In the past year, cybersecurity has truly broken through and become not just a boardroom issue but also a dinner table topic. From ransomware attacks to election tampering, we have been fed a steady diet of explosive front page stories that have shaken the public’s sense of online security.
In this article, I will take a look at some of the key trends dominating the discourse among those of us defending digital assets.
1. Tool fatigue is setting in.
The fractured cybersecurity industry seems to produce a new “must have” tool every six months or so. Between “next generation” this to “advanced threat” that, it is all a security leader can do to keep up with the latest terminology, let alone evaluate the effectiveness of new tools.
To be sure, there are some incredible new security tools that, if implemented and managed properly, can add tremendous value. The problem is that none of them are “set it and forget it” — they require ongoing tuning and monitoring. In addition, alerts must be escalated properly, and the different products must not conflict with each other. Many companies have invested in tools that are supposed to enhance their security posture only to find themselves buried in alerts and alarms with no reasonable way to triage and prioritize response efforts. This can actually make an organization less secure as security resources are consumed responding to false positives and working to stem the flow of alerts.
Having better tools is important, but focusing too narrowly on technological approaches to security can detract from the essential, proactive work of developing a comprehensive incident response plan and cultivating a security culture across the organization. It is imperative to establish security priorities first, then select the tools that will best support those priorities, making sure you have the qualified staff to manage the tools effectively. Too many companies still approach the issue of security the other way around — selecting products first, and then determining their security priorities based on what those tools can do. Not only does this lead companies to buy products they don’t need, it leads to gaps in security protection.
2. The need for legal and security to converge will intensify.
Given the massive security breaches that have dominated headlines of late — think Yahoo, the SWIFT banking system and the Democratic National Committee — it is clear that cyber threats pose an existential threat to organizations in every sector, and are not just an IT issue. The fallout can be enormous. In addition to the loss of data or intellectual property, there are the prospects of expensive penalties and drawn-out lawsuits, brand damage and lost business, and the undermining of customer loyalty.
Boards and C-level executives are finally coming to grips with the potential magnitude of cyber risk, and legal teams are now expected to work hand in hand with IT to mitigate that risk and manage response. In-house counsel and the legal department are increasingly required to provide guidance that is informed by a much deeper understanding of the technology landscape.
However, time and again we have seen incident response teams operating without guidance from counsel and without the benefit of attorney client privilege. Exacerbating the issue is the continuing shortage of lawyers competent to advise on these issues. The fact is, even the lawyers that have mastered the legal landscape do not have sufficient technology experience, and those who wish to specialize in this area struggle to find appropriate training options.
The field of cybersecurity is also extremely dynamic, and a lapse in training of more than a few months can render a skill set dangerously outdated. If legal and security are to converge, it isn’t necessary for lawyers to suddenly become cyber experts, but a basic understanding of the key technology concepts inherent in cybersecurity is crucial. It is imperative that companies invest in more formalized and ongoing training opportunities for lawyers.
3. Machine learning will play a larger role in cybersecurity.
Most security experts today will acknowledge that it is almost impossible to keep hackers out of a network. Research also indicates that insider threats account for a substantial number of today’s data breaches. These two facts combined have created the need for a rethink on IT security, with user behavior analytics (UBA) emerging as a potentially powerful new weapon in the cybersecurity arsenal.