With cyber criminals constantly on the lookout for weak entry points, the focus needs to shift from protection and detection to intelligent and automated responses that isolate a cyberattack
Today, with cybercriminals operating like a penetration tester in the way they scope out the network looking for vulnerabilities and weak entry points, those responsible for IT security will need to adjust their strategy and defences.
The Sophos 2019 Threat Report detailed how criminals are now ‘staking out’ victims, moving laterally through the network, manipulating internal controls to reach their objectives with stealth.
As endpoint protection has improved, so criminals are on the lookout for the next weak entry point. The focus can no longer be on protection and detection, but also intelligent and automated response that provides lateral movement protection to isolate an attack moving through the network.
1. Security teams will need more development and engineering skills
Security teams used to focus on firewalls and endpoints. Many security professionals cut their teeth as system and network administrators. Nowadays infrastructure is defined by code, breaches are increasingly caused by weak applications and automation is essential for under-staffed teams. This is changing the skillset required by security pros. We need to have a deep understanding of applications and an ability to build automation into our tools and processes.
2. Organisations will up their focus on software supply chains
Everyone relies to a great degree on open-source libraries that are often maintained informally by loose-knit communities that are easy to infiltrate. This used to be the domain of nation states, but the criminals are on the action.
3. AppSec will continue to grow
We are getting better at protecting Endpoints and attackers are shifting their focus. Legacy applications will continue to be a fertile hunting ground.
4. Threat Hunting will be driven by ML
ML will no longer be something that you just buy. Tools and techniques that were previously the domain of data science experts are getting easier to use. Larger SOC teams will use the tools directly rather than via models in products.
5. Zero-trust starts to become achievable The tools, knowledge and technologies for achieving a true zero-trust architecture are rapidly maturing. Maybe like nuclear fusion – 15 years away and always will be but 14 years after the Jericho forum declared the end of the network perimeter, we are getting close to the point where many enterprises have a realistic chance of keeping their clients off ‘trusted’ networks, particularly non-technical employees.
-The writer is the Chief Information Security Officer at Sophos