It’s that time of year when predictions abound, and skeptical battle-worn security professionals will often side with Nils Bohr, the physics Nobel laureate who said, “Prediction is very difficult, especially about the future.” Nevertheless, readiness requires looking forward so we asked security experts within Exabeam, partners and customers to describe top strategic trends in cybersecurity.
Here are the eight cybersecurity predictions for 2020, structured by People, Processes and Technology—the familiar pillars of organization transformation that underpin the globally used information security standard, ISO/IEC 27001.
- The scope of the CISO will grow.
- Automation and SOAR will be integral to the operations of busy security teams.
- Compromised credentials will continue to be an issue for organizations.
- A continuing lack of security awareness and education in organizations will persist.
- Device security will dominate in 2020 especially for IoT, the US elections and applications.
- Machine learning techniques such as UEBA will be important to build better security.
- The cloud platform will gain momentum as adoption continues.
- Organizations that are not shifting to modern security will be vulnerable.
Security Predictions for People
The scope of the CISO. The unabated tide of security breaches has boosted the pressure on chief information security officers. The CISO must answer when the board asks, “Are we secure? Are we doing the right things?” Their roles and power vary widely depending on the types and sizes of organizations, technologies used, and many other factors. Our experts say in 2020, the CISO role will continue to evolve as underlying factors rapidly change. “We’ll see CISOs seek out relationships to advance security and enable other leaders, teams, and departments to have success beyond protecting digital assets,” says Steve Moore, chief security strategist at Exabeam. Moore predicts CISOs will “broaden the value and impact of cybersecurity.”
“In addition to managing risk, the CISO will become more influential by spanning organizational authority and becoming an ambassador for security,”—Lamont Orange, CISO, Netskope
In addition to security breaches, the way technology is used has changed. Steve Moore again, “The lifespan of an asset could be just moments and the artifacts we have to protect are dynamic and often don’t persist. That reality has changed the responsibilities of a CISO and the risks that a big organization has to face.”
“With microservices and other types of technology and assets being available and actively used, an organization’s environment has to be rock solid. A CISO really needs to get into the design, architecture and engineering way upfront to be able to see that it will be in a secure state for however long that asset’s going to be around.”—Brian Haugli, CISO, Side Channel Security
Automation and SOAR. Experts predict security automation will play big in 2020, such as using SOAR (security orchestration, automation and response) to help ease the day-to-day incident response workflow activities of security analysts who are swamped by irrelevant alerts. In 2020, “Using automation tools will become more of an ingrained concept rather than being something new,” says Nathan Labadie, manager of sales engineering at Exabeam. He says the practical benefits will be enormous. “With incident response automation, things that would take hours to do will, with the click of a button, provide results five minutes later.” Labadie suggests organizations ease into automation and try those projects in smaller stages to ensure success.
Compromised credentials. During 2020, our experts say attackers will continue to steal credentials as a primary vector for accessing organizations. “Social engineering and phishing will continue to be the easiest vectors to gain access to assets and information,” says Scott Dungan, VP of information security at Fifth Third Bank. “Examples of social engineering are when users are compromised through phone calls, text or email phishing campaigns,” says Samer Faour, sales engineer at Exabeam. “In 2020, deep fakes—videos created by artificial intelligence that make people appear to say or do something they did not—will be used as a social engineering attack vector.”
Security Predictions for Processes
Awareness. “Lack of security awareness by employees is a fundamental issue,” says Samer Faour. In addition to systematically teaching employees about the usual practical security awareness issues, security practitioners will step up efforts to make employees aware of how security affects the business—particularly those who decide to stand up their own cloud applications. Lamont Orange predicts “CISOs will build influence and emissaries, and have the teachable moments to bring everybody around to understand, ‘Hey, this is good for the business. We’re not trying to stop you. We’re just trying to help you understand how we realize all the potential of what you’re proposing.’”
David Tyburski, CISO at Wynn Resorts also believes in educating users, “It’s our responsibility to put in better processes, better tools, better functionality to protect them as opposed to saying, ‘You’ve got to learn how to be a security professional. You’ve got to learn how to do all the things that I can do and do your day job.’”
Device security. “Nation state attackers will be the greatest cybersecurity threat in 2020,” says Joe Lareau, a senior security engineer at Exabeam. He notes IoT and the security of voting machines and repositories of voter information will be front and center. “Entities such as states and the federal government will react to the threat of election tampering by building and using ‘defense in depth’—multiple layers of controls that involve staffing, procedures, technical and physical security for all aspects of the security program.” And, of course, analytics and machine learning. The same will be true for operational technology (such as plan monitoring and control systems) and IoT devices in use at enterprises and governments such as security cameras, HVAC systems, and a myriad of sensors. These systems continue to be vulnerable to state actors looking to disrupt operations, to corporate and government espionage and to attackers looking to benefit financially from theft and ransomware.
Automation. One of the key roles of a security analyst is to evaluate and respond quickly to potential security incidents. Exabeam SIEM users report seeing 4,000 attacks a week on each of their organizations, according to a Ponemon study (p.11). In order to respond to the magnitude of this threat, “It’s really about mean time to response,” says Nathan Labadie. He notes traditional playbooks stipulate multiple steps that require analysts to take a significant amount of time to execute the plan. “In 2020, security automation will help by providing more information at analysts’ fingertips. It’s less to do with replacing bodies and more about making the people that are there more efficient and proactive.”
Security Predictions for Technology
Machine learning and UEBA. “The biggest trends we’ll see in security in 2020 will be the increased use of machine learning and automation in the SOC to respond to potential threats in near real time,” says Scott Dungan. “In 2020, we’ll see greater adoption of next-generation platforms that allow analysts to collect unlimited log data, use AI-driven behavioral analytics to detect attacks and automate incident response,” says Anu Yamunan, VP of product management at Exabeam. UEBA (user and entity behavior analytics), in particular, will become a vital tool for detecting anomalous behavior, according to Barry Shteiman, VP of research and innovation at Exabeam. “Once you bring data in for UEBA, the system can pretty much stop modeling and start using the specialized algorithm to start detecting weird things and anomalies,” says Shteiman. “This allows the CISO and SOC to create better use cases for effective detection.”
Scott Morris from BlueCross BlueShield Western New York agrees. Insider threat is “definitely one of the most difficult problems to tackle and has become more significant with the ease and movement of data. The use of behavioral analytics is going a long way to help with that problem. It’s something we are tackling every day and what worries me even more than insider threat is the insider ‘ignorance’—which is perhaps too strong of a word—that exists in organizations.”
Cloud. “As organizations adopt a cloud-first approach and adversaries look to more aggressively target data stored this way, on-premises security information and event management tools will become outdated and dangerous, particularly for short-staffed security teams,” says Shahar Ben-Hador, VP of product management at Exabeam. In addition to using SaaS-based SIEM (see “Modernization,” below), he predicts in 2020 that “DevSecOps will merge into engineering and be guided by product. This merger of product and customer knowledge is essential to keep up with the increasing complexity of SaaS apps and the sensitive data these apps can access.”
Modernization. “The greatest cyber security threat in 2020 will be organizations that are not shifting quickly enough from the old way of doing things,” says Moe Ibrahim, director of sales engineering at Exabeam. He encourages security practitioners to prepare by thinking about security differently. “Leaders need to encourage their teams to lift their maturity and look for modern ways of doing things,” says Ibrahim, “such as leveraging AI and implementing automated processes for threat response.”
“In 2020, a greater need for SaaS-based SIEM solutions will emerge. These tools will change cloud security by minimizing the operational burden for SOC employees while significantly improving how fast they can catch suspicious, anomalous behavior within cloud applications.”—Shahar Ben-Hador, VP of product management at Exabeam
Automation. “A lot of the tedious work by security analysts will be automated by machine learning,” says Chris Tillet, a senior security engineer at Exabeam. “Machine learning is real and is working, and during 2020, more enterprises will deploy it to help them with these automated detection capabilities.” Automated incident response playbooks will be enabled by enriched data feeds via multiple cloud connectors with a myriad of event data sources, according to Barry Shteiman. “In 2020, more organizations will be able to apply behavior analytics to cloud applications.” He adds, “For strong security, cloud applications do belong in investigation timelines.”
2019 cybersecurity in retrospect
So how did we do on our 2019 predictions? Looking back, most of our predictions were in line with what we saw this year—long attack dwell times persist, attacks on low-level system architecture on local systems and the cloud continue, IoT adoption grows and people remain the weakest link for attacks. We also called that the government would take the first steps to control large internet service companies. One miss. While tariff, trade, and geopolitical differences remained in the news, it did not further fuel espionage-driven attacks on the private industry from nation states—especially in the US.
What remains to be seen is the resilience of election security following increased investments in those systems and the consequences of industrial controls and critical infrastructure that continue to stay exposed. So far, for the former, it looks like the recently completed off-cycle elections in Virginia, Kentucky and elsewhere were undertaken successfully.
A year from now we’ll be able to look back and judge the accuracy of these eight predictions for cybersecurity. Meanwhile, we urge you to weigh how each may play within your organization’s particular stage in the application of people, processes and technology for cybersecurity. One point surfaced in predictions across this strategic model: the vital importance of automation for speeding and improving detection and response capabilities of security analysts. Based on its recurring mention by most of the experts, we suggest you put security automation as priority one for 2020. In his book, The Foundations of Science, Henri Poincare (who laid the groundwork for chaos theory) said, “It is far better to foresee even without certainty than not to foresee at all.” If there was one thing our experts were certain about, it’s that all points above predicted for 2020 are addressable with a modern SIEM.