Dimension Data's updated cyber security trends for 2019
For Matthew Gyde, cloud-based security is appealing for the same reasons organisations are drawn to cloud-based services, the flexibility and scalability is key.
The world of enterprise technology never stays still for long and this year has been no different. Dimension Data has taken a look towards a new year and identified several trends, such as empowering employees, the use of accurate data, intelligent and connected applications, and technology delivered as a cloud based or managed services that businesses of all sizes need to be aware of and to profit from.
Matthew Gyde, Group Executive – Cybersecurity, Dimension Data, says all these trends present a big opportunity for businesses in every sector, to improve internal processes, the services they provide customers, and the ability to develop and grow. He also explains why these are the biggest technology trends that businesses should look to profit from.
Trend 1: Zero-trust is maturing into digital trust
Last year, Dimension Data predicted that organisations would adopt a zero-trust security model. Due to the increasing sophistication of attacks and the emergence of insider threats, IT teams adopted a mindset of ‘we don’t trust anybody’. This meant verifying the identity of anyone or anything in or outside their network that was trying to connect to systems or access data, before granting access. But zero-trust proved difficult to roll out – especially for organisations with legacy networks – and, in some cases, posed a barrier to employee productivity and customer engagement.
In 2019, Dimension Data foresees digital trust emerging as the next security model. Zero-trust has laid the foundation for digital trust by allowing IT to build a ‘digital fingerprint’ of its employees. They’ve established a comprehensive behavioural profile for each user that includes information such as the devices they use and their location. Digital trust allows user access to applications and systems, provided they remain consistent with their profile.
As a result, users can access data and applications more easily, with a reduced number of authentication hurdles, improving their overall experience.
* Improved threat detection
Digital trust involves the deployment of different tools such as deception technologies and robo-hunters – automated threat seekers. If false information regarding a user is being used on the dark web, organisations will be notified that they’ve been breached. They can then immediately erase the fraudulent digital identities and, through their backup and recovery systems, reinstate the known, accurate version of the user’s digital fingerprint.
Of course, an organisation’s repository of digital identities represents a gold mine of opportunity for cyber criminals – so the security surrounding that repository needs to be rigorous.
Trend 2: Organisations are focusing on cloud-based security platforms
Dimension Data believes that in 2019, cloud-based security providers will begin to gain traction in the security market. Cloud-based security is appealing for the same reasons organisations are drawn to cloud-based services: they’re platform-delivered, flexible and scalable.
Cloud-based security systems are built with open APIs, so security teams can integrate technologies into the platform with relative ease and switch security technologies on or off, depending on their needs.
Cloud-based security is especially important in a hybrid-cloud era as cloud services have presented many security challenges. Often, IT would have no knowledge of new cloud services being switched on or connections being made. But because of the flexibility and scalability of cloud-based security, organisations now have additional visibility across their environments, rather than a static view of the organisation with a defined set of technologies, protecting specific points of the network.
Cloud-based security also allows for more automation and orchestration. With the advent of runbooks, security practitioners have a knowledge base that gives them a view on what, how and when to respond to unusual new connections and cyber security incidents. It also lets them automate responses where appropriate. Leveraging machines, they can scan the environment for changes, gather and build intelligence back into the platform (and into runbooks), taking action where there’s a clear threat.
Trend 3: Organisations now aim to be secure by design
For many years, organisations would build technology solutions and then ‘bolt on’ security measures as an afterthought. This would often lead to deployment delays and additional costs. Organisations then shifted towards ‘building in’ security at various stages along the way. The security team was engaged periodically during development, but cyber security was still ‘tagged on’ at the end.
This mindset is changing yet again. With business leaders now confident digital is here to stay, they’re also recognising they must be secure by design.
* What’s the organisational impact?
The change in mindset is happening at various levels throughout the organisation, says Gyde. He adds that business leaders are recognising that cyber security must be aligned to their overall business goals and, moreover, that they must be cyber security conscious at every point in their digital transformation journey.
"Cyber security is being built-in as technologies and applications are conceptualised, designed, adopted and built. DevOps and security operations teams are beginning to work more closely – as a DevSecOps team – creating the tools that enable secure digital transformation."
Increasingly, cyber security is being seen as an enabler of the business and we expect to see closer collaboration between cyber security and all levels of the organisation. We've already seen the West Yorkshire Police change their mindset on crowd control by applying cyber security expertise to assist with the safety of their supporters.
Trend 4: Cyber security is becoming intelligence-driven
We believe that cyber security will become more intelligence-driven in 2019. In a world of fast-moving, automated attacks, intelligence is the key to being able to respond swiftly or even predictively, rather than reactively, to individual threats. Additionally, it will allow for the organisation’s overall cyber security posture to change dynamically in response to the changing threat landscape.
Machine learning will play a critical role in gathering intelligence. Moreover, machines will start making more of their own decisions and execute changes themselves to minimise an organisation’s cyber risk, based on this intelligence.
* The need for speed
While machine learning is helping organisations to protect themselves, we need to be mindful that cyber criminals are also using machine learning in their attacks.
This is going to let them move much faster. Once malware has infiltrated a network, its decision-making will be instantaneous. It’ll be able to move laterally within the organisation, across different ports and domains, more rapidly than ever.
"The challenge is that for businesses, security needs to be right 100% of the time. You can’t afford to make one mistake. Whereas cyber criminals only need to be right once. Intelligence is becoming the new arms race between adversaries. That’s why getting ahead of the curve by using intelligence is going to be critical in the year ahead."
Trend 5: Tighter regulation is affecting risk profiles
Standards groups, industries and governments are constantly implementing new security policies. Compliance pressure on organisations has grown in the last year with the introduction of the General Data Protection Regulation (GDPR) in Europe and the Notifiable Data Breach (NDB) scheme in Australia.
Continuous risk profiling will be key
As a result, Dimension Data expects to see governance and compliance playing an increasingly important role in how organisations manage their risk profile in 2019. If, for example, they’re deploying a new application or technology, they’ll be more critical in their decision-making process. They’ll need to carefully consider what additional risk it might add and how it will affect their risk posture.
Security operations can be complicated by regulations that lag behind the criminals’ strategies. As criminals keep coming up with new ways to attack, regulation – while necessary and important – can sometimes make security harder. Organisations, many of which have limited IT and security resources, need to find a way to adapt to ensure compliance with these new regulations, while still managing day-to-day operations.