Click to learn more about author Trevor Daughney.
It’s that time of year when predictions abound, and skeptical, battle-worn security professionals will often side with Nils Bohr, the physics Nobel laureate who said, “Prediction is very difficult, especially about the future.” Nevertheless, readiness requires looking forward so we asked security experts, partners, and customers to describe what they think will be the top strategic trends in cybersecurity.
Here are their six cybersecurity predictions for 2020:
- The Scope of the CISO: The unabated tide of security breaches has boosted the pressure on chief information security officers. The CISO must answer when the board asks, “Are we secure? Are we doing the right things?”
CISO roles and power vary widely depending on the types and sizes of organizations, technologies used, and many other factors. Our experts say in 2020, the CISO role will continue to evolve as underlying factors rapidly change. “We’ll see CISOs seek out relationships to advance security and enable other leaders, teams, and departments to have success beyond protecting digital assets,” says Steve Moore, Chief Security Strategist at Exabeam. Moore predicts that CISOs will “broaden the value and impact of cybersecurity.”
“In addition to managing risk, the CISO will become more influential by spanning organizational authority and becoming an ambassador for security,” – Lamont Orange, CISO, Netskope
In addition to facing security breaches, CISOs will have to deal with the fact that the way technology is used has changed, Steve Moore again: “The lifespan of an asset could be just moments and the artifacts we have to protect are dynamic and often don’t persist. That reality has changed the responsibilities of a CISO and the risks that a big organization has to face.”
“With microservices and other types of technology and assets being available and actively used, an organization’s environment has to be rock solid. A CISO really needs to get into the design, architecture, and engineering way upfront to be able to see that it will be in a secure state for however long that asset’s going to be around.” – Brian Haugli, CISO, Side Channel Security
- Compromised Credentials: Our experts say that in 2020 attackers will continue to steal credentials as a primary vector for accessing organizations. “Social engineering and phishing will continue to be the easiest vectors to gain access to assets and information,” says Scott Dungan, VP of Information Security at Fifth Third Bank.
“Examples of social engineering are when users are compromised through phone calls, text, or email phishing campaigns,” says Samer Faour, sales engineer at Exabeam. “In 2020, deep fakes – videos created by artificial intelligence that make people appear to say or do something they did not – will be used as a social engineering attack vector.”
- Device Security: “Nation-state attackers will be the greatest cybersecurity threat in 2020,” says Joe Lareau, a senior security engineer at Exabeam. He notes that IoT and the security of voting machines and repositories of voter information will be front and center. “Entities such as states and the federal government will react to the threat of election tampering by building and using ‘defense in depth’ – multiple layers of controls that involve staffing, procedures, and technical and physical security for all aspects of the security program.” And, of course, analytics and machine learning.
The same will be true for operational technology (such as plan monitoring and control systems) and IoT devices, like security cameras, HVAC systems, and a myriad of sensors, in use at enterprises and governments. These systems will continue to be vulnerable to state actors looking to disrupt operations, to corporate and government espionage, and to attackers looking to benefit financially from theft and ransomware.
- Cloud: “As organizations adopt a cloud-first approach and adversaries look to more aggressively target data stored this way, on-premises security information and event management tools will become outdated and dangerous, particularly for short-staffed security teams,” says Shahar Ben-Hador, VP of Product Management at Exabeam. In addition to using SaaS-based SIEM (see “Modernization,” below), he predicts in 2020 that “DevSecOps will merge into engineering and be guided by product. This merger of product and customer knowledge is essential to keep up with the increasing complexity of SaaS apps and the sensitive data these apps can access.”
- Modernization: “The greatest cybersecurity threat in 2020 will be organizations that are not shifting quickly enough from the old way of doing things,” says Moe Ibrahim, Director of Sales Engineering at Exabeam. He encourages security practitioners to prepare by thinking about security differently. “Leaders need to encourage their teams to lift their maturity and look for modern ways of doing things, such as leveraging AI and implementing automated processes for threat response” says Ibrahim.
“In 2020, a greater need for SaaS-based SIEM solutions will emerge. These tools will change cloud security by minimizing the operational burden for SOC employees while significantly improving how fast they can catch suspicious, anomalous behavior within cloud applications.” – Shahar Ben-Hador, VP of Product Management at Exabeam
- Automation: “A lot of the tedious work by security analysts will be automated by machine learning,” says Chris Tillet, a senior security engineer at Exabeam. “Machine learning is real and is working, and during 2020, more enterprises will deploy it to help them with these automated detection capabilities.”
Automated incident response playbooks will be enabled by enriched data feeds via multiple cloud connectors with a myriad of event data sources, according to Barry Shteiman, VP of Research and Innovation, at Exabeam. “In 2020, more organizations will be able to apply behavior analytics to cloud applications,” he says. “For strong security, cloud applications do belong in investigation timelines.”
It’ll be interesting to look back a year from now to judge the accuracy of these predictions for cybersecurity, but with the way things are shaping up, they’re likely to be accurate. In the meantime, it’s important to take each of these predictions and weigh how they may play within your organization’s particular stage in its application. In his book, The Foundations of Science, Henri Poincare (who laid the groundwork for chaos theory) said, “It is far better to foresee even without certainty than not to foresee at all.”
If there was one thing our experts were certain about, it’s that all the points above that are predicted for 2020 are addressable with a modern SIEM.