This commentary is the third of a three-part series featuring what cybersecurity thought leaders expect to see in the coming year.
Cyberattacks are continuing to increase in intensity and sophistication. Attackers are well funded and highly motivated, leveraging state-of-the-art techniques, operating across borders and rarely facing prosecution.
Cyberattacks are nothing new, but their consequences have recently become more significant – and are raising the stakes for information technology executives.
The expansion of the Internet of Things, the proliferation of connected devices and the growth of cloud computing all mean that an organization’s “attack surfaces” are growing. This target-rich environment makes it easier for hackers to find an entry point into organizations.
The increasing sophistication of targeted attacks indicates that we will continue to experience vulnerabilities with industrial IoT devices, personal and medical wearables, and connected consumer devices, as well as exploits at the firmware level. Defensive cybersecurity capabilities, meanwhile, continue to vary widely across organizations in the ability to prevent, detect and respond to damage and loss.
However, we see several trends emerging in mature organizations as they race to adapt to the new challenges:
While not new, we see an increased use of high-powered analytic tools to profile wanted and unwanted behaviors at the account, network and system levels. With the increasing “white noise” of constant low-level activity, analytics at a large scale makes it possible to identify truly harmful behavior. Security analytics will also start to focus on how to better visually interpret security data, since operational monitoring by reading through logs and text to understand what’s happening is too slow today, given the flood of digital information coming from the IoT and the cloud.
[Read more: 5 cybersecurity trends to watch for in 2016, part 1]
Though there are challenges in maintaining application and system visibility with the rise in Docker and similar container platforms for application virtualization, we also see significant benefits in using a full stack virtualization of infrastructure and applications to increase agility in security management and response. The increased speed and comprehensiveness of responding in a virtual environment greatly aids security response teams.
We anticipate early adoption of auto detection and correction-based security services in edge and/or end-point systems. In addition, mature organizations are beginning to “intelligently” automate time-consuming and frequent tasks within security operations that occupy staff, and automating them in order to focus talent on tougher challenges. Replacing current reliance on “eyes on glass” with automation that can help cybersecurity staff to deal with basic threats will reduce the noise and better prioritize security response effort.
Contextualized threat data
Security teams often lack situational awareness when an incident occurs. They need to know what it means for the mission, who the players are, what the priorities are, and whether they can act based on the information at hand. Mature organizations are creating systems to help the security team understand enough about specific assets to contextualize threat data. This requires solid asset management, strong risk management planning, and an effective and ongoing communication between security and the mission.
[Read more: 5 cybersecurity trends to watch for in 2016, part 2]
Given the recent well-publicized breaches, organizations are asking what needs to be done to prepare for a potential event. Many are beginning to continuously exercise organizational defenses with a third-party sparring partner to test the skills and technologies of sophisticated attackers, without the malice. It can be difficult to improve the maturity of cybersecurity capabilities without the equivalent of a boxer’s sparring partner. For example, after mastering static “punching bags,” firms need a life-sized opponent to drive additional improvements. The sparring partner needs to apply all of the attacker’s creativity and intent to ensure that the company’s security innovations keep pace with the latest hacker advances, which continue to increase exponentially. That means engaging all of the mission stakeholders: risk management, communications, legal staff, the fraud team, and so on. Done right, the sparring partner approach replicates real-world attacks to a far greater degree than is possible by running tabletop exercises, working through compliance checklists or conducting an annual penetration test.
In addition to these trends, we also see shifts in public policy considerations.
As federal government security organizations continue to evolve and cyber education becomes more widespread, we expect to see an ongoing debate about cybersecurity capabilities concentrated in government authority and the consequent impact to personal privacy and the need to address Safe Harbor concerns. The implications of this and other policy debates will also spur changes in the legislative landscape.
In the meantime, cybersecurity responsibility often continues to be addressed by individuals positioned below top management — typically at the program level – where security budgets are frequently not commensurate to the task.
In this environment, security leaders will need to implement a strong cybersecurity operating model, capable of prioritizing, executing and operating new security capabilities.
Jennifer Combs and Mark Savage are managing directors responsible for Accenture Federal Services cybersecurity programs.