by Greg Day, VP & CSO, Palo Alto Networks who shares his predictions for cybersecurity in the year ahead.
Legislation bites back
Many expected headlines of organisations punished with big fines straight after GDPR went live. The reality is that it takes time for any new legislation to be tested. I predict that in 2019 we will start to see penalties applied which will finally make executives that haven’t taken the regulation seriously take note. This will be alongside the implementation of the NIS Directive, the EU Cybersecurity Act and the US Cloud Act.
Cloud security woes continue
2018 saw a growing list of cloud cybersecurity incidents and we are seeing a growing number of incidents due to a lack of security fundamentals. I’d speculate that many of these are a result of security teams not being engaged early. While in 2019 it would be easy to just say be engaged in all cloud projects, this is not practical as such projects seem to appear like endless rabbits pulled out of a magician’s hat. Step one must be to gain cross public cloud visibility, and the ability to spot projects as soon as they start. This will allow you to then audit fundamentals, assign a security champion to the project and bring it into your scope to manage the risks.
As the digital mesh of IoT and OT devices grows, so do the risks. 5G, which will begin service trials in 2019 in many European markets, will only accelerate the number of connected devices at risk. We are starting to see two IoT trends with security implications: more inter-connection and more data collection. We must expect adversaries to use each of these as hopping off points to another resource or worse, a data gatherer as part of a bigger, targeted attack. We all remember when Alexa mistakenly listened to a couple’s conversation, now consider cybercriminals gathering intel on executives or a business via voice activated devices, or as a way of generating fraudulent revenue streams. In 2019 the goal, in our personal and business lives, will be to maintain clear insight and control over what is connected and where, and how they share and exchange information. Zero Trust networking is increasingly key here for IoT cybersecurity.
This is a growing space that we can expect adversaries to be testing in order to find new methods of financial fraud, especially as regulations like PSD2 come into force. There is much debate on just what and how access should be granted. Linked to this is also the new Strong Customer Authentication (SCA) for ecommerce payments. Like any new capabilities that involve complex processes and a very broad supply chain, it’s only human to expect mistakes along the way. This won’t dampen the growth of crypto mining and cryptocurrency theft we have seen however, which is so prevalent as it shortens the workflow and slashes the time it takes for criminals to get to the money.
Cybersecurity collaboration improves
Several years ago, the CEOs of a small number of security vendors agreed that if we could collaborate on threat intelligence, we could provide better customer outcomes. Today the that Cyber Threat Alliance has close to 20 security entities and continues to grow. In 2018 the CTA launched an “Adversary Playbooks” project that shares intelligence on key threat actors and their Tactics, Techniques and Procedures (TTP’s) as well as the controls that mitigate them. In 2019, we need to encourage even more people to join and share or use playbooks. This collaboration has the potential for a systemic impact and improvement in how we share and use threat intelligence to prevent cyber-attacks.
AI battles begin
While cybersecurity experts look for new ways to spot adversaries using machine learning techniques, and leverage AI against the mass of threat indicators gathered, adversaries will be increasingly looking to subvert machine learning and AI. They will be trying to find ways to trick such solutions, looking for the cracks to sneak through. We can also be sure they are also looking to leverage AI for their own purposes. Overall cybersecurity is moving into a machine versus machine fight with humans on hand to help and apply judgment
Wholesale move of core security to the cloud
I predict we will see a more wholesale move of our core cybersecurity to the cloud in 2019. As cybersecurity aims to be as technically and commercially agile as DevOps, we can only expect more cloud-based security with new commercial models. However, each business will be gathering petabytes of security data and, that’s before regulation forces us to hold it for longer periods. Businesses will have to leverage the cloud to store, process information and apply algorithms at the speed to prevent attacks. Adversaries simply don’t wait, and the cloud could give cybersecurity teams the edge they need.