As a trusted IT Provider, High Point Networks must be aware of future cybersecurity trends to better serve, position, and protect our customers. The following are some cybersecurity trends that range from the boardroom to the cyber battlefield.
Business Leadership Pressuring CIO’s and CISO’s
Security people, processes, and technology are an expensive investment and cyber is likely your greatest business risk according to PwC, WTW, and others. As a result, security leadership must adopt a reputable and quantifiable risk-based approach to cybersecurity. Security leadership must understand the probability of threat actualization, business impact, cost of controls, etc. Security leadership must be able to quantitatively show business leadership that controls are reducing risk, meeting regulatory obligations, and aligning with business initiatives while demonstrating a clear ROI. Therefore, practices and methodologies put forth by proven risk management and controls frameworks, such as NIST ISO, COBIT, etc., will soon be commonplace for businesses of all sizes.
Partnering with an MSSP to provide security services will increase exponentially for the foreseeable future. MSSP adoption will be largely driven by businesses not being able to find, afford, or retain specialized security talent. MSSP’s will act much like hospital systems where medical specialists provide tailored evaluations, treatments, and lifesaving services to customers that a general practitioner can’t. An analogy is a K12 institution hiring a school nurse for basic care and triage. It’s silly to think of a K12 institution hiring a full-time surgeon, neurologist, cardiologist, geneticist, dentist, and the associated equipment to care for its students. In short, it’s okay to supplement your IT employees with MSSP products and specialists to drive strategic outcomes. Frankly, your IT employees and leadership will thank you for it.
Outdated Cybersecurity Philosophies and Methodologies
Soon, the old adage of ‘Secure the Network’ will be replaced with ‘Secure the Data’. If your business has a breach, the first thing legal, your insurance carrier, and the FBI will ask you is, “was the data impacted?” We as an industry have spent the better part of 20 years securing our networks and not our data. I’m amazed by how many businesses can tell me exactly what’s happening with their networks in near real-time but have no idea what’s happening with their data. For example, do businesses know where their data is, how much there is, who has access to it, if it’s regulated, who’s creating it, moving it, copying it, sharing it? Most businesses can’t answer these questions. As a result, regulatory bodies, legislators, insurance companies, and an array of other forces are trying to change the primary cybersecurity focus from network security to data security as quickly as possible.
This next prediction might sound inflammatory, but another outdated philosophy is networking being the primary security control plane. In the future, identity will be rapidly adopted as the primary universal control plane as it’s the only common denominator across data, networks, compute, physical security, appliances, OT, and generally speaking, our physical and virtual worlds. Will network security play a critical role in the future? Of course! But, its role will look different and primarily be played out at higher layers in our hyper-dispersed, work from anywhere, data everywhere, B2B B2C C2C C2B collaborative ecosystem. A staggering risk identified in 2020 was that 61% of breaches involved the fraudulent use of credentials (Verizon DBIR 2021). So, you might be asking, isn’t it irresponsible for Identity to be the primary universal control plane of the future? Great question! Look for the adoption of passwordless authentication to happen very fast. ‘Passwordless’ means no passwords anywhere at any time. Passwordless infers leveraging MFA and TPM guarded asymmetric cryptography to assert Identity and provide authentication where no passwords are involved on the front-end or back-end. More on this to come in a separate article or webcast.
Situational Awareness and a System of Systems Approach
Long ago, the military coined the phrase ‘situational awareness’, which generally means that something is aware of what’s going on around it in all dimensions, in real-time, and across all things. So, the philosophy is, the greater the situational awareness, the greater the ability to prevent, detect, and respond to threats. Historically, situational awareness across data, identities, networks, and devices has been expensive to acquire and challenging to operate. Nevertheless, the benefits can be significant, and purchases of solutions were made when justified. For example, a non-threatening firewall event may look hazardous when augmented with parallel events from email security, antivirus, and authentication logs. Furthermore, cyber situational awareness solutions, also known as Security Information and Event Management platforms, have recently become financially obtainable for most businesses due to non-SQL database advancements, affordable cloud storage and computing, and shared operators via managed service providers. Therefore, it’s likely that the masses will quickly adopt the philosophy of situational awareness to bring more value out of existing tools to prevent, detect, and respond in an optimized way.
Lastly, let’s conclude with the philosophy of a ‘System of Systems’ that will be significant from now on. What is a system of systems? Humans are a great example. When your eyes see something, your brain may perceive it as a threat; and in response, your pupils will dilate, adrenaline will be released, respiration will increase, and you will begin to sweat. All this happens automatically in a fraction of a second without any intervention from you in preparation for your body to fight or flight. Do our technology systems work this seamlessly to detect, evaluate, and respond? The answer for nearly all of us is a laughable ‘no’. But will that change in the future? The cybersecurity industry is certainly headed in that direction rapidly. There are more acquisitions, mergers, and business plays in the information security industry than in any other tech sector. Cybersecurity companies are in an arms race to build or buy technologies and talent to create an end-to-end integrated security stack to form a ‘System of Systems’ which can detect, evaluate, and respond in a seamless automated fashion just like the human body.
Want More Information on Cybersecurity Trends?
Please visit our security page and speak with your account manager for more information on what’s to come and how to position your organization for success.