Predictions for 2019: The Security Industry Will Finally Wake Up To What’s Really Happening

cyber defense FIEvery year we all offer our thoughts and ideas for what the year ahead holds in store – generally more of this, and less of that, sprinkled with some hope what we’ll all get a bit better at securing our respective assets.

This year, I’m really offering one prediction that has three essential components. And it all hinges on one key message: WAKE UP!

1. The economic losses to cybercrime in 2019 will be the worst ever.

The silver lining is that it will drive international political policy change to reflect the heightened situational risk posture of cyber warfare. In other words, the realization (finally) that we’re in a cyberwar.

Cyber defenses are based on the philosophy of being “appropriate to the risk.” Unfortunately, the asynchronous nature of risk and damage from cyberattacks has perpetually condemned the defenders to underestimating the level of risk and consequently under-delivering the appropriate level of defense. In 2019 governments, policymakers, think tanks, and industry leaders will move to issue guidance that reflects what is appropriate to the risk once they adopt the context of economic wartime.

As the realization of a cyberwar condition is accepted by economies…

2. Existing cybersecurity and risk frameworks will be revamped to be more dynamic and adaptive to the reality of the threats we face.

NIST, ISO27001, CIS, and other frameworks all provide very similar guidance offering basic and foundational recommendations to achieve appropriate levels of operational protection from cyber threats. However, given the state and sophistication of cyberthreats and positioned in the context of economic warfare, the existing language used across the frameworks will be of diminishing value. Representative of the guidance language is the following, from the Center for Internet Security:

“Ensure that the organization’s anti-malware software updates its scanning engine and signature database on a regular basis.”

This is simply insufficient guidance. Many listed controls in NIST 800-53 are not highlighted as recommended even for high-priority systems. When asked to provide cyber defense recommendations for high priority systems, under a cyber war condition, many frameworks will offer additional, significantly heightened guidance.

As a result of heightened recommendations for appropriate cyber defenses in cyberwar environment, there will be…

3. Mass adoption of AI-powered security tools and threat intelligence driven by internal data.

The use of AI in combination with internally generated threat intelligence will support the critical tenets of an effective cyber defense system as reflected in the CIS Controls below:

  1. Offense informs defense: Use knowledge of actual attacks that have compromised systems to provide the foundation to continually learn from these events to build effective, practical defenses. Include only those controls that can be shown to stop known real-world attacks.
  2. Prioritization: Invest first in controls that will provide the greatest risk reduction and protection against the most dangerous threat actors and that can be feasibly implemented in your computing environment.
  3. Measurements and metrics: Establish common metrics to provide a shared language for executives, IT specialists, auditors, and security officials to measure the effectiveness of security measures within an organization so that required adjustments can be identified and implemented quickly.
  4. Continuous diagnostics and mitigation: Carry out continuous measurement to test and validate the effectiveness of current security measures and to help drive the priority of next steps.
  5. Automation: Automate defenses so that organizations can achieve reliable, scalable, and continuous measurements of their adherence to the controls and related metrics.

The emphasis on internally generated data is the result of the fact that the consumption of external threat data has failed to deliver tangible benefits in effective cyberdefense, and has only added burden to scarce incident response resources.

Early adopters have deployed automated cyber defense platforms that utilize hybrid AI-based technologies to detect and analyze the behavioral fingerprint of an attack, and then map the extent of an intrusion. This approach will increasingly be a foundational best practice for organizations with high levels of risk associated with the loss of intellectual property, personally identifiable information, or the provisioning of critical infrastructure.

The alternative, of course, is to continue to deny that we’re in a cyberwar, the result of which will be the continuation of prediction #1 above, but without the silver lining.

Andy Norton

Andy Norton

Andy has been involved in cyber security best practice for over 20 years, specializing in establishing emerging security technologies at Symantec, Cisco and FireEye. In that time, he has presented threat and intelligence briefings for both Bush and Obama administrations, The Cabinet office, the Foreign and Commonwealth office, SWIFT, Swiss National Bank, Prudential Regulation Authority, the Bank of England, The Hong Kong Monetary Authority and NASA. Returning to Europe from Asia in 2011, he has spent the past 5 years helping many of the FTSE 250 companies measure, manage and respond to cyber incidents.
Andy Norton