• NavigationMenuHighlight
Hindsight is 2020 -- and given the increase in cyber-attacks we saw in 2019 -- we don’t need a crystal ball to predict that 2020 and the coming decade will keep cyber security in the limelight as the single most important foundational anchor to organizational success, and smooth operations. A fresh new decade will bring with it a freshly evolved set of threats, concerns and sophisticated cyber-attacks. As such, our focus on areas from data privacy and vulnerability management to risk detection and prevention and identity & access management will continue to grow and become increasingly important as foundational elements in the protection of organizations against threat actors.

Here, we give you a peek into the minds of our security experts as they highlight four critical areas that will remain front and center as we head into the next decade.

Vulnerability Management: Network Vulnerabilities Are Still Driving Increased Breaches
Marc Cohen, Security Solutions Director


Looking at whitepapers associated with the published breaches this year, along with market research from Gartner, IDC, Forrester, Verizon and others, some 34% of reported breaches are the result of unpatched vulnerabilities. Based on our conversations with peers and customers, we’re confident that number is higher.

Although cyber-risk is now a boardroom topic, many of the hurdles associated with the cyber security balance between people, processes, and technology have yet to be resolved. Unpatched or unmitigated vulnerabilities are the most common attack vectors for cybercriminals; it is far easier, and cheaper, for threat actors to take the path of least resistance than use (or develop) a zero-day attack to achieve their objectives - be they a lone-wolf or nation state attacker.

While important, organizations seem to have become so focused on protecting themselves against sophisticated threats, they are not focusing on fixing basic vulnerabilities in software and infrastructure. We call this "penny wise, pound foolish."

Compliance, Data Protection and Privacy
Brian Zimmer, National Principal Architect - Data Protection


The trend of increased focus on data protection and privacy will continue to be driven by consumers, enterprises, and political constituencies. There are two primary catalysts for this: regulation and an increased demand for privacy. This provides increased pressure to improve process as well as capabilities and tooling.

For many organizations, including governments, Data Governance and Data Lifecycle Management are new areas of focus and as such, there will be a steep learning curve. As such, there will be a steep learning curve. Increased demand via regulation and consumer expectations will drive organizations to show what data is collected and why, where it is, where it came from, who has access to it, and that it is accurate. Sadly, for individuals, it could be years before these new practices have an appreciable impact on privacy.

One of the ways in which organizations can protect their data and individuals can maintain their privacy is through encryption. This applies to data in data stores (databases, files & folders, email inboxes) as well as data as it moves across the internet as a call, text, email, or document. Managing encryption will continue to challenge both organizations and individuals as the pressures to manage and secure encrypted applications, datastores, and protocols increases. One area in which the InfoSec community can help increase the adoption of encryption is by decreasing the operational friction to implement it. Given the importance – and even lifesaving nature – of maintaining privacy in data and communications, it is truly a worthy area of focus for all.

Cloud Security: Strengthening Posture To, From and Within the Cloud
Sam Curcio, National Principal Architect - Cloud Security Solutions


Companies are moving more of their workloads and data to the cloud, utilizing multiple providers and often times lacking a cloud computing protection strategy and training. This evolution has created complexity and gaps on how to secure sensitive data that goes far beyond what security & risk management teams have dealt with in the past.

When considering cloud workload migrations and protections for those workloads, organizations should be considering risk-based models with pre-defined protection strategies that include people, process, and technology controls based on the level of risk to their organization. Identity & Access Management should also be an integral part of an overall cloud adoption and cloud security program. This will ensure that only those individuals who should have access to certain information actually do.

Proactive real-time visibility and monitoring with the ability to automate and orchestrate remediation is possible through mature cloud strategies with Identity & Access Management programs and Cloud Security Posture Management solutions in place.

The amount of change going on in public cloud, especially with automation and orchestration, increases risk and requires constant and on-going visibility of your infrastructure. Automated assessments are a foundational component to providing checks and balances against your policies and procedures, reducing your attack surface and minimizing risks to the organization.

Zero Trust: Reducing Your Attack Surface
Bill Wheeler, National Principal Architect - Enterprise Security


While just one of the “shiny new pennies” in the latest IT buzzword batch, Zero Trust has been gaining both mindshare and marketing face time. The evidence of this is prevalent on nearly every IT security website – but why is Zero Trust becoming so important?

The increases in sensitive data leakage, credential theft, phishing, ransomware and other nefarious activities demand that we rethink our entire infrastructure. It is no longer safe to “trust but verify.” The network security mantra has shifted to “do not trust and continuously verify.” Least privilege access and micro-segmentation are among some of the best practices that should be considered, if not mandated.

Zero Trust isn’t a single product or solution. Zero Trust addresses the fact that the lines of delineation between secure and non-secure are now blurred. Software Defined Perimeters (SDPs) help address this problem as part of a total Zero Trust solution. Building comprehensive Zero Trust solutions will help reduce your attack surface, increase threat visibility and protection, and help automate incident detection & response.

Conclusion
Whether working to stop disruptive cyber threats, secure multi-cloud workloads, reduce your attack surface, secure mission critical data or optimize your defenses through automation –the next decade will require that you step up your cyber security game to stay ahead of what’s coming. No crystal ball necessary.

Comments

Load more comments
Thank you for the comment! Your comment must be approved first
* Required
comment-avatar

Ready To Begin? Contact Us Today.

Request A Presentation