The past few years have been filled with shocks for the IT industry. The wave of global ransomware attacks that struck from 2017 to 2019 prompted rapid changes to cybersecurity strategies all over. Then came a pandemic that forced organizations to rethink their approaches once again as phishing attempts increased. Lately, there’s been another surge in ransomware attacks, with a 50% increase in the daily average in Q3, as against H1.
With these shocks, the future seems entirely uncertain. But there is a lot of hints we can glean from the present situation, enough to map out expectations for the new year and the future direction of cybersecurity.
People are the New Perimeter :
With the workforce of the corporate world growing more dispersed as the months pass, safeguarding data is more about protecting endpoints and the people who control them. Organizations cannot afford to rely on firewalls nowadays that most data is stored on the cloud and there are several endpoints instead of a few data centers.
The ultimate aim of today’s cybersecurity is not just to protect the network and infrastructure, but rather to protect the data stored on endpoints connected to the network. Traditional security had been focused on preventing intrusions but now, what leaves a network is more critical than what comes in, even though the latter usually leads to the former.
The evidence for this is the rapid rise in ransomware threats and phishing attacks. Some may clarify that identity is the new perimeter, or data itself, but all are essentially the same thing: that organizations, now more than ever, have a greater responsibility to protect people who have access to essential data.
Every other solution is hinged on this principle. It is the idea behind new secure authentication methods as well as the use of behavioral analytics to monitor employee actions and flag irregular appearances.
AI and Machine Learning :
Signature-based cybersecurity tools are notorious for their false positive alerts. According to this report, more than two-fifths (43%) of organizations experience false positive alerts in more than 20% of cases, while 15% reported more than half of their security alerts are false positives.
That had been good enough in the past but not anymore. Organizations need to be able to detect threats with more precision, especially since cybercriminals are now adopting artificial intelligence to launch attacks with greater scale and sophistication.
Next-generation cyber threats are ruthless and smart, so it is a battle of whose AI is stronger now.
AI would help us to detect system vulnerabilities faster, increasing our defense against zero-day attacks. Unsupervised learning (a model of machine learning), for instance, can help detect never-seen-before attacks, ensuring that our defense remains one step ahead of the attackers. Likewise, AI is our best bet against bot attacks as well as the deepfake problem.
AI has not evolved enough to replace humans, but it does a good job at enhancing human efforts at cyber protection, and every other use case.
AI and machine learning are helping us make better decisions to strengthen our defenses. For the future of cybersecurity, one can imagine a hybrid strategy that bridges legacy tools such as VPNs and firewalls with next-gen AI capabilities to provide comprehensive security cover and anonymity when using streaming services, provide access to geo-blocked contents, and protect against malware and phishing attacks.
Data Analytics and Automation :
Having identified data protection as the most critical step in cybersecurity today, it is essential to note that we are dealing with enormous amounts of data here, at a scale that defies human efforts and understanding.
Endpoints are growing further apart and IT departments have a more daunting task of maintaining comprehensive visibility over the endpoints and the data traffic.
AI in cybersecurity depends on the establishment of a baseline for normal/acceptable behavior and subsequently sending alerts when there is a deviation from the established pattern. This relies on data.
Data science enables us to optimize decision-making and improve our techniques as necessary. With predictive analytics, we can get more accurate assessments of our cybersecurity defense framework, identify vulnerabilities, and stop potential threats. Data analytics puts an end to the subjective analyses, usually marked by uncertainty and errors.
The automation of these processes (analytics and threat detection) frees up the tasks in the hands of the IT department, who now have to concentrate their human efforts on threat response, mitigation, and neutralization.
In cybersecurity automation, experts commonly reference SOAR (Security Orchestration, Automation, and Response) and SIEM (Security Information and Event Management) tools.
Having realized that passwords are not enough protection, cybersecurity experts have started rethinking authentication models to provide more secure access.
More so, the much-famed biometrics authentication has come under some doubt due to the proliferation of deepfakes. Multi-factor authentication is still quite popular but it still has some vulnerabilities.
Risk-Based Authentication, a solution that grants or restricts access based on a risk score assessed via login behavior, assesses risk based on a number of factors such as IP address, geographic location, device info, and even the sensitivity of data to be assessed.
RBA relies on AI and behavioral analytics to control access not just based on the identity of the user (which can be compromised, altered, breached, anything), but rather the context of access.
RBA is hinged on continuous authentication as well as the least privilege principle, which states that no one should access more resources than they need for performing a specific task. This principle is important for various reasons, chief of which is that it limits the attack surface should a breach occur.
Continuous authentication conducts identity verification on an ongoing basis, to ensure that a legitimate login session has not been compromised.
Regarding the future of cybersecurity, there is still a lot that is unclear. For instance, there is no certain prediction for when the planet would be rid of COVID-19, whose presence continues to affect business operations and cybersecurity.
What we do know is that cybercriminals are not backing down and we shouldn’t. In fact, this is a time for organizations to make their defenses tighter so as not to be caught off-guard.