To understand the current and future state of the cybersecurity landscape we spoke to and received written responses from 50 security professionals. We asked them, "What’s the future of cybersecurity from your perspective?" The most frequent responses focused on AI, ML, and automation, and are shared in Part 1.
DevSecOps
- Gartner predicts that, by 2020, more than 50 percent of global organizations will be running containerized applications in production. Currently, less than 20 percent of organizations use them for production today. Everyone’s trying to move faster. This increases the risks inherent to moving away from a waterfall pipeline of apps developed entirely in-house to apps developed in cloud-native environments incorporating code written by others and delivered through continuous parallel pipelines.
That’s why DevOps and information security teams should work together to facilitate security's "Shift Left" to the beginning of the development cycle. Shift Left is a well-understood concept in developer circles, and it needs to become just as familiar from a security perspective in order to identify and remedy potential security issues with applications before they move into production and throughout the development cycle. - Encourage developers to adopt DevSecOps technologies and practices (using cloud app sec services and specialized app sec technologies designed for each persona in the Software Life Cycle). Also, grow security champions who will pioneer the best security practices in their DevOps teams.
- The future of cybersecurity will be the continued integration of security directly into the software development lifecycle. Organizations will continue to adopt DevSecOps processes out of necessity, and as current DevOps and security engineers grow into leadership positions, the DevSecOps philosophy will flourish.
- There will always be some amount of private data centers. So, while the migration to the cloud has accelerated, there will always be two frontiers for dev/sec/ops to master. Ephemerality will be a primary tenet in cybersecurity.
Threat Vector Expansion
- Phishing is not going away anytime soonl; it’s an easy entry vector. Most people have hardened perimeters, but the use of so many outside services connected to other networks could compromise your security if those networks become compormised. Make sure you have a robust risk management program in place. Identify risk to the organization before it is implemented. We are seeing more whaling going after CEO, CIO, COO because of the level of access that they have in the network. It is more prevalent than regular phishing, more sophisticated, and more business-like. It’s truly hard to detect.
- We should certainly expect an increase in the number of endpoints everywhere — employees have gone from mainly using desktops to now working across smartphones and tablets and will likely be adding a slew of IoT devices just around the corner. The sheer quantity of data in play will continue to increase as well. Cybersecurity systems will need to be prepared to face these trends.
Other
- Cybersecurity solutions will enable unified security and access controls across all systems, no matter what type they are or where they are. We are moving into distributed environments which make it difficult to protect assets one-by-one. There is a need for more unification and a holistic approach to ensuring the safety of our systems and data.
- We’re not at the Skynet level yet. Very few organizations have a successful foundation for real-time response. It starts with basic security hygiene, patching, and environment management. We have to be drivers to move companies in this direction. GDPR and fines are moving the needle. We now have a monetary value of the risk. Make executive management undersand the potential financial risk of faulty secuirty.
- I think the future lies in addressing the bigger picture and visualizing an entire kill chain of an attack. Security tools will need to be able to correlate security events from disparate vectors to effectively do this. But it’s certainly a key component to successfully navigating security into the future.
- More plane crashes if you will. Until individuals are impacted, I do not foresee any legal repercussions to hold people accountable. Learn from safety culture; we doomed to repeat it if we do not. Be transparent and perform root-cause analysis.
- We need a better understanding of the knowledge architecture behind specific problems and increased capabilities to collect and interpret information from different tools. Automation is an important piece. Especially application security – analysis, prioritization, risk identification, remediation management. Manual analysis does not scale and does not work.
- In addition to identity management, we’ll see shorter feedback loops to provide feedback while the developer is actively writing code. The development environment needs to be smarter, more contextual; it should ensure that the biggest problems we encounter are not committed in version control.
- Building a culture of security with the help of tools, processes, and training is the strongest tool organizations have against malware and malicious attackers. In the near future, cybersecurity must have a seat at the table in corporate governance. We’ve seen the rise of the CISO over the past 10 years. This is promising, and companies are starting to view cybersecurity with equal importance to financial audits. If they don’t, they may not be in business in the next 10 years.
- Endpoint hygiene is getting more emphasis. Going forward, a combination of preventive and reactive measures to harden endpoints where 80 percent of attacks take place. We need to focus on preventing attacks; when one does get through, we need to ensure we have the right reactive tools in place to deep dive on those hacks.
- We need a more vertical focus. Specialization and custom tailoring security services to meet the needs of a specific market is a key trend. The breadth of security features a customer needs is so broad. The only effective way for the model to evolve is for more services to be delivered from the cloud.
- Security has been doing the same things that haven’t been working for the last 50 years. If we want this to change, we need to take a more disciplined and process-based approach with our security programs. Once we have that in place, then we need to automate. The rise of APIs, along with automation and orchestration, will allow security to move in the direction that simply wasn’t possible before.
- With the use of SSL certificates on websites finally becoming standard, people are recognizing the need for strong encryption of data in transit. Virtual private networks (VPNs) take this concept a step further by routing all traffic through an encrypted network. This protects your information from prying eyes, as it travels through the open internet. I foresee the widespread adoption of VPN technology in the near future, as more consumers become educated about the risks they face on the internet.
- The security industry as a whole is still thinking about perimeter protection around defined boundaries. Meanwhile, the workforce is shifting to remote work, and companies are migrating their infrastructures from self-managed to public clouds. All of these changes mean more challenges for securing corporate data because boundaries are becoming less defined. Assumptions and decisions regarding which users are authorized to access what data with which devices will have to evolve to meet these boundary changes. I predict more organizations will look into implementing a Zero Trust model in the next five years.
- In the future, we’ll continue to see the pendulum swing faster toward a strong security posture. Cyber hygiene practices (e.g. Zero Trust) will continue to expand and demonstrate their impact with IT and security teams. Additionally, the focus on cyber hygiene will free up many of the wastes in security architectures and assets, removing much of the agent and tool bloat.
- The myriad of emerging threats has created the perfect storm for years ahead. From never-before-seen attacks on newly engineered biometric markers and the broad embrace of blockchain, to expanded risks posed for “new” critical infrastructure and the transfer of trust, organizations must look to the threat horizon and accelerate and collaborate to out-innovate and out-maneuver the attackers.
As an industry, we’re getting better at prioritizing the security measures that will have the most impact on security posture and measurably reduce the most risk across the enterprise. If more organizations continue to take this approach, they’ll be able to keep up with the constantly changing threat landscape. Further, many of the most noteworthy recent breaches we saw were the direct result of unsecured sensitive information living in public repositories, especially at companies using DevOps and the cloud to bring new applications to market at high velocity. Attackers are taking advantage of the failure of public and private organizations to implement basic security practices securing privileged access; it's becoming an epidemic.
In the future, we’ll see major public repositories start introducing sophisticated guardrails designed to prevent developers from accidentally uploading security secrets. Organizations, however, can't rely on these safeguards. It's critical that they institutionalize a security-first culture in which everyone — not just developers — is empowered to "own" security and are provided with the tools and solutions needed to make it easier to keep networks secure without impacting DevOps workflows.
Please see part one for thoughts on the future of security around AI, Ml, and automation.