Industry executives and experts share their predictions for 2020. Read them in this 12th annual VMblog.com series exclusive.
By Vincent Berk, Vice President, Chief Architect Security, Riverbed
Technology
In 2020, Data Hoarding is Out and Cyber Hunting is In
Artificial Intelligence faces a “put up or shut up” moment as companies put the technology’s capabilities to the test.
For some companies, the proliferation
of the cloud and its immense data storage capabilities have become double-edged
swords. As the flood of data has become more of a deluge, some organizations
have become "data hoarders," collecting anything and everything. That includes
information that doesn't necessarily help the business grow.
Big Data Gets Riskier in 2020
Sure, big data can deliver
tremendous business value. But organizations are beginning to recognize that some
of the data could also be a liability and that holding on to it for no apparent
reason puts the organization at risk unnecessarily. The risk of sensitive
client data being breached, for example, could have a substantial impact on a
company's bottom line, especially as consumer data protection laws such as
CCPA, which is coming down the line in 2020, continue to emerge.
It's easy to say that a
solution to the data deluge will be found in Artificial Intelligence (AI) and
Machine Learning (ML) - two of the most overhyped buzzwords in the industry
today. But in 2020, the AI/ML hype will face some "put up or shut up" moments
as it's forced to show how it can deliver real-world value for companies
struggling to identify which data points are business critical and which ones
expose companies to unnecessary risk.
Consider how many commerce sites use customer data to analyze shopping
and spending habits to make recommendations on other products that customers
might like. Keeping data about the brands, colors and styles that customers prefer
can help online retailers push other products that their customers might like -
a value-add. But holding on to credit card or shipping address data, for
example, could create risk for both the company and the customers if that data
is breached.
If the technology can determine, for example, whether customers abandon
a shopping cart because they're forced to enter their credit card number for
every transaction, it allows the retailer to weigh the business value of
keeping that information against the potential risk it creates.
Cyber Hunting Will Become Mandatory for Organization's
Security
But understanding which data points are
valuable and which ones are risky is only one concern. In 2020, we will see an
increase in the number of "advanced persistent threats" (APT) - sophisticated,
systematic cyber-attack programs that are often orchestrated by a group of
skilled hackers and not only continue for an extended period of time, but also
do the most damage. If an organization doesn't take proactive steps to combat
these threats, the potential damages are unlimited.
As networks for organizations
have grown, they have started to resemble the Roman empire - big, sprawling and
hard to defend. And although static defenses slow
down casual attacks, the APT will find a way to penetrate and organizations
will be forced to fight them on their home turf.
Since a skilled adversary rarely
trips the detectors, organizations will increasingly be forced to hunt
proactively for them through a tactic known as "cyber hunting," the process of
proactively and iteratively searching networks to detect and isolate advanced
threats that evade existing security solutions.
As hackers become smarter and find
new evasive ways to infiltrate a network, organizations in 2020 will begin
adopting the proactive cyber hunting approach to complement traditional
reactive threat management approaches of installing firewalls, intrusion
detection systems and SIEM systems.
In closing, as more data becomes
available to organizations, the business decisions get tougher. Using data to
grow customer loyalty and expand sales is certainly valuable. But protecting
those same customers by being smart about the data that's being stored is also business
critical. Expect organizations in 2020 to start holding technologies to their
promises so they can determine the security measures - and data retention
policies - that are best for them.
##
About the Author
Vincent Berk is Chief Security
Architect at Riverbed and is responsible for setting the vision and strategy
for networking solutions in the cyber security space. Berk joined Riverbed
through the acquisition of FlowTraq, an enterprise security analytics company
where he served as founder and CEO. Previously, Berk taught computer science at
Dartmouth College. He has a Ph.D. in machine learning and large scale data analytics
from Leiden University and holds several patents in the application of large
scale data analytics in cyber security.