The start of a new year – the odd period where we reflect on what happened in the past year and try to predict the future. While we enter an era where cloud-computing becomes mainstream, technology companies shape the market and machines think (almost) by themselves, we still enjoy our annual crystal ball oracles to predict what will compose our future.
Shamanism? Maybe not. While there isn’t such a thing as predicting the future, history showed that smaller signals and increasing trends often precede more significant events. Cybersecurity is certainly no different here; we even have a dedicated function for it: (Threat) Intelligence.
Short term views of the threat landscape
The sad reality is that our computer “userland” today (desktops and user devices) looks like the trenches of Verdun in 1914-18: despite continually improving weapons and defences, at the bigger scale, gains were only marginal on either side of the war front.
On the battleground, however, the victims can be counted in the thousands to millions. It isn’t a surprise for cybersecurity where defences often only leverage traditional techniques and security tools.
Cloud-computing has put these tools’ capabilities on steroids, but we still are lacking the radical change needed to look at this threat as a thing from the past. And the frustrating part: when we analyse the entry point and weaknesses highlighted in each years’ Verizon DBIR report, we can see that over 80% of vulnerabilities used in breaches remain down to basic hygiene concepts.
There is hope in this field, however.
The digital world has become a de-facto new war front, not only militarily, but economically. We can expect the diplomatic relations to mirror into cyber operations increasingly, and actors to become bolder. In this domain, the line between the public and private sectors will continue to grow blurrier.
As existing diplomatic and economic balances are being challenged, it wouldn’t be surprising to see this chess game increasingly use cyber operations: malware planted for later use, or existing backdoors to be triggered.
The addition of new technologies (IoT, AI, facial recognition, APIs…) also increases the challenge two-folds for cybersecurity professionals. While they are already struggling with well-established technologies and practices, they now need to deal with emerging technologies that have little return on experience.
For the above reasons, the upcoming Tokyo Olympic Games will be of particular interest. While the Games have always been an event targeted by interferences and propaganda efforts, the geographic position of Japan, its diplomatic ties, mixed with the current tensions in the region and the ever-increasing role of technology, make these Games a particularly sensitive event. Will the neighbouring threat actors try to interfere actively?
Longer-term shifts in the ways of working in security
Interestingly-enough, some exciting developments emerging in the earlier half of the coming decade are mostly around how cybersecurity works and its changing role, rather than the latest technology and tools. And a lot of these changes can find their parallel into the DevOps movement which started ten years ago:
- The rise of the Immutable, Distributed, Ephemeral and Authenticated (IDEA) architecture principles for security
- Decentralisation of security responsibilities
- Increasing use of cloud-native tools instead of additional off-the-shelf security solutions
- A shift of the role of cybersecurity from defenders to enablers and builders
- The increasing diversity of profiles in cybersecurity
The most visible trend in the change of approach to securing our systems is unlocked and expanded by the mainstream use of cloud-native technologies. Moving away from static and monolithic architectures, organisations are embracing the principles of stateless microservices to deliver IDEA services that facilitate the detection, investigation and remediation of malicious activity.
As Security Architects learn about the benefits of this approach, organisations will rethink their external and internal perimeters to interpose IDEA interfaces between their users and legacy monolithic applications. With the current consolidation of traditional datacentre vendors and cloud-native vendors, the cloud-native adoption rate will rise significantly.
In parallel, the digital transformation undergoing in most organisations is creating an environment where teams of developers are increasingly autonomous in their choice of tools and frameworks. A one-size-fits-all security solutions has shown its limits and security leaders are increasingly work directly with developers to identify the right metrics and enable developers to meet predefined security outcomes with their tools.
New practices such as bug bounties, chaos engineering and red teaming will be used to develop the right knowledge and automatism in product teams, enabling them to detect, remediate and prevent vulnerabilities and attacks independently from the SOC.
Security threats are only going to get more costly and devastating in 2020 and beyond. Organisations cannot afford to forgo strong cybersecurity measures anymore. The profile of cybersecurity professionals will also need to expand as security becomes decentralised.
From the traditional defender profile (solutions specialists, hunters, SOC and more), it’s time for cybersecurity professionals to take on a more diverse pool of functions enabling other functions (developers, trainers, champions).