Trend No. 1: Cybersecurity mesh
“The cybersecurity mesh is a modern conceptual approach to security architecture that enables the distributed enterprise to deploy and extend security where it’s most needed. “ Gartner, 2021
This trend has been growing over the years. One thing is obvious, COVID-19 fast tracked all digital transformation and remote working plans.
The cybersecurity landscape that IT teams need to secure is no longer office sites with traditional solutions (NGFW, Anti-virus, monitoring, etc) and a few secure connections for external workers/3rd parties; it’s a largely distributed, predominantly remote workforce.
That said, focus shouldn’t just be on the technology that’s being used. It’s also the approach and mindset that needs to change in order to be secure going forward.
Trend No. 2: Cyber-savvy boards
“With an increase in very public security breaches and increasingly common business disruptions due to ransomware, boards are paying more attention to cybersecurity.” Gartner, 2021
Regardless of your sector, you’ve probably seen a news report announcing a cyber attack on a company in your industry. With good reason, organisations are dedicating more time and attention to discussing cyber related issues and programmes.
As we’ve seen countless times before, cyber resilience is one aspect of an organisation that really deserves proper attention, investment and focus, because if it isn’t being taken seriously, it can put your company in serious peril and you need to question why.
Trend No. 3: Vendor consolidation
“The reality in IT security today is that teams often have too many tools. Gartner found in the 2020 CISO Effectiveness Survey that 78% of CISOs have 16 or more tools in their cybersecurity vendor portfolio; 12% have 46 or more. Most organizations recognise vendor consolidation as an avenue for more efficient security, with 80% executing or interested in a strategy for this.” Gartner, 2021
More tools = Increased complexity = Increased cost & poor efficiency
I think most people will agree that having the same capability with fewer solutions and systems is a good thing. The problem is knowing which tools overlap, which to get rid off, which to retain and where the gaps are.
The process of reviewing tooling and providing recommendations is something we’ve helped organisations with throughout 2021. Here's what the Head of Cyber at Digital Health and Care Wales (NHS) said about some work we carried out for them last year -
“The suggested improvements they [NCL] provided will be instrumental in helping us enhance our cybersecurity practice – highly recommended."
If you’d like to ask us a question, we’d love to hear from you
https://www.netconsulting.co.uk/contact/ or click here:
Trend No. 4: Identity-first security
“Hybrid work and the migration to cloud applications have solidified the trend of identity as the perimeter. Identity-first security is not new, but it takes on fresh urgency as attackers begin to target identity and access management capabilities to gain silent persistence.” Gartner, 2021
We spoke recently about the ‘cybersecurity mesh’. The modern workforce is outside of traditional security architecture and as such, to a greater degree cannot be trusted. Zero-trust architecture and security principles are a key mindset and policy shift to ensure the rise of identity and credential theft is combated.
Trend No. 5: Managing ‘machine identities’ is becoming a critical security capability
“As digital transformation progresses, there has been an explosive growth in the numbers of nonhuman entities that make up modern applications. Therefore, managing ‘machine identities’ has become a vital part of security operations.
All modern applications are made up of services that are connected by APIs. Each of these services need to be authenticated and monitored as attackers can use your suppliers’ API to access critical data to their advantage. The tools and techniques for enterprise wide machine identity management are still emerging, however an enterprise wide strategy for managing machine identities, certificates and secrets will enable your organisation to better secure its digital transformation. “ Gartner, 2021
The numbers can get quite scary on this one. First think of all the devices on your network that you know about, including IoT and unmanaged devices, etc. Then consider all the applications that those devices run and add to that the amount of API access. All of this is before you then consider the devices you don’t know are on your network. I think you’ll agree that when this is all added up, the numbers start to get pretty huge.
What are your thoughts on this? Let us know in the comments.
Trend No. 6: “Remote work” is now just “work”
“According to the 2021 Gartner CIO Survey, 64% of employees are now able to work from home, and two-fifths actually are working from home. What was once only available to executives, senior staff and sales is now mainstream. The movement to hybrid (or remote work) is a durable trend with more than 75% of knowledge workers expecting future hybrid work environments.” Gartner, 2021.
A cultural shift in an organisation will mean a security review is required. The foundation of this is knowing how your employees work and how they access the resources, data, systems and applications they need to do their job. Once you have a clear understanding of these work requirements and patterns in your environment, you can strategically look to set security processes, procedures and solutions in place.
The key here is knowledge and visibility.
How has remote working changed your working environment?
Trend No. 7: Breach and attack simulation
“Breach and attack simulation (BAS) offers continuous testing and validation of security controls, and it tests the organisation’s posture against external threats. It also offers specialized assessments and highlights the risks to high-value assets like confidential data. BAS provides training to enable security organizations to mature.” Gartner, 2021.
Are you secure? Are you sure?
It’s hard to be confident of your security posture if you don’t have your homework marked.
For a long time, things like pen tests have been part of a company's compliance regime, ensuring the box is ticked. Just ticking boxes when it comes to security is a huge risk. Rigorously testing the integrity of your cybersecurity posture is good practice to ensure continual improvement can take place, this is especially vital when it comes to your critical assets.
Trend No. 8: Privacy-enhancing computation techniques
“Privacy-enhancing computation techniques that protect data while it’s being used — as opposed to while it’s at rest or in motion — enable secure data processing, sharing, cross-border transfers and analytics, even in untrusted environments.
This technology is rapidly transforming from academic research to real projects delivering real value, enabling new forms of computing and sharing with reduced risk of data breaches.” Gartner, 2021
Protecting personal or sensitive data when it’s being used, exposed/accessible is crucial, ensuring it’s only available when it’s required and only after some level of assurance the data being requested will be used (processed and stored) securely. An extension that accesses the data is also time bound and specific uses defined/enforced. Techniques are used to protect data privacy and from unauthorised access or attack (modification/theft/loss).
Such techniques include:
Using a trusted environment where data can be processed securely
Provision of analytics through privacy-aware machine learning/AI
Use of data and algorithm computation/transformation to keep data confidential and only accessible for intended use and period
In 2022 the realisation of the swift changes in 2020/21 settled in, there is no going back to past ways, the shunt to distributed IT service delivery is permanent, and therefore the strategy to secure such an environment must be considered as a consequence.
This isn't an overnight reshuffle, instead, it's forcing companies to reconsider how their IT is used and how that ties in with business strategy over the next 3, 5 to 10 years. We are going through a digital transformation that requires foresight, leadership, and a strategic approach to ensure operational success and security.
