Fujitsu EMEIA’s VP of Enterprise Cyber Security – Rob Norris – shares his Cyber Security predictions for 2019
With breaches hitting our headlines almost on a daily basis, be it public or private, small or large, every organisation in the digital age has become vulnerable to an attack. As attackers always have the initiative, even the best-run company could suffer from a hack or data theft and 2018 has continued to make that very clear.
According to Rob Norris, VP of Enterprise Cyber Security, Fujitsu EMEIA: “We always anticipated that 2018 was going to be an interesting year for cyber security – not only because of GDPR – and as the year progressed, we saw some of the most high-profile attacks and data breaches. The likes of Facebook, Marriott Starwood, T-Mobile, Quora and Air Canada all made headlines with the full implications of these breaches on their businesses still to be seen. Although there is no denying that organisational awareness is on the rise, one thing is clear – those behind breaches and hacks are finding new and creative ways to bring an organisation to its knees. This is being driven by the rise of Cloud, Internet of Things (IoT), as well as the fact that the amount of data stored and analysed continues to explode, meaning organisations are having to think about the bigger picture with their security to ensure they’re safeguarding the business, employees and customers.
“One thing we can predict without any uncertainty for 2019 is that as threats continue to grow we’ll be working hard to help our customers across the world to prepare their people, processes and technology to deal with these threats through our approach of Intelligence-led Security. At the end of the day, technology alone cannot stop a breach; it requires a cultural shift to embed strong data and security governance throughout an organisation.”
In light of this, Rob Norris shares his top five predictions for what we should expect from security in the coming year.
Secure Multi-Cloud will emerge as the path to secure and agile operations 2019 will see more organisations adopting a multi-cloud strategy to accelerate towards their digital transformation objectives. Whilst there are clear business advantages to adopting a Multi-Cloud approach it also has the potential to create disparate Cloud siloes, each requiring an individual perspective on the application of corporate security. This increases management complexity of the corporate cybersecurity posture; introduces possible inconsistency in the application of security controls, and can bring a lack of or disjointed visibility across a dynamic hybrid threat landscape. These security challenges coupled with the development of advanced attacks by cyber criminals present an ever increasing risk to the financial and reputational integrity of a business.
As such, this challenge will drive the rise of Secure Multi-Cloud - an integrated security framework capable of delivering consistent security in a Multi-Cloud environment. The framework is supported by the adoption of highly integrated cloud agnostic security tooling, coupled with automation and orchestration, to provide a holistic view of corporate cybersecurity posture, increased security visibility, and elastic application of relevant security controls.
Game keepers will turn poachers – the growth of threat hunting
As the threat landscape continues to grow in size and sophistication threat analysts will need to take a proactive approach to protecting their organisations. The concept of threat hunting is supported by initiatives such as automation and orchestration, allowing analysts the scope to proactively look for threats that may be missed by the conventional detection tools. This concept and the tools now enabling it such as Endpoint Detection & Response are allowing analysts the ability to better identify known and unknown attacks earlier in their lifecycle. This does require a change in mind-set from protector to hunter and analysts needs the right tools to be effectively equipped as hunters. If threat hunters can combine their human intelligence with the right digital intelligence from EDR and AI-based technologies this is a significant step forward in protecting organisations from the financial and reputational damage that we are seeing in society today as the result of an attack.
Legitimate services abused for illegitimate causes delivered via email
The rise of abused legitimate services, witnessed at the end of 2018, will continue, with phishing links sent via email linked to otherwise legitimate websites. Services created for legitimate reasons such as file-sharing or questionnaire hosting will be subverted to attackers needs. These sites continue to be abused with attackers using free hosting capabilities to host phishing content, using the trusted relationships of vendors such as Microsoft and Google to avoid reputation blocks from proxy services. Examples of this include using questionnaires designed to represent login portals hosted on the very same service they aim to phish. Detections for such services become difficult automatically as traditional methods such as Indicator of Compromise detection, SSDeep hashes etc. will likely reveal ’legitimate’ content.
Because of this, it will become necessary for network defenders to either understand URL structure, detecting where a legitimate login portal differs from a legitimate site serving illegitimate content or for companies to look to identify such sites in advance instead of relying on traditional defences. It remains to be seen whether the rise of services such as Slack will see organisations shift from traditional use of email.
Privacy will need to be designed for the people, by the people
In 2019, we will stop looking at people as the weakest link, and consider how we empower them to be the strongest link as advocated by such institutions as the UK National Cyber Security Centre. For privacy-by-design to truly work and be embedded in everything we do, we need to take a step back to understand the data so that privacy is designed for the people, by the people. That means applying human intelligence to the process of classifying data to provide crucial context. For example, ‘Name’ and ‘Address’ details need to be kept securely, but if those details apply to a member of a vulnerable group in society, such as a child, those details need to have even greater levels of protection. Applying generic rules to types of data without considering the implications will lead to data being classified incorrectly. Privacy needs to combine the benefits of technology with human intelligence to ensure that the right details are kept secure in the correct way.
Investment in Identity and Access solutions will be wasted unless they are implemented with a greater understanding of end-user requirements We have seen many cases recently where end-user requirements have not been taken into consideration, and so these end-users have turned to alternative work arounds and shadow IT, complicating or damaging security governance and compliance processes. This wastes the investments organisations have made and increases operational costs.
To avoid wasted investments we’ll see that wise organisations go forward with as a Service–delivery model and consumption-based cost model that allows them to change direction easily when needed. As a Service solutions (IDaaS, PAMaaS, etc) will be main stream to buy, and IAM services will be evaluated more from an end user perspective. Passwordless usage, single sign-on and strong/multi-factor/biometric authentications that are user-friendly are good examples that best fulfill end user requirements, and provide compelling reasons to buy IAM services.