Complex cloud computing systems and cutting edge infrastructure require a great deal of attention and protection. As always, with new technology, come new threats.
Because of the new technologies gaining traction across the B2B world, evolving malware threats, complex cloud systems, and 5G infrastructure headline G2’s 2020 technology trends for cybersecurity.
Virtually all modern businesses will adopt multiple cloud solutions by 2021, complicating management and protection. Pair that with emerging threats such as fileless malware and social engineering attacks powered by artificial intelligence (AI), companies must find new tools and skilled staff with the necessary resources to detect attacks and remediate issues as they arise.
Additionally, 5G infrastructure’s rapid emergence as the future of networking requires a rapid evolution of infrastructure and endpoint protection. Expedited adoption and international influence raise numerous security uncertainties, but businesses will adopt 5G technology before it’s secured.
G2’s 2020 cybersecurity technology trends
5G accelerates both connectivity and security risks
The rapid adoption and global promotion of 5G technology will force businesses to push unsecured infrastructure into production and rely on underskilled security professionals to protect it, resulting in numerous major 5G-related security incidents.
According to a report conducted by Ericsson, it’s projected that by the end of 2019, there will be more than 10 million 5G subscribers. This includes cell phones, IoT endpoints and any other internet-enabled device capable of supporting 5G connectivity.
5G is the fifth generation of cellular networking technology. 4G can only hit speeds of around 1 GB per second—5G technology has the potential to reach 100 GB per second. That’s 100 times faster.
This massive increase in usage translates to a 3x increase in global mobile data traffic each month by the end of 2024, according to the same report by Ericsson. Unfortunately, when there’s more data, there’s more threats.
The data traveling through 5G networks could be as harmless as social media browsing, but it could also contain sensitive patient information or critical business analytics. Either way, securing massive, continuous data transfers will require substantial efforts to secure and protect large swaths of information.
From a user’s perspective, 5G is great, it means more people in more areas can send huge files across global wireless networks with low latency and minimal performance impact. From a security standpoint, it poses a few questions.
New infrastructure is always potentially vulnerable to unknown threats. While 4G infrastructure will be used as a fallback, tons of 5G infrastructure will be built and manufactured to support continuing growth.
This infrastructure requires security assessment and workforce dedication to continuously secure it. This will add to the existing shortage of skilled security professionals and require additional investment from service providers.
Nation states and political threats are also potential pitfalls. Non-European Union states and state-backed threat actors are the number one concern for security leaders in the European Union, according to a report conducted by the European Commission.
Countries need to set standards for infrastructure and data protection across the globe. They also need to decide if specific vendors based in non-transparent nations pose a threat to their information’s security.
IoT endpoints are going to boom as connectivity increases. These devices may operate in homes, offices, or factories and require numerous security mechanisms to prevent breaches and lateral movement exposure. In some cases, single IoT endpoints with a vulnerability have been undisclosed for far too long, letting hackers feast while the issue is covered up. Other flaws have allowed a single endpoint to compromise an entire family of endpoints.
Either way, to prevent massive breaches and incredibly destructive botnets, these endpoints require hardening and the information they store require protection.
Real-time detection emerges to tackle new security threats
Detection-centric cybersecurity solutions will outpace legacy systems and replace traditional security processes with detection-focused tools powered by automated remediation technologies.
Emerging threats and a shared security responsibility between cloud service providers and businesses are driving an evolution in detection technology.
Cloud services providers like AWS, Google, and Microsoft have a continuously evolving relationship with their customers. This creates a need for multi-layered, mutually-owned security responsibilities. Both parties are responsible for separate aspects of cloud security.
Cloud services providers are responsible for securing on-premises infrastructure, computing, networking, and everything else that supports the cloud. Customers, on the other hand, are responsible for securing everything in the cloud.
“Cloud providers remove the prevention layer and all you’re left with is detection and response,” said Nabil Zoldjalali, a senior cyber security technology manager at Darktrace, at the Cyber Security & Cloud Expo Conference in November 2019.
Actually, the prevention layer remains in tact. It just evolves. It becomes more abstract since on-premises infrastructure is no longer a factor. However, companies have to do whatever they can to restrict network access to unauthorized parties.
While network access control (NAC) remains a key component, and a security minimum, detection and response become a continuous process that requires 24/7 monitoring.
New threats are driving investment into detection technologies. Fileless malware, for example, operates in memory, leaving no signature or forensic evidence. This type of malware may lay dormant and avoid detection, simply by operating within a device’s RAM. To combat this, continuous risk analysis must be conducted to identify abnormal activity or unapproved access.
|RELATED: Learn about fileless malware and how attacks occur, here →|
Advancements in social engineering and malware powered by machine learning make it difficult to identify threats as they are delivered and complicate the maintenance of threat data as it's constantly changing.
Luckily, new solutions are emerging to combat these new threats. These solutions prioritize visibility, orchestration, and automation to quickly identify and orchestrate the resolution of attacks as they occur in real time.
Security orchestration, automation and response (SOAR) solutions are one of the first technology groups designed to accomplish this. These tools are somewhat an evolution of two technology groups: Security information and event management (SIEM) software and incident response software.
SOAR software solutions combine the functionality of these tools and add intelligent automation functionality to improve a security operations team’s ability to tackle threats in real time with minimal manual labor.
User and entity behavior analytics (UEBA) software and zero trust networking solutions are designed to detect threats in real time. These tools all use behavior-based analytics to identify strange behaviors and misuse within a network.
UEBA solutions constantly monitor a user’s behavior, actions, privileges, locations, and additional factors to determine a user’s risk level. When risk scores pass a threshold, security staff is alerted.
Zero trust networking solutions operate similarly, constantly analyzing behaviors and risks, restricting network access to questionable users. 78% of IT security teams want to embrace a zero trust model in the near future, according to a report conducted by Zscaler.
Bot detection, fraud protection and endpoint detection and response (EDR) technologies will all follow the trend as well, adding real-time analytics and response automation. Additional tools will emerge, but these detection technologies will have the biggest impact in the near future and the most market growth in the foreseeable future.
A multicloud future is forging unified cloud security platforms
Since virtually all modern businesses will rely on multicloud environments, their security efforts will shift from a management-focused operational focus to one relying on unified visibility and automation across their disparate clouds.
Because companies use so many cloud services, and are expanding the use of software-defined security solutions, every operation running in the cloud should be centrally managed.
“It’s up to me to consume all the right services, to create a pane of glass, enforce those policies, and hold myself accountable,” said Sujeet Bambawale, 7-Eleven’s chief information security officer, at the Cyber Security & Cloud Expo Conference in November 2019.
|RELATED: Learn about the most common security challenges in the multicloud solution management space, here →|
Multicloud environments are expanding in popularity. 98% of companies plan to adopt multiple hybrid clouds by 2021, according to a survey conducted by IBM. The study also found that 85% of companies use multicloud environments already.
Centralizing visibility will give security teams better visibility into access privileges and improve vulnerability management across cloud environments. It also allows for an increase in authentication requirements and cloud workload protection efforts.
Cloud compliance, additionally, is easier to achieve through centralized control, especially for individuals managing cloud services from multiple vendors. Increasing visibility across cloud services will improve a company’s ability to identify and achieve compliance for storing sensitive information.
Auditing and analysis, will make it much more difficult for sensitive data sets to slip through the cracks and be easily accessed by threat actors. Along with proper identity management and access control, centralized management will simplify monitoring as well as policy enforcement efforts. All of this will help companies protect their data and avoid fines from privacy regulation bodies.
Lastly, centralizing visibility helps resolve one of the more common security errors caused by companies, misconfiguration. Each cloud and network environment today is unique and may require customized configuration for proper protection.
Failing to maintain proper configuration can result in a great deal of negative outcomes. The most impactful outcome, aside from application or server failure is a security breach. This is what caused the Capital One breach earlier this year.
|RELATED: Learn about the cost and most common causes of data breaches, here →|
Unified management and increased visibility allow companies to visualize configurations across clouds and networks. This makes it easier to identify and remediate misconfigurations before they cause an issue.
Cybersecurity trends 2020 and beyond
The security space is one of the most continuously discussed and evolving areas in the technology world. As the protectors of a business, security professionals must continuously update their security tools and processes to stay ahead of threat actors. As companies continue the digital transformation and adapt to a globally connected world, security must remain a priority.