2017 has started with some major developments in cybersecurity. The UK’s National Cybersecurity Centre opened up its doors and the work to get UK businesses and citizens more aware about cybersecurity intensified. This is hardly surprising as the country, and the rest of Europe, is only just 12 months away from new tougher legal regulations on cybersecurity going live.
So, there has been plenty of opportunities to hear about cybersecurity in the media, even in Parliament. But, what’s the lie of the land as the half year mark gets closer? Attending both major public and private events on security, the prognosis is the industry is becoming more mature and less manic but there remain some challenges to still address.
Threat Intelligence Sharing Is REAL
Cybersecurity vendor collaboration is becoming a real benefit for customers. The Cyber Threat Alliance (CTA), of which my company is a founding member, brought into the fold more vendors to share vital threat intelligence and apply to this to tackle cyber threats much more effectively. As a result, every major security vendor is now a member of the alliance, working together to help our joint customers in the challenges they face.
However, what is really ground breaking about how the alliance has grown is how the CTA has committed itself to the ongoing development of a new, automated threat intelligence sharing platform. This could be transformative for how threat intelligence sharing delivers a real rather than theoretical blow to threat actors and their exploits.
This new platform automates information sharing in near real-time to solve the problems of isolated and manual approaches to threat intelligence. It better organises threat information into “adversary playbooks” focused on specific attacks, increasing the value and usability of collected threat intelligence. This innovative approach turns abstract threat intelligence into real world action and lets users speed up information analysis and deployment of the intelligence in their respective products. This kind of collaboration strengthens the industry and makes cyberattackers’ jobs more difficult.
The Endpoint is at the Sharp End of Technology Innovation
Awareness of how legacy antivirus approaches do not work has arrived and more organisations are actively seeking alternatives. Hardly surprising when endpoint security was such a buzz at the events earlier this year and there are lots of approaches being presented. The most intriguing alternative to me is one that not only checks for compliance in antivirus replacement boxes, but is also natively integrated with the rest of the network security stack. As 2017 rolls on and organisations realise the magnitude of responding to cyber threats and complying with the tougher structures on data protection set out by GDPR and NIS, there is going to be a trend towards solutions with the native ability to integrate newly discovered threat intelligence into the platform with a minimum of human intervention. This is the only way to deal with both the floods of threat alerts most organisations receive and the growing number of endpoints connecting to networks.
Do Point Products Still Reign?
There is a varied ecosystem of security products targeting new threat vectors and techniques. This is no surprise but while new thinking and innovation are vital, an ad hoc approach to building a cybersecurity infrastructure doesn’t give organisations the complete visibility into their risk posture they need to prevent attacks. The feedback that I get from CISOs and others is point solutions have some value but they don’t interact.
Orchestration is a term that’s going to become more frequently heard in 2017. So, expect more vendors to claim they have found ‘THE’ solution for managing a mixed-vendor cybersecurity environment. While each company’s claims of supporting heterogeneous security, as an industry we must do better in delivering natively engineered security platforms in which many of the capabilities delivered by a point product have been integrated into the greater whole. If done well, this can be much more beneficial solution.
We need more cybersecurity people!
As threats become more common and damaging, and the legal requirements on organisations to protect their users for cybercrime become more exacting, we are exposing a shortage of ready-to-go cybersecurity expert talent at all levels.
If you boil down much of the current debate about cybersecurity, finding ways to identify, hire and budget for more staff is the number one concern for government and business. This nut has to be cracked but there is a twin track approach that needs to be followed.
On one hand, we must encourage more cybersecurity learning within the education system. People are interested in these kind of jobs – indeed, almost 1250 people applied for the UK government’s 23 cybersecurity apprentice positions. Therefore, we need to fund more of these initiatives whether within universities or more practical training within the workplace. The new proposals of T-levels also could be a vehicle for getting more cybersecurity into the school curriculum and technical education system.
Although training the next generation of cybersecurity experts is vital, we need more cybersecurity capabilities today and to enable the preventative strategies that are best able to protect organisations from cyberattacks. So, expect more organisations to evaluate how machine learning and artificial intelligence can be used alongside greater automation of cybersecurity processes to drive effective prevention strategies.
Over the last ten or more years we have seen tremendous changes in how our societies and economies have become more digitised. And, threats to these new ways of working and living our lives have not been unusual. So maybe one of those past years might have felt significant but, three months in, 2017 has got a strong claim to be transformative year for my industry. Or, at least until 2018 begins.
