Top 7 Disruptive Technologies facing Cybersecurity Professionals
Technology is exciting and constantly changing, but how can we ensure the latest technology is secure?
One of the most fascinating aspects of technology is that it is constantly changing. If you are a cybersecurity professional, you have to keep up with the latest developments to ensure using the latest technology is also secure and does not create new vulnerabilities.
What motivates organizations to adopt new technologies?
- Efficiency. The increased adoption of collaboration tools and multi-cloud strategies, the offloading of routine tasks to MSSPs, and the rising importance of orchestration and automation all point to the importance of efficiency.
- Convenience. More connected devices (IoT), a mobile workforce, and need for better endpoint and application protection as users are increasingly mobile result in endpoints that are constantly shifting between different networks — no more 9am-5pm work days, instead we are connected and active when it is more convenient for us.
Although efficiency and convenience may convince most organizations to adopting new technologies, security should not be ignored.
We need dynamic, agile security solutions that will keep our organizations secure, without being an obstacle to convenience, performance and efficiency.
Which technologies are keeping security decision makers and practitioners up at night?
Microsoft commissioned a market study on cybersecurity that was independently conducted by the Ponemon Institute to answer this question. Published in December 2018, the Ponemon study surveyed 602 IT and IT security practitioners who are involved in the development of their organizations’ cybersecurity strategies for a variety of industries.
According to the study, these are the top 7 technology adoption trends they are focused on:
1. Cloud-based sharing and document collaboration tools: This can easily be attributed to our current working habits. Increasingly, work is done on-the-go, with more people working from home, at coffee shops, airports and other locations, which necessitates to edit, save, share and view content online continuously and in real-time with co-workers who are miles away. But, the inherent convenience and efficiency puts users at risk of accidentally or carelessly sharing content that is confidential and private over an insecure wireless access point, via a device that is unprotected, and while logged into personal accounts (email, data storage/collaboration tools and services). [Read this article on the risks of man-in-the-middle (MiTM) attacks when you connect to any public networks, and valuable tips to avoid risk.]
2. IoT: Every device we interact with is increasingly a connected device. Days when the main connected device we owned were our smartphones are long gone; now we have connected, voice-activated assistants (e.g. Cortana, Siri, Alexa, Google Home), fitness and health monitoring devices, home security cameras, door bells and locks, and of course, our cars, some of which are also learning to drive themselves. The risk is many of such devices haven’t been built with security and privacy in mind. They do not have the ability to self-monitor nor alert users, for example. An adversary might connect remotely via Bluetooth, for example to locate an IoT device and track movement of the device and its user, akin to locating and targeting a personal computer user. [Here , Boston University research describe how IoT results in new opportunities for adversaries.]
3. Blockchain: This has emerged as a new technology to improve online transactions, ledgers and record keeping. While we continue to debate how blockchain should be implemented, and it may be a key technology in financial services due to its potential to transform current business processes by disintermediating central entities or processes, improving efficiencies, and creating an immutable audit trail of transaction, there are potential risks. [Here is an article outlining three categories of risk a financial organization will need to manage if it’s considering adopting blockchain.]
4. BYOD: This is popular since many people use mobile devices to communicate, access information and transact, and prefer to have the convenience of using a common device for both personal and work needs. When an employee is using their personal device for remote access to corporate resources, it is essentially a logical extension of the organization’s own network. Therefore, if that device is not secured properly, it poses additional risk to not only the information that the employee accesses but also the organization’s other systems and networks. [This paper from The National Institute of Standards and Technology (NIST) contains recommendations for securing BYOD devices.]
5. Big data analytics: The use of artificial intelligence (AI) and machine learning (ML) will more than double in the next two years. These technologies have gained momentum in the market, especially with the improvements and broader implementations of machine learning.
Why is ML embraced for enterprise and consumer use cases alike? Because ML can help us scale, become more efficient, sift through mountains of data and identify patterns, anomalies and do it quickly. Tasks that would take a skilled individual days can be reduced to hours or minutes with ML. It can also free up valuable of time for experienced people, who can now focus on more critical projects, such as investigations of indicators of compromise (IOC) in an enterprise’s digital environment.
While the adoption of AI and ML technologies themselves may not be what is at risk, associated errors, misuse and/or inappropriate application of these technologies is possible. With any technology, there is a potential for mistakes and/or abuse. One may contend that the companies making the AI systems of self-driving cars have at least some responsibility for building system software that is supposed to minimize (no such thing as zero/ideal) the risk of automobile accidents. Despite AI system software developers and testers’ best efforts, there can be systemic errors that ultimately lead to undesirable consequences. As AI and ML learning models improve over time, there is some hope that such technologies can be used for enhanced experiences. [Read this post on Forbes: Thinking Logically About The Risks Of Self-Driving Cars.]
6. Hybrid cloud: Multi-cloud strategies are defined as the use of multiple cloud computing and storage services in a heterogeneous architecture. Organizations have already tasted the benefits of the cloud compared to pure on premises deployment, including lower cost of deployments and instant scalability. The benefits of investing in cloud infrastructure can outweigh potential risks as long as it is managed effectively. [Watch this video featuring two Microsoft Azure security experts to learn how to secure a hybrid cloud.]
7. Managed security service providers (MSSPs): These are being adopted to monitor or manage firewalls or intrusion prevention systems (IPS). This is driven by the same forces behind automation: companies are eager to offload necessary but expensive and challenging functions to MSSPs without worrying about recruitment, training, implementation, deployment, retention, and more. Stringent regulatory compliances, the increasing sophistication levels of cyber-attacks, and global lack of skilled cybersecurity experts are all factors that are expected to drive the MSSP market. [Read this article on the expected growth of the Managed Security Services market.]
What’s next?
While new technologies present an opportunity for vendors to offer unique and competitive offerings to customers, these also introduce security risks. Technologies that are currently deployed need to be carefully managed and kept up-to-date as part of a strong defense-in-depth security strategy. Patching existing systems is one of the most important things any organization can do to ensure a hardened security posture.
The security market has never been boring, nor lacked momentum in terms of new attack methods and defense solutions. New and disruptive technologies are sure to keep it that way for the foreseeable future by bringing forth new challenges for security practitioners to contend with.
For additional insights from the study, check out the Overview by Seema Kathuria.
