The definition of best practice in cyber security is constantly in flux, so it’s important to stay up-to-date with the latest industry guidance.
To keep your business secure, it’s crucial to monitor and react to trends, particularly in relation to use of technology and processes. Here we examine five cyber security trends it’s worth staying abreast of in 2020.
Zero Trust
Identity remains a top attack vector for cyber criminals. Indeed, according to a recent analysis, 81% of data breaches were linked to weak, stolen, or default passwords. Unfortunately, however, it is still the case that organisations are not focussing enough attention on validating the identity of users and devices.
Zero Trust security solutions are based on the principle that untrusted actors are already inside the network and therefore every user access request needs to be authorised.
It is often assumed that zero trust means blocking access – but this isn’t true. Instead, the Zero Trust model is focused on granting access to systems by verifying who is requesting access, to which environment or asset access is being requested, and the context of the request.
Approaches helping organisations move towards a Zero Trust model include identity and access management, network segmentation, multi-factor authentication, and the principle of least privilege.
Cyber Threat Hunting
The importance of monitoring both on-premise and cloud environments has never been more important. However, many cyber security experts agree that ‘reactive’ monitoring, simply relying on technology to generate alerts is not enough - there is a need to be proactive to identify unknown threats.
Sophisticated modern cyber threats are not always obvious and it is common for them to lurk inside systems for a significant amount of time without a business noticing. The Ponemon Institute estimates the average ‘dwell time’ of breaches to be 191 days.
Cyber threat hunting is the process of searching systems to find powerful threats that can evade traditional defence measures.
This is why businesses are increasingly investing in proactive threat hunting, and engaging cyber security experts to search networks in order to identify new types of threat before they can damage the business’ system.
Businesses are increasingly investing in proactive threat hunting, and engaging cyber security experts to search networks in order to identify new types of threat before they can damage the business’ system.
Passwordless Authentication
Sadly, too many people don’t set strong enough passwords despite plenty of good practical advice being freely available on the Internet. A recent report worryingly revealed that in fact Google searches for passwords are on the decline. One possible reason for the decline could be a movement towards passwordless authentication.
In passwordless authentication the verification is achieved using methods such as biometrics and security tokens. More and more applications are using passwordless authentication, such as mobile banking apps that must now comply with new strong customer authentication requirements.
It has been predicted that by 2020, 60% of large enterprises and 90% of medium-sized businesses will implement passwordless methods in more than 50% of use cases.
Security Orchestration, Automation and Response
Security orchestration, automation and response (SOAR) is a term used to describe the convergence of three distinct technology markets; security automation and orchestration, security incident response platforms, and threat intelligence platforms.
By aggregating a greater range of threat intelligence and automating response to threats, SOAR technologies are helping organisations to accelerate respond to threats, improve the efficiency of operations and enhance stakeholder reporting.
It has been predicted that by the end of 2020, 15% of organisations that have a security team of at least five people, will utilise SOAR tools.
[ymal]
Cloud Security Posture Management
There is no doubt that the momentum of the cloud is continuing. 85% of enterprises are now storing sensitive data in the cloud and up to 70% of all IT spending will be cloud-based by the end of 2020. Despite its many benefits, however, cloud computing is creating new cyber security challenges – particularly for those businesses operating across multiple cloud environments.
The need to better protect the cloud has seen the rise of cloud security posture management (CSPM). CSPM tools are designed to help organisations manage cyber risk through the prevention, detection, response and prediction of where excessive cloud infrastructure risk resides.
Many successful attacks against cloud services are due to customer misconfiguration or mistakes. Crucially, CSPM processes and tools make it easier to proactively identify and rectify these before they become an issue.
What these 5 key cyber security terms for 2020 mean for your business
It might be that this article is the first time you have heard of these five key cyber security trends for 2020, but they won’t be quiet for very much longer.
Ideas such as zero trust and passwordless authentication are gaining traction as best practice for businesses. Meanwhile SOAR, CSPM, and threat hunting are all becoming essential tools to mitigate different forms of cyber-attack on businesses.
Now is the time to invest in these areas of cyber security, as they are set to become increasingly important to help businesses strengthen their overall security posture.