Practitioner Q&A: Cyber Security’s Focal Points For 2018

Add bookmark
Dan Gunderman
Dan Gunderman
12/27/2017

As cyber-attacks grow in both scale and ferocity, there is an overabundance of media coverage and analysis poised to “right the ship.” But within the dynamic cyber arena, these prognosticators can only make so much headway.

There does not seem to be a one-size-fits-all remedy for mega-breaches and other malicious activity. We believe that visibility and transparency within the enterprise remains the best policy. That is, an intimately fleshed out network with practitioners eager to stay ahead of the curve. In order to do so, we also suggest regularly tracking the latest industry movements – across the threat landscape. To help with that, we spoke with four members of our Editorial Advisory Board (EAB) to get their take on cyber trends and goals for the coming year.

One EAB member is a cyber security legal expert and has overseen various IT security roadmap programs. Two others operate in the healthcare industry; and one is in higher education. Here’s what we learned from them about cyber security’s 2018 trajectory:

Cyber Security Hub: What’s been the biggest trend in cyber security in 2017? (Generally speaking, not just in your company.) So, threat defense, knowing the landscape, actively seeking out solutions, etc.

Jamal Hartenstein, Cyber Security Expert, IT Roadmap Programs: As we saw with Uber and cyber espionage in the news, the use of cryptocurrency to pay off cybercriminals for ransomware ransoms or to keep a breach under wraps is occurring. I wonder if it has become part of the contingency plan for organizations’ ransomware mitigation policies. Some countries (not the U.S. or U.K. yet) have announced their desire/intentions to regulate, or keep unregulated, cryptocurrency and ICOs. I wonder how federal regulation would impact cryptocurrency on the global market.

Rebecca Wynn, CISO, Matrix Medical Network: Using machine learning and artificial intelligence. Attackers and defenders are in a race to quickly adapt to new technologies and get ahead of the curve.

Jim Routh, Chief Security Officer, Aetna: Solving for Type 4 phishing emails – coming up with a new unconventional control for this type of phishing attack – fraudulent email coming from a compromised email. (Also), privilege user monitoring and access management.

Bob Turner, Higher Education CISO: Use of artificial intelligence for understanding security events. The discussion has turned from theory to reality in the past year. We have seen deployment of early first-generation technologies on a wide scale this year. IBM Watson and other solutions are digesting large quantities of data, Next Generation Firewalls and Advanced Threat Protection vendors are using cloud services backed by tremendously capable AI engines to absorb net-ops data and returning highly useful information to keep security operations centers focused on the task. The challenge, as some have noted, is there are not enough data scientists who truly understand cyber security to push forward. CISOs need to embrace the trend and start raising these people up from within.

Cyber Security Hub: What do you expect the most adopted enterprise security technology or disruption will be in 2018?

JH: Ethereum’s blockchain decentralized smart-contract ledgers…. A consortium of Fortune companies are behind it. It can secure transactions. (Also), BR/DR solutions to combat ransomware with backups/restores. (And), Darktrace, immune systems for your network.

RW: Using machine learning and artificial intelligence.

JR: UEBA. Unsupervised machine learning models integrated with endpoint protection. Continuous behavioral-based authentication to replace binary controls like passwords.

BT: Next Generation endpoint security tools that provide preventive controls will continue to mature and be embraced by architects and operators. What they will need are visualization software tools that put real information in front of the operators and managers, not just large lumps of data.

Cyber Security Hub: What is your enterprise’s specific focus in 2018 when it comes to security?

RW: In security, I am forward-thinking. Constant auditing, constant training, constantly use new technologies to augment staff. Think smarter. Think faster intelligence so you can make better and timelier decisions.

JR: Improving techniques for model-driven security – specifically model management. Adding voice biometrics and voice behavioral authentication.

BT: We will continue to mature our Cybersecurity Operations Center and improve operations within our risk management domain. Keeping our eye on mobile applications will take a stronger position on the radar as well.

Cyber Security Hub: How will regulations or compliance in general impact workflows next year?

JH: More lawyers will be included in workflows as opposed to getting invited only after legal claims are filed. I expect cybersecurity to be approached from a legal perspective in addition to technical and policy-laden… Companies will begin seeking out cyber-savvy lawyers for legal advice. (The) NIST 1.1 framework will likely reshape how the framework is utilized by unique organizations… Keen companies will hire lawyers early, involving them in CISO strategic planning, for two high-level, overarching reasons. One: The cloak of attorney-client privilege. Two: Having your legal teams proactively prepared to defend against ever increasing cybersecurity claims.

RW: I don’t see regulations or compliance in general negatively impacting workflows. Anytime we get additional requirements it gives me more support for the forward-thinking, security, risk, and privacy. It takes a long while to get people out of the old wineskins and into the new world of risk management.

JR: CMS – employee verification systems and controls for healthcare workers providing care at home.

BT: EU GDPR is the big target – we will continue to evaluate the business processes and tools we use to collect personal data and work through the compliance gauntlet to ensure we are ready if need be. GDPR requires we partner with business owners to understand the non-technical security aspects and team with them to solve those issues. One area I will focus on is the inevitable EU GDPR legal challenges that will arise within my industry vertical. How much will we be held liable for and by whom? Are there any legal challenges we need to watch?

Cyber Security Hub: Do you anticipate new attack vectors to emerge in 2018?

JH: Phishing and spear phishing will remain high. Ransomware will resume popularity.

RW: Absolutely. Malware, sophisticated-ware, privilege escalation-ware, and data-scraping bots will all be a bigger threat in 2018. You have to be a sleuth in looking at your environment – and think how a bad actor can gain access. Did you surf the internet and did a data-scraping piece of malware embedded in an ad just scrape the data out of cache? Do you really need all employees to have an outward-facing email address? What systems do users really need access to? (Remember), where the user can go, so can malicious-ware!

JR: Acceleration of account registration and password reset bypass using demographic information that originated from Equifax. Type 4 phishing attacks. Credential stuffing.

BT: Social engineering will continue to evolve and we will see new and unusual attack vectors emerging. It goes beyond basic user awareness and requires the engagement of everyone to understand the threats. Business owners and stakeholders will have to be “in the loop” on security awareness programs and give their input on what will resonate within their business units in order to craft an effective and time-conscious program.

Cyber Security Hub: Is the budget for cyber security spend increasing, decreasing or staying the same in 2018? Are there any budgetary shifts?

JH: NIST 1.1 will help address budgetary shifts by better demonstrating where gaps exist for enterprise security managers. Law firms, for instance, have been increasing budgets. The looming FTC suits make it an easier argument for companies to fund more into cyber security before it becomes mandated upon them along with fines and the ever-so-popular Consent Order, a 20-year audit relationship.

RW: Most who I have consulted with in conferences are seeing drastic decreases in security budgets for 2018, unless they experienced a major breach. (For) IT overall, budgets have been slashed. The shift has been to client acquisition, R&D and marketing/branding.

JR: Flat.

BT: I wish I could say increasing in my industry vertical. The reality is dollars are scarce and spending won’t increase by itself. Unless CISOs are connected to stakeholders and can present the business case, the dollars will be sent elsewhere. My wish is for CISOs and other C-suite officers to set up a path forward to move the dialogue toward identifying a healthy share of operating budgets and be dedicated to establishing cyber security as a partner instead of a function.

As evidenced in the discussion above, 2018 will bring an assortment of new challenges for cyber security practitioners. But best practices are emerging that can help combat myriad threats. Nevertheless, as trends emerge, the Cyber Security Hub will be at the forefront, discussing its impact on the enterprise!


RECOMMENDED