With 2020 around the corner, we’re entering a new decade in the cybersecurity landscape. What does the future hold for security professionals? We’d like to ring in the new year with good news, but the truth is that hackers will become smarter and breaches will grow in scale and number, creating an even greater pressure for security teams to keep up. Read our five predictions for 2020 to understand what to look out for and how to prepare for the new decade:
MITRE ATT&CK framework will prevail as the defect standard of cybersecurity operations
The MITRE ATT&CK solution is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. It claims to help increase the effectiveness of cybersecurity by sharing data on adversarial behaviors across the stack lifecycle and providing a common taxonomy for threat analysis and research. It helps cybersecurity teams understand the effectiveness of their SOC processes and identify areas for improvement, which is definitely useful amid the dynamically changing threat landscape.
The MITRE ATT&CK framework is built on Lockheed Martin’s Cyber Kill Chain, but it’s more granular and focused on behavior. Here’s what the traditional Cyber Kill Chain looks like:
The MITRE ATT&CK framework helps security analysts by identifying the tactics and techniques of adversary behavior and by providing guidance on what to prioritize during investigations.
As such, the framework is tremendously useful in any SOC and should be adopted by any organization. However, the framework is difficult to apply in its current state. It’s large and complex, which makes it hard to extract meaningful data (go check out the ATT&CK Matrix for Enterprises here). It requires a lot of work to make that information as available, actionable and operational as possible. Nonetheless, it will continue to be the go-to standard of cybersecurity operations until a better solution comes on the market.
Public cloud infrastructure becomes a main target for attackers to grab data
At the end of this decade, a number of criminals have cashed in on the fact that many companies migrating their data to the cloud have failed to properly secure their infrastructure. The vast amount of valuable data stored in the cloud is an easy target for hackers who can profit from them just as greatly as the corporations that collect them.
An unsecured infrastructure is an excellent entry point for attackers from which they can perform malware injections or cross-cloud attacks. In addition, malware is becoming more sophisticated and more agile, which allows cybercriminals to do more than previously imagined.
According to a Symantec report, "a single misconfigured cloud workload or storage instance could cost a company millions of dollars or land it in a compliance nightmare. In the past year alone, more than 70 million records were stolen or leaked from poorly configured S3 buckets. There are also numerous, easily-accessible tools that allow attackers to identify misconfigured cloud resources on the internet."
Enterprises have the obligation to protect their users, employees and vendors by taking all the necessary steps to transform their security posture in the cloud. New cloud-native tools and modern threat intelligence are tremendously helpful in all these tasks. Solutions such as our Cloud SIEM platform safeguard the IT infrastructure and expedite thorough investigations when incidents are detected.
More countries and regulatory bodies will focus on data privacy
The EU’s General Data Protection Regulation (GDPR) introduced in 2018 was the first and most notable government regulation for data privacy. GDPR obliges companies to obtain user’s consent to store their data. The goal of this legislation is to give users greater control over their personal data by allowing them to check what data has been stored, opt out of data sharing, or, most importantly, erase their data entirely should they wish to do so.
California Consumer Privacy Act (CCPA) was passed in 2018 and and will go into effect on January 1, 2020. CCPA was sparked by the “devastating effects for individuals” through the “misuse” of data by Cambridge Analytica and other data breaches. This new compliance standard will enable California consumers to “exercise control over their personal information with safeguards against misuse of their personal information.” It’s the first US law of this kind and other states are expected to follow suit following the EU’s lead with GDPR.
GDPR and CCPA are only two of the recent regulations that security professionals need to understand. More are underway: more than 80 countries are currently working on their privacy regulations, which are set to bring financial damages for those organizations that fail to comply with them. We’re hoping that even more governments will wake up and instill appropriate privacy measures and data management policies.
Users will fight for the new ‘freedom’: data privacy
Data has exceeded oil in value in the eyes both companies and cybercriminals alike. In the next decade a growing number of informed users will proactively protect their data and keep it private. There is a lot at stake: around 2.5 quintillion bytes of data is produced every 24 hours, largely thanks to household devices connected to the Internet of Things.
The Cambridge Analytica scandal highlighted the risks of allowing mass data collection for free. The rapid growth of DuckDuckGo, the search engine that allows you to browse anonymously, demonstrates that people are no longer willing to share their personal records for the profit of others, and will choose privacy to ensure they are not manipulated or mistreated.
Companies in every industry will have to start respecting data privacy, which will likely lead to the creation of new services. Some startups have already earned substantial money on their data privacy services.
Cloud-first companies will look for security-first strategies to migrate to the cloud
Adopting a cloud-first strategy is reasonable, but it isn’t a wise move if you don’t secure your on-prem data first. Cloud providers may have gone to great lengths to secure data and networks, but they haven’t yet managed to completely stop hackers. These cloud providers also message that they secure the cloud, but protecting data and infrastructure in the cloud is entirely your responsibility. Still, as much as about 60% of organizations don’t understand the principles of this shared responsibility model.
The result? Companies rush through the cloud migration process without the appropriate security measures. They have high hopes of quick business benefits, while others delay migration because they lack technical skills.
Your data is subject to breaches and loss. Before moving to the cloud, gather information about the cloud and the associated risks, and implement proper monitoring measures for anomalous behavior.
Complete visibility for DevSecOps
Reduce downtime and move from reactive to proactive monitoring.