Tackling cybersecurity in 2019

Security vendors have a range of takes on what to do to fight cybercrime in the future.

Source: Fortinet. Lakhani.

Aamir Lakhani, Global Security Strategist and Researcher, Fortinet, lists specific cyber hygiene measures:

Identify and inventory key vulnerabilities

“By focusing on the areas that harbour the most collective vulnerability, IT teams can both proactively address the vulnerabilities and prioritise their security hygiene efforts to more effectively mitigate those vulnerabilities,” Lakhani said.

Harden endpoints

New technologies and applications added to networks should meet basic security requirements and undergo routine scans to detect malware.

Network segmentation

“Segmenting a network will help mitigate the damage from a successful attack and shorten the time it takes IT personnel to contain and eliminate network infections,” Lakhani observed.

Track a wider scope of threats

“While it makes sense to monitor high-priority threats, maintaining broader threat tracking and analysis allows IT professionals to better identify security hygiene weaknesses,” Lakhani said.

Merge network components into a security fabric

“Combining various elements of a network into a security fabric centralises and simplifies security and threat analysis. It also lets IT personnel to identify and address cyber threats from a central hub instead of managing fragmented point product solutions,” Lakhani explained.

Source: RSA. Ng.

Risk-based security strategies

Many enterprise security and risk functions are run independently, making it challenging to track today’s digital risks, Nigel Ng, VP, International, RSA revealed.

“In addition, business leaders also believe there’s a silver bullet for all cyber risks, but in today’s increasingly sophisticated cyberthreat environment, it is now virtually impossible to prevent all attacks,” he said.

RSA's approach is three-pronged. “Instead of focusing on all-out prevention, the industry needs to focus on a three-pronged unified approach to risk management that can better control and manage the cyber risks we are facing today and in the future,” Ng said.

“Since not all digital risks can be deflected, security leaders must become part of the strategic team that sets and reviews business objectives, initiatives and priorities. This setup helps businesses align security strategy with their priorities right from inception—business-driven security, so they take the right risks.”

Like Fortinet, RSA considers cyber hygiene important. “Providing employees with regular training on cyber best practices, such as flagging suspicious emails to the relevant security team, can greatly reduce the risk of a cyberattack,” Ng said.

Finally, advanced threat detection and response capabilities can help businesses identify and react to even the most sophisticated cyberattacks before they disrupt operations. “Uncovering cyberattacks in their earliest stages and mobilising a definitive response greatly minimises the impacts of these events,” he added.

Ng advised companies launching a new digital process or adopting a new technology for an enterprise use case to:

- Implement a holistic risk-based approach.

“Here, you must identify who is going to use it and what type of risk is likely, including the areas of highest risk that require the most attention,” he said.

- Apply controls to tighten basic security that comes with the Internet of Things (IoT) and add visibility tools so any cyberbreach can be detected and responded to effectively.

- Aim to achieve comprehensive visibility of what is going on across the whole environment including third party providers.

“The risks will vary by industry. For example, with autonomous vehicles, the risks are too high. We must monitor vehicle-to-infrastructure communication, and vehicle-to-vehicle communication because road and people safety depend on the accuracy of this information exchange. The potential issues here are immense should that communication is compromised. But think also about the opportunities, to revolutionise the way that citizens can be transported around their city. Security fears should never be used as a barrier to progress,” he said.

“Risk, if tamed well, can be used to your advantage and to find new opportunities. If you understand what your risks are, you can make the best decisions.”

Source: Lenovo. Lanci.

Gianfranco Lanci, COO, Lenovo suggests a four-pronged security strategy. “There are four spaces where companies and end users need to focus to protect themselves – data, identity, online and device – and it’s critically important to develop a holistic plan against threats in each of these spaces," he said.

"The trend from two-factor to multifactor authentication on personal devices, for example, will continue to grow as security industry bodies like the FIDO Alliance integrate with Windows Hello to enable safer authentication. The rise of smart devices in the home and office that are all interconnected will also introduce security vulnerabilities that will need to be addressed. A crucial aspect will be to learn from users through heuristics and new learning models addressing not just changes in technology but also changes in human behaviours.”

Source: VMware. Davie.

VMware introduced defences in terms of the concepts of 'least privilege' and 'known good'. Bruce Davie, VP and CTO, Asia-Pacific and Japan, VMware, noted that a US retailer had been hacked via credentials provided to a heating and cooling contractor, which were used to ultimately gain access to the payments network.

"This is a clear demonstration of how least privilege has not been applied – the contractors’ credentials provided much more privilege than what was needed to do the job. Sadly, such wide-open network access is commonplace, in large part because technologies to apply least privilege to networking – such as network virtualisation and microsegmentation – have only become available relatively recently and are still gaining widespread adoption,” said Davie.

Known good, on the other hand, is about recognising what is good behaviour and raising the alarm when any departures from such behaviour are detected, Davie explained. The traditional approach to security, he said, is to chase after arbitrary forms of malware, and is analogous to looking for a needle in a haystack.

“Machine learning systems are poor at extrapolation – they recognise what they have seen before, whether being used for image classification or to observe the software running in a data centre. Thus, machine learning is unlikely to recognise new forms of malware that were not part of the training dataset. Conversely, these algorithms can be trained with reference datasets on how non-compromised applications and processes behave. They can be trained to monitor known good behaviour and alert or take other pre-emptive actions when unexpected behaviour, indicative of a breach, is observed,” he said.

Source: Synopsys. Dr Huuck.

At the end of the day, it is about being able to get just the right amount of data to make the right decisions to protect a company, said Dr Ralf Huuck, Senior Technologist, Synopsys.

“While capabilities and technologies advance, they also create disproportionately more information and data points. It is easy to drown in this sea of information and lose sight of the essentials. As such, the key will be to fuse that data for making risk- and business-based decisions. The challenge is to find the needle in the haystack on one end of the spectrum and to combine data from different methods and domains to obtain a holistic view on the other end of the spectrum,” said Dr Huuck.

“For 2019 we don’t need more data, we need better decision making support.”

Explore:

Browse the full list of 2018 round-ups and 2019 predictions in TechTrade Asia