Cybersecurity has become a hotly debated issue.
As new security technologies and vendors emerge, more threats are found. Some of today’s top cybersecurity trends include:
A move to proactive security
Cybersecurity is usually viewed as a reactive service because action is taken after a breach, which is too late. As the risks of attacks and breaches grow, organisations must become more proactive and detect and stop them timeously. This is where managed security service providers (MSSPs) can offer affordable mainstream outsourced/managed proactive security services.
Artificial Intelligence and machine learning
In an interconnected world, a strain of AI-based malware can compromise millions of targets simultaneously. Now imagine that with AI capabilities, it can adapt while looking to exploit its targeted system. When it succeeds, it relays this knowledge to millions who soon learn that exploit. The presence of AI and machine learning in cybersecurity will soon spread and become ubiquitous.
‘Outsourced/In the cloud’ security services
As the complexity of cybersecurity grows, so too will the skills shortage, and many organisations will outsource their cybersecurity operations or move them to the cloud. This will cut the cost of deployment due to the scale of MSSP offerings and address the security skills shortage as the service will be managed by the MSSPs.
Cyber resilience adoption and GDPR compliance
If attackers have the time, motivation and resources, they can breach an organisation despite its superior cybersecurity technologies. Adopting cyber-resilience frameworks will ensure that they can operate during an attack and recover quickly. Governance, risk and compliance strategies are driving cyber-resilience adoption internally while regulatory requirements like GDPR drive them externally.
Advanced persistent threats and data breaches
The average time an attacker spends inside a compromised network before being detected is more than six months. So it’s imperative to detect a breach as soon as possible. Data breaches and their direct impacts will increase as breached organisations struggle to recover from the reputational damage and financial loss. The growth in identity theft, fraud and extortion with stolen information being readily available online will continue.
The insider threat
An organisation’s users are one of its weakest links. So it’s imperative to drive educational cybersecurity exercises to mitigate the risks of accidental vulnerabilities from unsuspecting internal users. Phishing, spear phishing and whaling incidents will continue, making it essential to educate users, deploy anti-phishing technologies and implement rigid policies and procedures.
Internet of Things
The focus on IoT security and best practices will sharpen because unsecured IoT devices provide easy entry points. CCTV cameras, smart TVs and smart appliances connect directly to the Internet without a protective security layer. Many devices also have default admin login credentials that never change, which makes them easy to exploit. Changing default usernames and passwords and segmenting vulnerable IoT devices from the greater network will ensure greater security.
Public cloud security
Security becomes paramount as more organisations move to the cloud. Cloud users must understand their security responsibilities and that of their cloud providers and ensure that they are delineated clearly. Operating System patch management and security such as anti-virus, application security, protecting individual workloads through micro-segmentation and data security must form part of the public cloud security strategy.
Consolidation of security vendors
As new security vendors emerge, we will see a consolidation in the market where big players acquire smaller ones for their IP, unique features and technologies. This won’t apply to every small player because the bigger ones might develop some technologies in-house. Regardless of this, we will see an industry rationalisation in the future.
Existing trends to watch
The emergence of new threats does not halt the existing ones. There will continue to be a prevalence and growth of these trends, among others:
- Malware-based attacks.
- Cyber warfare and nation-state attacks.
- DDoS attacks, social media manipulation and fake news.
- Readily available cyber weapons.
- Skills shortages.
- Cryptocurrency hacks.
- Identity and access management and multifactor authentication.