In 2018, there were over 600 major enterprise data breaches. If you factor in the breaches that are of a smaller scale (in this case, those that exposed less than 22 million records), then you are potentially talking about millions of security incidents in 2018 alone. With this backdrop, the enterprise cybersecurity threat landscape can feel quite intimidating.
But it’s encouraging to recognize that most breaches can be prevented (or at least significantly mitigated) by having the right enterprise security software and practices in place. Security software can cover a variety of attack vectors to ensure your organization is well positioned to withstand and respond to most cyber threats.
Nevertheless, the threat landscape is constantly evolving and with that, so must enterprise security software. Through 2019 and beyond, a number of trends have taken root in the enterprise security space and these are defining the path security software must follow now and into the future. Here’s a look at some of the most important enterprise security trends at the moment.
Preventing Misuse of Privileged Accounts
This isn’t a new challenge, but it’s one that has refused to go away. The reason for that is obvious—privileged accounts have a degree of system access that allows them to inflict severe and sometimes irreparable damage to systems and data.
It isn’t always easy to distinguish between legitimate and rogue use of privileged accounts. Enterprise security applications are deploying a combination of strategies to mitigate against the risk of abuse. In particular, they are focusing on mapping normal user behavior as opposed to simply limiting access to IT assets such as servers, operating systems, applications, and databases.
For this strategy to work effectively, it must leverage machine learning so that what constitutes normal behavior doesn’t have a static definition.
Keeping a closer eye on privileged accounts is in fact a classic example of applying the zero trust principle to cybersecurity. Zero trust means completely doing away with the assumption that all internal players in an enterprise network (employees, software, and hardware) are inherently trustworthy and do not harbor ill intentions against the organization’s systems.
Ergo, the actions and behavior of all internal entities have to be continuously evaluated and appropriate measures must be taken whenever this behavior no longer measures up to the organization’s cybersecurity standards. This is best accomplished via a risk score that’s comprised of a wide range of parameters and factors that characterize acceptable user behavior.
These parameters may include IP address, port, physical location, time of activity, and more. The enterprise security software will disconnect and/or block from the network any user whose risk score falls short of expectations.
Growth of Biometric Security
Passwords can be cracked, guessed, shared, written down, or misplaced, which means there’s always a real risk that they could fall into the wrong hands. Security administrators will go to great lengths to prevent this from happening by regularly sensitizing users of password management and developing policies that define what constitutes a good password. None of these, however, compare to the strength of security offered by biometric controls such as fingerprints, retina scans, or facial recognition.
While biometrics has consistently proven to be more secure than passwords in ensuring a person is who they claim to be, adoption has been slow due to persistent fears that the biometric data may fall into the wrong hands. Still, the use of biometric security by leading smartphone models has made more people receptive to it. This technology could be of particular use in the areas of identity and access management.
The promise that the Internet of Things (IoT) offers is exciting. Getting nearly every office and household item connected to the World Wide Web sounds great. However, it’s also a scary prospect as large-scale botnets, like Mirai have so dramatically demonstrated.
IoT devices are expected to far surpass in number traditional internet-enabled gadgets, such as servers, desktop computers, laptops, and smartphones. These new internet touchpoints have so far outpaced the development and deployment of IoT-aware enterprise security software.
It’s a grave scenario because these new types of IoT endpoints, such as digital cameras, refrigerators, and microwaves, have more glaring security gaps compared to traditional devices. They are sitting ducks ready to be abused in ferocious large-scale DDoS attacks. These attacks can bring down the networks of targeted organizations and cause customers to lose trust in these businesses.
In this regard, enterprise security applications are starting to pay more attention to the controls that will be most effective in protecting company networks from IoT-powered bot-based attacks. In addition, security applications are inspecting the organization’s own IoT devices that are plugged into the enterprise network to ensure they comply with cybersecurity policies.
Privacy by GDPR
Privacy has always been a hot button topic in cybersecurity, but if privacy was a big deal in the past, it has taken an even bigger profile in 2019. That’s thanks in large part to the EU’s implementation of the General Data Protection Regulation (GDPR) in May 2018.
By all accounts, the GDPR simultaneously heralds the best and worst of times for enterprise security software vendors. More organizations are trooping to security software developers for upgrades to their existing cybersecurity installations. Given the punitive penalties for non-compliance with the GDPR, many prefer to automate GDPR rules to avoid the risk of an employee dropping the ball.
Enterprise security software developers in turn must adopt their application’s architecture to this new reality. It’s about how they can facilitate compliance with not just the GDPR but also other emerging privacy regulations around the world. Security software must ensure the secure capture, transmission, and storage of sensitive personal information.
Particularly important is the ability of security applications to enforce a customer’s invocation of the right to be forgotten (which means permanently deleting the customer’s data from all enterprise systems).
Artificial Intelligence and Bots
We mentioned earlier how machine learning will come in handy in identifying and containing unauthorized use of privileged accounts. Artificial intelligence is often viewed as a positive force in the context of cybersecurity, as it has the capability to enable more efficient security response and more intelligent security awareness. Nevertheless, just because machines take over a process that was previously handled by humans doesn’t mean the cybersecurity risks around the process disappear.
Chatbots, for instance, can go rogue (a Twitter chatbot developed by Microsoft infamously went rogue in 2016 making inflammatory political remarks and issuing racist statements. It had to be quickly taken down).
Enterprise security applications must therefore contend with the possibility of hackers and cyber criminals either creating malicious bots or taking over authorized ones. A hijacked bot could be used to download files, extract sensitive personal data, or redirect unsuspecting victims to malicious URLs. Enterprise security software must be re-engineered to better defend against these threats.
Cyber Warfare and Espionage
The theater of conventional warfare has a relatively clear hierarchy of power. Some countries have clear military advantages over other states, whether in terms of personnel, weapons, equipment or otherwise. This advantage is, however, greatly diminished in the theater of cyber warfare and espionage.
Cyber warfare has effectively levelled the playing field for many countries and given adversaries, who previously could easily have been kept at arm’s length with conventional weapons, a chance to penetrate their enemies’ cyber defenses.
There are no hard and fast solutions to this type of advanced threat. However, enterprise security systems that implement defense-in-depth, and facilitate greater scale and efficiency, have the best shot at protecting government and company technology infrastructure from cyber warfare and cyber espionage.
In light of these trends, what should CISOs, CIOs, CTOs, CSOs, and other executives charged with overseeing cybersecurity at a strategic level do? The first step is a realization that cybersecurity is largely reactive and full of both known and unknown threats. That’s because, thanks to rapid transformation in the tech world, it’s impossible to fully envision what the future threat landscape will look like. As such, it’s important to stay aware of modern threats and trends as they come up.
That said, tech security leaders should be careful not to get carried away by the excitement of hot topics and trends. While legitimate threats may make international headlines and be the topic of news conversations, businesses shouldn’t react irrationally or overenthusiastically to such threats before they’ve quantified how such threats endanger their organization’s own network. Enterprise security solutions, such as security information and event management (SIEM), comprise numerous moving parts. Trends and attack vectors will continue to shift, so maintaining visibility into these trends, and into your own organization’s users, apps, and data, is critical to implementing an effective defense with rapid detection and response protocols.