October 8, 2019
2020 Cyber Security Planning Guide
Cyber Security Trends 2020
2020’s security threats will be driven by new technology and new attack methods that leverage that new technology. Drivers of new attacks include more servers, applications and data in the cloud, more IoTs, 5G enabled systems and more crimes leveraging social engineering and zero-day attacks. Here are some important 2020 trends to factor into your planning.
- Increased regulations are driving risk management initiatives including risk assessments, the use of a information security management processes, and the addition of detect & respond solutions to provide more compliant and better security.
- Security outsourcing will increase to compensate for the shortage of proficient cyber security professionals and the difficulty in retaining them.
- The need for Managed Detection and Response (MDR) outsourcing will continue to grow quickly. According to Gartner Research,
- By 2024, 40% of Mid-size companies will use MDR as their only security service and
- 25% of all companies will use MDR services in some form.
- MDR is essential because it provides a balanced security system that doesn’t rely on Detect/Prevent solutions alone.
- 56% of breaches took months or longer to discover proving the need for detect and respond solution.
- Small businesses continue to be victims of security attacks. Forty-three percent (43%) of breaches occurred in small businesses in 2019. New forms of attacks like CEO fraud, software supply chain, spear phishing, and new zero-day attacks and others continue to grow.
- Security still requires a broad set of solutions as 2019 breaches included a broad set of attacks.
- Use of 5G in 2020/2021 will expand the attack surface of devices especially industrial IoTs. The expanded number of IoTs and industrial control systems using 5G will put more and more devices and data on wireless networks.
- The growth of cloud usage continues to increase your risk as each server and application migrates to the cloud along with your data.
- Spending on cloud security grew by over 50% in 2019 and is expected to be one of the high grow areas for 2020.
- The Shared Responsibility Model adopted by cloud server providers says that you are responsible for your data and infrastructure, not the provider.
- The use of cloud applications is growing by almost 40% per year. With that growth is the move of your data to the cloud and the need to protect it.
- Companies of all sizes will need to continue to upgrade their security and privacy practices to meet more and stricter regulations. The reasons behind this twofold. First, current regulations will continue to require higher levels of security to be compliant with new revisions and will apply to smaller and smaller companies. New regulations like GDPR and CCPA now require compliance around personal information privacy, creating a new type of protection that companies must provide.
2020 Cyber Security Trends – Top Priorities
Big Picture Initiatives – A Moving Target
2020’s cyber security trends should cause companies to look at their big picture investments that move the needle in your security maturity level. Security solutions are driven by the latest security attacks and security attacks are driven by new opportunities enabled by new technology. As a result, this is a moving target and should be examined each year to see what is changing.
- Use an Information Security Management System (ISMS) process. Good security begins with security assessments and requires a balanced approach to protecting your assets. By using a security process, you will continue to iterate on your security to continually make it better.
- Detect & Respond (D&R) – Provide adequate Detect and Respond security to balance the Prevention solutions. To provide strong D&R, companies can outsource a complete MDR solution (see article 1 and Article 2 on Detect & Respond). D&R solutions can provide increased security for:
- Attacks that bypass your “protection” security
- Advanced Persistent Threats (APTs) and complex multi-stage attacks and
- Fast response to attacks and the ability to recover more quickly
- Integrated Security – Start investing in solutions that provide integrated security intelligence, protection, detection and response. Security solutions are starting to communicate in meaningful ways at least within vendor product families. Integrated solutions are needed because 1) attacks are remaining in networks for months, 2) security regulations require them, 3) they compensate for the fact that “security prevention” is not adequate to prevent attacks.
- Cloud Security – See Neglected Security below, because cloud threats are not a new problem, but are not addressed at a level that matches the threats.
- Advanced Targeted Solutions – Find new advanced security solutions that provide truly unique security solutions to difficult to solve problems and to vulnerabilities that are unique to your business or industry. Examples of these solutions are:
- Advanced Threat Detection using AI/ML network monitoring to monitor E/W and N/S network traffic detect in progress attacks in a new way.
- Security for Critical Assets – Zero trust and micro-segmentation solutions that provide higher levels of security for critical assets. New Innovative products provide this type of solution.
- Mail security & Social Engineering. Mail is still the #1 threat vector and one bad link or attachment can unleash almost any type of attack on your computer. New solutions attempt to prevent CEO fraud and spear phishing attacks in new ways with updated email protection.
- Forensics – Add some level of forensics capability to your security to provide root cause analysis. Modern endpoint security provides EDR capabilities, and SIEMs provide global root cause and forensics. Advanced monitoring solutions provide network forensics. Almost all traditional security is moving to provide some forensic capabilities.
Neglected Security – a Negative Cyber Security Trend
A negative cyber security trend is that certain vulnerabilities have been present for years, but generally ignored by many companies. We hope that in 2020 this becomes a positive cyber security trend.
Ever since the trends to move servers and applications to the cloud started many years ago, company’s data has been moving to the cloud along with those apps. Additionally, the users of those cloud apps can now connect to that data from anywhere in the world and access control is a bigger problem.
Investment in this area is too low and reflects a naïve assumption that your cloud providers are securing your data. They are not! And they don’t pretend to either. Their job is to protect their cloud infrastructure alone. They do not assume responsibility for protecting your data.
- Access Control – Multi-factor authentication (MFA) should be used everywhere it counts. Without access control, none of the rest matters.
- Protection against Cloud Application Threats. Cloud application security (CASB) solutions provide:
- Visibility of what cloud applications are in use in companies
- What Data is being moved or stored in the cloud
- Who is accessing this data
- Control over which applications are used and how users can access these apps and data
- Protection for servers moved to Public/Hybrid Cloud data centers – Your servers and your data are your responsibility. Moving them to the cloud does not relieve you of that responsibility. Use targeted security for cloud servers, network security and access control.
- Wireless devices present unique vulnerabilities caused by your wireless infrastructure.
- Wireless systems and access points need to provide enhanced security to defend against multiple known attacks. Choose vendors with great security not just great speed.
- Mobile devices require mobile security solutions that protect corporate data while protecting the employee privacy.
- Other IoT wireless devices. There is a growing list of wireless IoT devices connecting to your networks, driving the need for NAC solutions that can identify, classify, control and provide visibility.
Ransomware has not stopped, and attackers continue to find ways around endpoint security. Fileless malware and other zero-day attacks continue, and it is important to have multiple overlapping zero-day solutions that protect, detect and help you respond.
- Strong zero-day malware protection – Solutions should provide overlapping protection at the gateway, endpoint, and email and the use of AI/ML, behavioral analysis and other techniques help stop these attacks.
Contact us – Let us help you with your 2020 planning and beyond.
You can also get a Free Consultation on a 24×7 MDR Managed Detection and Response service.