along with businesses physically located in California, the legislation also applies to out-of-state entities with customers or employees in California. Like any good piece of legislation, there are caveats, exclusions and exceptions to the scope of the regulation.
What you can do
Affected businesses need to act now to determine what data sets are impacted, determine what level of risk impact they are willing to accept, and then develop a process to handle verifiable consumer requests regarding their data. Businesses should also see this as a wake-up call as more states are expected to follow California’s lead. The long-term forecast for individual data privacy points to the probability of a federal privacy law. This would likely be a welcome development if businesses are being asked to meet the requirements of individual, differing laws from state to state.
5. Leveraging data intelligence in security operations
Nearly every organization knows they need to be pulling better intelligence from the information gathered in their security operations center. With the right information, the security team can more effectively identify the alerts and events they should prioritize, allowing for faster response times to real threats and less time spent on false alerts and non-malicious activity.
What you can do
Enterprise-level organizations have generally moved beyond data collection and normalization into data enrichment, but these same organizations now need to move farther down the path towards orchestration and automation. The next step in the journey should include overlaying existing security information and event management (SIEM) capabilities with advanced machine learning (ML), analytics, and a security orchestration, automation and response (SOAR) platform. This will provide the help that IT teams need, moving beyond initial alerts to managing incident response.
For small- to mid-size organizations, this will be an important year for progressing beyond the data lake to actionable insight. For those who have mastered data collection, the next steps will involve data normalization to quickly add value for their organization, and data enrichment to give context to the data they’ve been collecting.
To make this move, these organizations should integrate a SIEM solution, and those who have the foresight will do so with an eye to adopting user and entity behavior analytics (UEBA) and SOAR in the future. Adopting these solutions requires budget, manhours and expertise, which are often in short supply, but, once added, a SIEM solution will help alleviate some of the strain on these same IT resources.
With a mature SIEM containing thoroughly normalized and enriched data from network, endpoint and other sources throughout an organization, advanced analytics and associated algorithms come into play. Integrating a solution such as UEBA into the tool stack brings a new layer of detection by recognizing suspicious behavior in activities being performed by other user identities or machines.
For organizations of any size, compatibility is essential for overlaying SIEM, UEBA and SOAR solutions. Because of this, solution transformation in the marketplace will continue into 2020 and beyond. SIEM and SOAR vendors are adapting to this actuality through acquisitions and API integrations. Some of the larger solution providers appear to be working towards building all-encompassing solution sets with the end goal of providing clients with a single pane of glass.
6. Staffing challenges and security risks converge
The development of specific security teams within the IT department has undergone a high-speed maturation cycle since approximately 2010. Some organizations were still building their first security teams as little as five years ago and then quickly moved to develop a security operations center (SOC), specialized incident response (IR) teams, and other roles. These teams are now tasked with securing more data and more endpoints from an increasing number of threats. At the same time, enterprises have more unfilled IT positions and fewer skilled IT staff, with a recent study showing that 41% of respondents saying they’ve had to recruit, hire and train junior professionals.
What you can do
It may be time for organizations to take an honest look at their internal structure and recognize the need for more of a hybrid approach to security. This can include leveraging skilled internal employees for the most crucial projects and using outside vendors to off-load other tasks, including Tier 1 response and special projects.
This shift in thinking will be especially difficult for those organizations ruled by “we’ve always done it this way” decision-making. As this internal dynamic changes, the good news is that organizations have access to solutions and services that have matured. Managed security service providers now have more adaptable deliverables and improved SLAs, while the use of an experienced, third-party IT advisor can help identify critical risk areas and speed the selection of new solutions. With a trusted advisor, an assessment should be done to identify risks that need a more advanced solution and more of the department’s resources and those that can be accommodated with a commodity-level solution to help maximize the available budget.
7. Securing IoT devices
As adoption of the Internet of Things (IoT) increases, especially in healthcare and manufacturing, the emphasis on securing IoT devices moves to the forefront. Along with human factors, IoT is a relevant and rising threat vector. With everything now connected to the network from a perimeter that goes far beyond any physical border, organizations need to know the current state of their IoT threat.
What you can do
IoT management is a relatively new concept and currently only the larger enterprises are implementing strategies, but this should be on the radar for more organizations in 2020. The first step is to discover the IoT devices in your environment. Along with devices you might be aware of, this process is likely to also uncover unknown and outdated devices, vulnerable devices, and possibly devices that are in a secure area and shouldn’t be.
Once identified, all devices should be categorized by device type and rules developed to secure each category. Segmentation strategies, zero-trust models, and frameworks can help an organization manage IoT risks in the coming years. IoT management frameworks can consolidate logs, give visibility into all devices, and manage firmware updates, giving those responsible for the environment a single pane of glass to work with. This is a growing area and more vendors are likely to enter the IoT security space to help with this management process.
Improving your cybersecurity program in 2020
The shifting landscape of cybersecurity threats, tools and best practices challenges even the most experienced and supported IT teams. Adapting and navigating these issues requires forward-looking strategies that build on foundational basics. By understanding the trending security risks, strategies and tools of 2020, you will be better positioned to plan, execute and enhance your organization’s security stance.