Predictions on trends and emerging technologies in cyber security
What does the future hold for cybersecurity and cyberspace?
In the past few years, cyber attacks have surged in both volume and attention, with constant phishing and ransomware campaigns.
Organisations now face multiple targeted attacks each year. The need for a serious and effective defence strategy has never been more critical.
What does this mean in terms of trends and tech set to shape the industry over the next few years?
For one, organisations are continuing to get more serious about their security posture. Misconceptions are fading and organisations are getting more interested in what is highly effective in fortifying cyber defences, rather than following trends and the safety in numbers that brings.
What's clear is that cybercrime and hackers are not glamourous like something we see in the movies. Recent incidents have proven the severe impact cybercrime can have on businesses, communities and individuals.
From embracing emerging technology and shifting mindsets to getting back to basics, here is what I think we'll be seeing throughout the industry in the future.
A divide in approach to monitoring tools
Over the past 15 years, the adoption of Security Information and Event Management (SIEM) has significantly increased.
While monitoring has become more common, for many companies, it has remained predominantly theoretical due to the costs and the complexity of achieving effective security outcomes. They're a significant long-term investment and the return on investment is often low. Given the current threat landscape, we are in a time when organisations need comprehensive and effective security controls that stack up economically, too.
While things are set to change in this area, there's going to be a divide among businesses in how they approach monitoring.
Some organisations will start taking monitoring more seriously, downscale their operations to focus on the most significant and common attacks, while others will reconsider their investment due to the high costs, particularly from log ingestions and compute. I anticipate a slowdown in the adoption of monitoring in favour of preventative measures. However, innovations in technologies and approaches will enable organisations to derive better value from security monitoring.
New approaches to monitoring and dealing with big data
One of the key issues with security monitoring right now is the substantial investment. This investment doesn't necessarily get organisations to the point where they can effectively detect and set alarms for cyber attacks.
IT teams often find themselves playing catch-up with their systems, operations and business platforms. It can be a struggle to monitor them efficiently.
At the same time, you're dealing with a lot of muck. There is no such thing as green fields or starting from scratch. All businesses rely on some form of technology so there is always existing data and systems.
Take for example, an organisation with hundreds of endpoints, numerous servers, and various cloud environments. These are all generating massive amounts of data.
There are already tools out there that can capture all this data. There are also plenty of tools that can essentially tell us where the vulnerabilities and exposures are.
The problem with handling so much data lies in the cost and time needed to make it valuable to the organisation. Over the past decade, many products have aimed to help consolidate and make sense of this information, but they often fell short.
This is where AI comes into the picture.
AI language models
Historically, data integration was a significant challenge for IT. Substantial effort was needed to analyse and clean the data for it to be functional for the system.
The recent advancements in AI and the proliferation of language models have made it more feasible to process vast amounts of data in various formats. You can feed the language model security reports, vulnerability assessments, logs and other data types. It can be cross-referenced against threat analytics data or compliance framework data. This means that you can provide the AI language model with access to all relevant regulations and standards, such as ISO and SOC, allowing you to query the language model within that context.
Attackers are also leveraging AI effectively, which prompts us to consider how we can combine different language models in workflows. The focus should be on obtaining intelligent information in a cost-effective way with minimal data shaping effort.
You can ask AI plain language questions, from compliance exposures to identifying vulnerable systems. These AI language models are now invaluable tools for security analysts and architects.
In applications like Microsoft Copilot, AI allows users to ask straightforward questions and receive practical recommendations such as guidance on implementing two-factor authentication. AI can provide generic recommendations and specific plans tailored to your environment and its vulnerabilities or gaps.
AI empowers security teams by speeding up cybersecurity defence processes. This advantage is crucial for all organisations. Diagnosing, understanding, mitigating, and reporting on attacks requires extensive data gathering and analysis. AI streamlines these tasks, allowing faster responses and more efficient allocation of resources.
Training the AI model and ensuring appropriate parameters for its operation, including proper referencing of information sources, is essential for its effective use in cybersecurity and defence.
Taking care of the basics with native security
The time for ignoring or bypassing native security is long gone. Native security is an absolute necessity and we are going to see organisations taking it more seriously.
Native security refers to the built-in security features and settings that come with the technology or devices you already use. These features are part of the core functionality and are designed to safeguard your technology and data. For example, on end user devices, native security may include options to manage administrative privileges and application allowlisting.
These features are often viewed as overly complex, leading many IT teams to seek alternative solutions, like purchasing additional security tools that can be installed on end user devices, hoping to gain some level of protection.
This approach is not effective.
Neglecting native security settings on a device jeopardises the integrity of the installed software and leaves the device vulnerable. While investing in supplementary security tools can provide value, there is a common misconception that they remain effective independently of how well you manage aspects such as local administrative access or allowlisting. This is not the case. Bypassing native security compromises the efficacy of these tools.
We are going to see more businesses take native security seriously and manage these settings to uphold a robust security posture.
Using compliance frameworks as a mechanism for security
There will be a shift in how businesses approach compliance frameworks.
Backed by research and aimed at identifying measures that genuinely enhance an organisation's ability to defend against cyberattacks, compliance standards are invaluable tools for bolstering security efforts. This includes ASD Essential Eight, ISO and CIS Critical Security Controls.
As valuable as they are, not all organisations have rushed to adopt these standards, particularly when there are elements that don't apply to their specific circumstances or business.
This is part of the challenge of meeting compliance standards. Businesses must adopt them in a way that's most valuable to them and they need to be able to communicate the rationale behind their implementation choices. We are already seeing businesses approach compliance standards in this way, even smaller organisations and new businesses are embarking on compliance journeys from the outset.
Businesses will no longer approach compliance standards with the view of just ticking a box. Instead, organisations will now use these frameworks to help authentically tackle security. Compliance standards can also be used as tools for effective communication about an organisation's security posture.
Zero tolerance for poor security practices
Gone are the days of applying Band-Aid solutions or workarounds to navigate the challenges of cyber security. The increase in cybercrime, marked by significant public breaches, has propelled security and cyber defence into the spotlight.
It's a conversation happening everywhere, provoking a change of mindsets and responsibilities across the board. The general public's perception concerning cyber security has changed dramatically. They are now better informed about the implications of cyberattacks and express heightened concern for the security of their data. More people are realising that cybercrime is no longer just something for the movies; these are real and pressing issues. With increased public awareness, individuals are becoming more informed about companies' security measures and data protection efforts.
The shift in public awareness is just one aspect of the changes we are witnessing. Taking security seriously no longer rests solely with the security team or the Chief Information Security Officer (CISO). There's now little tolerance for executives who are unaware or apathetic about cybersecurity.
The increased focus on existing regulations, including the Notifiable Data Breaches (NDB) scheme, as well as recent amendments to the Privacy Act, have heightened executives' concerns about the potential repercussions of a data breach on their organisations, careers, personal wealth and reputations.
This is also why we are likely to see a shift in how businesses approach compliance. It's no longer acceptable for businesses to just invest in a solution and say they are secure.
The compliance standards serve as the framework for addressing public issues or regulatory inquiries. They allow organisations to explain and demonstrate their effective security measures.
The need to make a business case for security is fading
With heightened attention from boards and executives, fewer security teams face the uphill battle of pleading their case for funding or making a business case to the board for security investments.
We can anticipate a surge in IT spending, with more budget allocations and increased investments in solutions to fortify the security team's efforts in building robust defences.
With the attention and interest from boards and executives secured, the security team must maintain and strengthen the established trust. The key lies in using budgets effectively and directing efforts towards initiatives that truly make a substantial difference in enhancing the overall security posture.
All businesses and industries are the target
It's not just critical industries, big banks or telcos that are targets of cybercrime; any organisation can fall victim to malicious attacks, and we've seen that play out over the past year.
In the Digital Defence Report 2023, Microsoft reported a notable surge in attacks targeting small and medium-sized businesses. Between July and September 2022, approximately 70% of organisations affected by human-operated ransomware attacks employed fewer than 500 personnel.
The evolving threat landscape and changing criminal tactics set the stage for new trends and transformative technologies that will shape the industry's trajectory and redefine how businesses harden their security posture.
Along with changes to regulations and severe consequences, the catalyst for change is the growing recognition across all industries and throughout the general public of the importance of cyber security.
The confluence of evolving technologies, shifting mindsets and adoption of proactive security measures will be the linchpin in navigating the future of cyber security. The metamorphosis witnessed across these domains reflects a collective global response to the escalating cyber threats, propelling the industry towards a more resilient and secure future.