10 Cybersecurity Predictions for 2021: Trends in Protecting Remote Workforces, Part 3
With remote workforces driving almost all sectors of the economy, technology has become a critical cornerstone for businesses. In our final post we look at how cybersecurity tools are adapting and evolving to meet this change. If you missed our first two posts, you can catch up on views from security experts on People and Processes.
Security predictions for Technology
Cybersecurity solutions will need to justify their cost. The rationale for technology purchases will need to be more outcome-based. This applies to security management solutions generally, and SIEMs specifically. Every dollar spent must tie directly to demonstrable high-value insights that are critical to an organization’s security posture. Organizations are tired of buying monolithic SIEM solutions with questionable ROI, based on some vague promise of value down the line. “To align with their prospects and current customers, cybersecurity companies, including vendors like us, must offer high-value use cases and SOC workflows,” says Gorka Sadowski, chief strategy officer at Exabeam. With security teams under scrutiny to protect users, investigate incidents, and evaluate a myriad of tools, all under limited budgets and resources, cybersecurity solutions need to demonstrate why they make the cut.
Due to threats and events going up, Deneen DeFiore, VP and chief information security officer at United Airlines, says she “Took a laser focus on what are the risks, what’s the most bang for our buck, and where do we put the resources to make sure that we’re protecting the business.” She focused on what priorities were aligned to business risks and outcomes and put a lot of other items on hold. One of her priorities has been biometrics and collecting health data, to optimize authentication and customers’ travel experience.
Broader adoption of automation. Now, more than ever, is the time for a shift in mindset. “Security teams must train harder than they fight,” says Ran Tamir, VP, Product at Pcysys. He points out that the convergence of people, resources and technology is critical to support a more mature security posture. “Continuous and accurate testing is needed to maintain and improve the organizational cyber security posture, and this can only be achieved by automation.”
Demand for better and easier analytics. Derek Lin, chief data scientist at Exabeam believes as SIEM buyers expect vendors to continue addressing big data infrastructure challenges in data ingestion, processing and archiving in 2021, their attention will also increasingly shift to analytics and its value. “Customers should demand better analytics from their SIEM vendors with improved tradeoff between detection and false positive rates. These analytics should be easier to maintain and tune, and require minimum intervention by humans to provide a high degree of accuracy and outcome explainability. Forward-looking security analytics vendors, supported by the right engineering and security expertise, will move UEBA to the next level of sophistication, efficiency and completeness,” he says.
Industry consolidation. Grant Leonard, co-founder at Castra Managed Services, believes that SIEM proliferation will cease, leaving room for only a few high-end vendors. He also predicts that on-premises SIEM will potentially end within ten years. MSSP/MDR consolidation will begin, with smaller, less adept players leaving the market and larger, but nimble players (those who adopt ML/SOAR/XDR tools) to emerge as leaders. This means that the largest players may also sell off their business, as they cannot evolve fast enough. Finally, associated with this market consolidation, orchestration and automation will continue to grow as a major factor for MSSP/MDRs. In most cases, it will still fall short of where everyone wants it to be.
API attacks will increase. Colin Anderson of Levi Strauss sees a dramatic increase in attacks against the APIs that are being used by applications. He says, “I see attackers leveraging a lot of API vulnerabilities or configuration mistakes.” Deneen DeFiore at United Airlines agrees, as she adds that APIs are “transactions and data being digitized in functionality and it’s not always a detectable issue,” especially since applications are designed as functioning so it’s difficult to find issues that arise — meaning there are many existing vulnerabilities that aren’t detected.
With the rise of cloud apps that use these APIs, this is just another vector of attack, exposing the need for security solutions to address this area going forward.
A look back at 2020
Looking back at the 2020 predictions, we did pretty well. While much was driven by the pandemic and the need to support remote work, this surge led to an increase in the role of the CISO, while compromised credentials and device security gained in importance. Security training is now a must. Automation, SOAR platforms, and machine learning for UEBA have become a focus because of the myriad security solutions used to support workers and the fatigue security teams face in addressing the rising cybersecurity challenges and incidents. And finally, cloud, tied together with modernization and the digital transformation needs of organizations have all been a focus in 2020 for organizations.
Based on our predictions, this year we’ve included some recommendations from our contributors that your security teams can think about as you plan for 2021.
- With the rise in credential-based attacks, we recommend organizations across industries can invest in machine learning-based user and entity behavior analytics (UEBA) to ensure that malicious activity by attackers is not overlooked. Further, UEBA can identify when a legitimate user account is exhibiting anomalous behavior, providing greater insights into both compromised and malicious users to SOC analysts.
- As you identify gaps and roll out initiatives around modernizing your infrastructure, make sure you have smart analytics in place around your network and apps. Don’t just monitor for specific risks — make sure your solutions are comprehensive and can detect activity that deviates from normal patterns (which helps with preventing alert fatigue as well).
- Empowering SOC teams will be critical to improving your security programs and processes. This is a process- and program-oriented recommendation — streamline communication between the CISO and their security teams (analysts, etc.) so that the connection to the executive team is real. Have the stories and data in place for CISOs to take to the board, CEO, CIO, or CFO so that decisions can be made quickly, and efficiently.
- In another process recommendation, we suggest focusing on security training and awareness. With more remote workers that access apps and data from beyond corporate firewalls, it’s important that employees, contractors, and third-party stakeholders are all looped into security best practices. This will help reduce the risk of data breaches and threats.
- Test, test, test. Without testing, security teams will not know the true cyber security posture of their networks. Well-researched security investments aside, the reality is that no out-of-the-box solution, or combination thereof, leaves you truly and completely protected. Without visibility into the effectiveness of your tool, the increased attack surface and sophistication of attacks leave you at great, and undetermined, risk. The most important thing you can do is to test and test again to determine and prioritize the controls required to harden today’s uniquely distributed workforce environment.
- Finally, in choosing security tools and solutions, ensure not only the business case and ROI of the solution but also that it’s comprehensive enough to work across the rest of your security and IT stack and reduce the operational burden to your security team.
With a pandemic driving the need for remote workforces as the major trend in 2020 and continuing through to 2021, we see an opportunity for security organizations to take action against malicious cyber criminals that will try to take advantage of this shift. IT and security leaders will need to take a deep look at how their people, processes, and technologies are working together to effectively compete in this unpredictable environment, secure employees and customers, and streamline security teams.
Catch up on the rest of the predictions for 2021.