Industry executives and experts share their predictions for 2019. Read them in this 11th annual VMblog.com series exclusive.
Contributed by Roy Katmor, CEO, enSilo
Cyber in 2019 - A Perfect Storm, a Silver Lining
Cyber
threats aren't slowing down. We see 2019 as a year where three significant
industry trends will converge to create a "perfect storm" of cyber risk that
will further tax already-stretched security operations teams.
1. The security talent crunch will force a shift in priorities and
practices. The increasing lack of highly skilled cyber talent, estimated at up to
1.8 million unfilled jobs worldwide by 2022, will force
security analysts in 2019 to focus more on strategic analysis and automated
processes implementation, to strengthen protective policies, and to invest more
time educating and guiding the non-technology manager and executive ranks.
2. Enterprises will feel the challenges of using traditional security
and SOC practices for securing data and endpoints in the cloud. While cloud computing drives huge economic
growth and business benefits, those utilizing cloud services, and that's almost
everyone these days, are trading flexibility, scalability and speed for
visibility and control. The lack of visibility into security for cloud-based servers and
virtualized end-points, especially given intervening software layers, sets the stage
for a major reckoning, as we see attacks on cloud environments increasing in
2019.
There will be more data and documents in the cloud to attack; attacks will be
easier; and attackers will therefore enjoy a higher degree of success. Look for greater
emphasis on how both providers and customers need to support true protection in
the cloud.
3. Cyber-attacks impacting the Internet of Things will grow
exponentially, exceeding enterprises' ability to manage associated forensics
and threat-hunting. More businesses employing more IOT devices
greatly expand the cyber-attack surface. Attack potency will also increase; many
IoT devices don't contain end point security agents, yet often connect to
network infrastructure. We believe in 2019 this vulnerability will be used to
cause damage inside businesses as well as to leak business and consumer data.
This explosion of data in the cloud, the
massive increase in IoT attack surface, and the growing security talent
shortage, will bring a perfect storm of successful cyber events in 2019. Unfortunately,
the systems, tools and experts we've long been directing at these problems are
falling short in scaling, managing and mitigating these pain points in a timely
manner.
For
example, the Ponemon Institute's 2018 Cost of a Data Breach Study found
the mean time to identify a breach in 2017 was 197 days! That represented a year-over-year
improvement of just six days. The mean time to contain was 69 days, only a 3
day year-over-year improvement. This challenging situation can be attributed in
large part to attackers' use of advancing artificial intelligence and machine
learning that increase stealth, accelerate attack speed, improve attack
techniques (like file-less malware) and help evade detection.
All is not hopeless. While this perfect storm is brewing,
CISOs and security operations teams can gain the upper hand by in turn applying
security automation and orchestration for prevention, detection, incident
response and remediation of a majority of incidents.
The artificial intelligence and machine learning driving
these powerful tools can provide instant insights and recommendations that will
circumvent or minimize many attacks. That will free security experts, too often
called upon to fill the role of both General and front line, to focus their
talents and expertise where they can have the greatest impact-such
as managing high severity events or finding elusive "needle in haystack"
intrusions. These professionals will come to rely on automation and
orchestration as force multipliers that automatically prevent or remediate
persistent attacks, while helping them solve high priority, opportunistic incidents
that require manual forensic capabilities.
We
believe the ongoing cyber battle will escalate in 2019, as adversaries continue
brute-forcing their way in through increasing attacks against increasing
surfaces. As the perfect storm continually redirects security practitioners' focus
across the urgency of the front line, expect to see increased adoption of
security automation and orchestration as tools in the fight. The hard fact that
there just aren't enough
people to manually process the cascade of threat data won't leave that a choice.
##
About the Author
Roy is a 15-year
seasoned product manager and security market strategist, combining strong
technical knowledge with proven sales and marketing skills. Prior to enSilo,
Roy led Akamai's security strategy. Before that, he managed Imperva's data
security products and architecture management. Additionally, Roy held various
product management and R&D leading roles at several international public
and privately-held companies. Roy holds a BSc in Information Systems from the
Technion, Israel Institute of Technology, and MBA in finance and business
strategy from the Hebrew University. Roy is a DIY master, enjoying fixing
anything from cars to home improvement.