Organisations will respond to the current threat landscape with a zero-trust model
The big event of 2017 was the Equifax breach, where cyber criminals gained access to the data of 143 million people. Fallout included the departure of senior executives, the filing of more than 23 class-action lawsuits and a 35 percent stock price decline that wiped out $4 billion in market cap. The unusually severe market reaction may indicate investors are growing increasingly intolerant of companies that don’t take security seriously.
We expect companies to respond by implementing zero-trust models—which involves two important shifts. First, it shifts access controls from the perimeter to individual devices and users, thereby allowing employees to work securely from any location without the need for a traditional VPN. Secondly, access to services is granted based on what is known about a user and their device, which are all authenticated and authorised.
The security market will incorporate machine learning to address identity-related breaches.
Last year, companies integrated machine learning to ascertain the risk level of individual transactions and decide in real-time whether or not to allow them. While behaviour analytics aren’t new, until now few solutions had the ability to actually stop a transaction in real time.
This pivots identity security away from detect-and-respond alerts and towards more automated preventative controls. For example, risk-based authentication (RBA)improves user experience by using machine learning algorithms to assessrisk, and can require a second factor of authentication only when risk is high. The benefits are substantial, and we expect to see rapid integration of these technologies into cybersecurity solutions in 2018.
The dark but lucrative trend in ransomware will continue to explode in the coming year.
According to sources, between 2016 and 2017 (to date), dark web ransomware sales grew 2,500 percent to $6.2 million. According to the FBI, 2016 ransom payments totalled about $1 billion, up from $24 million in 2015. While we predicted increases in ransomware last year, this off-the-charts growth surprised even us. We expect this lucrative trend to continue for many years to come.
The rapid move to the cloud will increase the adoption of zero-trust network models and modern microservices architectures which will mandate the use of least privilege.
In 2017, companies moved huge segments of their infrastructures into the cloud. Security considerations there are similar to those on premises: authentication is still required and privileges must be managed. We anticipate widespread adoption of technologies designed to manage privileged identities with extreme granularity. Least privilege will become an increasingly common term around the datacentre.
Automation frameworks will make it easier for DevOps to adopt AWS securely.
In 2018, security vendors will continue to embrace Amazon’s shared responsibility model for AWS, recognising that scalable automation is essential to protect sensitive information in the cloud. This will result in the rise of DevOps, a fast-growing segment required for successful automation due to its ability to script, automate, scale and handle exceptions effectively. Increased, straight-forward automation will make it easier for DevOps to adopt AWS securely. In turn, baking security into the process will allow for further adoption of cloud-based services.
Blockchain will emerge as a potential disruptor across many areas of technology.
Blockchain technology has started making serious waves – and not just in the world of cryptocurrencies. Even US defence contractor Lockheed Martin seems to be exploring blockchain-related cybersecurity options. While we expect blockchain to emerge as a potential disruptor across many areas of technology in 2018, it will take several years before vulnerabilities can be addressed and the technology is considered mature enough to act as a basis for enterprise security.
Increasing identity-related breaches and vendor fatigue will force organisations to re-evaluate their entire security postures: architecture, budget and project priorities.
According to Verizon’s annual Data Breach Investigations Report (DBIR), in 2015 compromised identities were responsible for 50 percent of all data breaches. That number grew to 66 percent in 2016, and 81 percent in 2017. Attackers are focusing on the most vulnerable areas of the business: identities.
Still, most organisations aren’t making the connection. In 2017, companies will spend just 4.7 percent of their total security budgets on identity and access management (IAM); the very technology that could help prevent four out of five breaches. In 2018, a combination of increasing identity-related breaches and security vendor fatigue will force companies to re-evaluate their entire security postures, from the ground up.
However, in the meantime, unfortunately things will get worse before they get better – but new models such as zero-trust and a focus on securing identities provide a path forward to turning the cybersecurity tide.