Everything is connected, every surface area is primed for data-capturing IoT, and life is mostly conducted from our phones. Even reality itself is becoming trickier to pin down, whether augmented, virtual or actual.
With 2018 nigh, we should expect more of the same. Like a good and/or bad sequel, the stakes will be higher, the budgets bigger and the gadgets flashier. For some, it will be a bumpy ride. For others, unprecedented tech-enabled success awaits. For all of us, it will be anything but boring. Strap yourselves in; things are about to get interesting (again).
Mind the app
Most of today’s security budgets are still spent on protecting everything except user identities and vital applications. Now is the time to take a different approach and shift cybersecurity investment towards detection and response.
Securing applications is the key to safeguarding data and protecting business performance. By moving away from trying to protect all IT areas, it is more effective to focus on what matters and tackle malicious behaviours and incidents. From a place of knowledge, organisations can focus on those threats that are most vulnerable to the operation.
Data is king
Traditional network perimeters are no longer sufficient to safeguard what really matters. Applications are now where data is most accessible and vulnerable.
Data confidentiality encompasses collection, transport and destination, whether in the cloud or in an on-premise data centre. Integrity is key. Data must not be changed while in transit or altered by an unauthorised person or automated bot. If data becomes corrupted, backups or redundancies must be available.
Protecting enterprise data assets across dozens of applications and hundreds of servers is never easy. Any effective cybersecurity arsenal must have the wherewithal to protect data within applications, provide uncluttered visibility into all threats, yield actionable, data-driven insight, and provide controls to adapt your business on the fly. Safeguarding every infrastructure, wherever it resides, means secure data access on any device, in any environment, and at any time.
Addressing the skills gap
Cisco estimates there are a million unfilled cybersecurity jobs worldwide and Symantec predicts that the figure will rise to 1.5 million by 2019. A paucity of cybersecurity skills clearly needs urgent attention, and only a robust combination of investment, business resource, political will and cultural change can change the tide.
It is time to explode public misconceptions that cybersecurity is a dark science. It is, and always will be, an everyday part of our lives. It is also a fulfilling and rewarding profession. The career possibilities are endless in a market that is fast-paced, dynamic and at the forefront of cutting-edge technology. Today’s inertia and apprehensive messaging is reductive. We need to get better at spreading the word, identifying talent and assembling the workforce of the future.
GDPR and POPI
There’s no escaping this one. On 25 May, any organisation conducting business in Europe must notify regulators within 72 hours of a data breach impacting employees or customers.
The General Data Protection Regulations (GDPR) means there is nowhere to hide. Organisations must describe the nature of the breach, the number of data sets compromised, contact information of directors responsible and any mitigative measures. Potential fines could be up to 4% of global revenues or €20 million, whichever is greater.
Locally, the Protection of Personal Information (POPI) Act will fundamentally change how organisations capture, store, process and use personal information. Although it has not yet been implemented, once a commencement date is announced, organisations will have 12 months to comply. Those that don’t comply face fines of up to R10 million or 10 years in prison.
Businesses should already be deep into a risk-based preparatory strategy, including implementing secure procedures and controls to protect sensitive information. They should also temper their apprehensions. It will be disruptive but, if handled correctly, invaluable market differentiation can be gleaned through trumpeting best-in-class compliance and data management practice.
5G on the horizon
Mobile technology powers and influences the way we live, work and play in profound ways. 5G is set to change the game yet again.
Businesses should be planning for roll-out now, from both a technical and process perspective. Factors to consider include how they will support 5G, how it will affect their customers’ experience using their service or product, and working with new kinds of partners. For example, a healthcare company could now find themselves working directly with an IoT vendor.
Fundamentally, organisations need networks that can scale to handle massive traffic increases. With millions of new devices entering the space, security concerns will also need to be addressed from day one and, crucially, not result in limited accessibility. The best way forward is to work with a service provider and deploy Network Functions Virtualisation (NFV) and cloud-based technology as soon and as intelligently as possible.
AI and the rise of the machines
2018 will see AI and machine learning continue its quest to transform decision-making and consumer choice.
Increasingly sophisticated AI will underpin a new generation of cognitive apps that will not only provide users with a highly personalised, real-time service but also offer predictive and preventative capabilities. With the rise of IoT, these apps will increasingly sit at the heart of sprawling ecosystems combining multiple sensors with vast real-time analytics to optimise decision-making.
Key use cases racing for mainstream adoption include cognitive health and financial services. Tools of this nature depend on allowing companies continuous access to a raft of personal data, like biometrics and context (e.g. location). Advances in wearables, or embeddables, will clearly bring intuitive interfaces and convenience but users will also face new levels of privacy and security risks.
Augmented reality (AR) is another potentially disruptive force to watch, yielding a dizzying array of new opportunities for immersive business and entertainment activities.
As the building blocks for our fuel, water and power are increasingly digitised, they become irresistible targets for ambitious cyber-disruptors.
Hacker motives range from stealing data and crippling businesses to threatening citizens and causing reputational damage. Government and industry must prioritise and collaborate on the protection of our infrastructure to minimise impact.
Again, organisations should deploy a risk-based approach. They need to work with vendors and penetration testers to discover vulnerabilities that may be open to exploit and determine subsequent mitigation methods. An ability to react with speed is also essential.
As enterprises continue to deploy web applications, network and security architects need visibility into who is launching attacks, as well as a big-picture view of all violations to plan future coping strategies. Administrators must be able to understand what they see to determine whether a request is valid or if it is an attack that requires application protection.
The bottom line is that threats to our critical infrastructure are intensifying. The frequency of attacks is increasing as cybercriminal armouries evolve. We need to be ready.
By Martin Walshaw, Senior Systems Engineer at F5 Networks