Four Critical Cybersecurity Predictions for 2018
In November, I attended the Gartner Identity and Access Management conference in Las Vegas, Nevada. Over 1,600 attendees came to learn about what’s next for cybersecurity. Here are my four predictions for next year based on exclusive conversations with attendees and research presented at the conference.
#1 Multi-factor Authentication (MFA)
People are going to expect multi-factor authentication (MFA) everywhere. Consumers are already accustomed to MFA from their financial institutions, Google, or Facebook prompting them when they’re using a new device, when they’re opening a new browser window, or when they’re in a new location. Graduates entering the workforce will see this as normal, not having known a world where a single password was considered sufficient security. Your organization should not disappoint them by just depending on static passwords, which poses the risk of the user’s credentials being overcome by a more powerful attacker.
#2 Increase in Remote Security Operations Center and Cybersecurity Employees
The lack of cybersecurity experts is going to drive acceptance of remote working in the SOC and other key cybersecurity job functions. Cybersecurity Ventures estimates that there will be 3.5 million unfilled cybersecurity jobs in only three years. This lack of skilled employees will force employers who previously have not seen the benefits of remote employees and digital nomads to reconsider their antiquated requirements that employees be at an office from 8 AM – 5 PM, Monday to Friday, and to instead hire the best, regardless of location. This also means that cybersecurity experts in the heartland may be able to request coastal pay rather than settling for a lower amount.
#3 Rise of the Automated Security Operations Center (SOC) Analyst
Artificial intelligence is going to take the jobs no one wanted anyway. Consider the role of tier one security operations center (SOC) analyst. Their purpose is to read log files most of the day, trying to correlate an increasingly complex volume of event log data to find attack patterns. It’s mind-numbing work and requires more luck than skill, as humans are no longer able to maintain the protection of the complex threat surface we have today. Artificial intelligence and machine learning are very good at spotting patterns and assigning quantitative scores, and organizations will deploy these tools to augment the work of the analysts in the SOC. Instead of poring over 5,000 filtered event log entries from the Security Information and Event Management system (SIEM) per day, an analyst will be able to direct investigations by applying qualitative judgment to risks identified by AI.
#4 Limiting Damage Due to Inevitable Breaches
Mature organizations will drop the Quixotic goal of stopping all breaches and instead define their success by acceptable losses. Organizations now need to choose carefully between multiple imperfect cybersecurity options where all choices can still lead to a breach. They will instead prioritize projects that minimize the damages of the breach by breaking the cyber kill chain, either by limiting lateral movement via automated password rotation or by deploying honeytokens and formal deception technologies so that attackers can steal only falsified credentials and data.
One fact will hold true in 2018, no matter what organizations do: cybercriminals will continue to reinvest their profits into building sustainable but illegal businesses. The underlying economics of cybercrime continue to give massive financial incentives to the attackers. Organizations should retaliate by adopting a “keeping up with the Joneses” mentality so that they’re always slightly more secure than organizations in the same market or vertical. If broadly pursued, this mentality will increase the costs for cybercriminals, thereby forcing smaller criminal organizations out of the market and raising the operational costs for organized crime.