The crystal ball on cybersecurity defences

Source: Gemalto. Gupta.

Asia has played a big part in cybersecurity wars recently. Ensign InfoSecurity research* found that seven in 10 cyberattacks detected in Singapore early last year originated from Asia, with organisations taking more than six months on average to detect the data breach.

What could 2019 bring? Vendors that TechTrade Asia polled had quite a few suggestions.

Crypto-agility

As computing power increases, so will the likelihood that static algorithms for encryption will be broken. The answer could be a concept that Gemalto calls crypto-agility. The company says that maintaining crypto-agility is critical for quantum computing to succeed for tasks like public key encryption, digital signatures, and payment systems.

Source: Silver Peak. Hughes.

“Crypto-agility will enable businesses to employ flexible algorithms that can be changed, without significantly changing the system infrastructure, should the original encryption fail. It means businesses can protect their data from future threats including quantum computing, which is still years away, without having to tear up their systems each year as computing power grows,” said Rana Gupta, VP, APAC Sales for Identity and Data Protection at Gemalto.

Network segmentation

David Hughes, Founder and CEO of Silver Peak, forecast that enterprises will more broadly deploy wide area network (WAN) segmentation as part of their overall security strategy. “The traditional router-centric WAN allows any application in any branch to talk to any other application or branch meaning that if there is a breach anywhere, it can spread everywhere.

Source: Lenovo. Lanci.

"Advanced software-defined (SD)-WAN platforms will be deployed to simply and consistently segment network traffic across the wide area network to limit exposure and contain threats,” he said.

Hughes also predicted that “advanced SD-WAN edge platforms will enable enterprises to fully automate security service chaining and implement a mix of best-of-breed on-premise, data centre and cloud security services on an application-by-application basis.”

Device-as-a-service (DaaS)

“Companies will need to seek agile, customisable solutions and greater control of the device ecosystem as well as the security implemented with it,” said Gianfranco Lanci, COO, Lenovo.

Source: ACI Worldwide. Scriven.

DaaS enables companies to outsource a fleet of personal computing devices to a provider which will bundle the devices with services and software for a monthly subscription fee. As device management is centralised, it becomes easier to keep the devices secure.

Boards focus on security

“Over the last several years, board members of companies have become increasingly more aware of the 'personal liabilities' of serving on corporate boards. As cybersecurity becomes a much more significant aspect of successful companies, board members want to (have to) ensure due diligence for proper security-related controls and processes. As such, they are becoming much more aware of everything cyber to ensure they fully understand their responsibilities.

Source: SolarWinds. Bertucci.

"As that awareness increases, in parallel with the importance to cybersecurity, 2019 and beyond will see a drastic increase in board members becoming involved in decisions around their companies’ cybersecurity programmes,” says Gene Scriven, Chief Information Security Officer (Senior VP of Global Information Security) at ACI Worldwide.

MSPs and MSSPs to collaborate

SolarWinds' Head Geek Destiny Bertucci sees partnerships between managed service providers (MSPs) and managed security service providers (MSSPs) in 2019.

Source: Synopsys.

Jarva.

“MSPs are seeing the opportunity to expand their businesses to include security services; however, we can expect that many will lack existing security resources and as a result look for partnered assistance from MSSPs. The benefits of the MSSP model include the ability to quickly scale capacity and security expertise while MSPs build their own internal capabilities,” she said.

“As a natural effect of the previous prediction, MSSPs will see an uptick in the next year. In addition to MSPs driving demand, MSSPs will be on the rise due to the lack of properly-trained security professionals at smaller businesses and the growing need for organisations to rely on a third party for true security support and defence.”

The new security skillsets in demand

Source: Sophos.

McKerchar.

“Digitalisation initiatives are ongoing and new cloud environments are changing the way firms deploy apps. This will keep organisations on their toes in terms of application security. In the year to come, I predict that there will be more cloud investments regarding application security initiatives. With this, we will see a growing need for training staff on application security,” said Olli Jarva, Managing Consultant at Synopsys.

Security teams will need more development and engineering skills, said Ross McKerchar, Chief Information Security Officer (CISO) at Sophos. "Security teams used to focus on firewalls and endpoints and many security professionals cut their teeth as system and network administrators. Nowadays infrastructure is defined by code, breaches are increasingly caused by weak applications and automation is essential for under-staffed teams.

"This is changing the skillset required by security pros. We now also need to have a deep understanding of applications and an ability to build automation into our tools and processes,” McKerchar said.

Source: Synopsys. Migues.

Sammy Migues, Principal Scientist at Synopsys predicts that more development, testing, operations, and CISO-like people will change jobs in 2019 than ever before. “As the DevOps culture-change wave rolls through most every company on the planet, those individuals who can’t make the culture shift will have to move along,” he said.

New standards, too

Dr Ralf Huuck, Senior Technologist at Synopsys, also predicted the rise of more security standards. “As evident for safety critical systems such as cars and aircrafts, when lives depend on correct software execution more effort will be placed on standards, audibility and accountability,” he said.

Source: Synopsys. Dr Huuck.

“These standards might be evolving bottom-up or will be government-regulated. Potential new verticals on the rise for this are financial services, solutions around Blockchain and security around mobility solutions.

For 2019, we might see a rise of consortia within verticals to establish more security standards that are domain-specific and improve trust and interchangeability. Much of this might be built on open source components.”

Charles Ng, Executive VP, Professional Services, Ensign InfoSecurity, said that businesses will need to set aside larger compliance budgets in 2019 to ensure that their digital infrastructure is well-calibrated and compliant with privacy and cybersecurity laws.

Source: Ensign Infosecurity.
Ng.

“Conventional cybersecurity practices cover enterprise systems but neglect the extended dependencies and connectivity to external parties such as vendors of products and services which may provide the easier-access pathway to sensitive systems,” warned Ng.

He predicted that in 2019, insiders – including staff from outsourced providers – could “exploit the inherent trust they have within the target organisation to gain access to critical systems (which need) administration, maintenance or change.”

He also noted that the Association of Banks in Singapore has already set baseline controls for financial institutions by mandating that their outsourced service providers must follow the Outsourced Service Providers Audit Reporting (OSPAR) regime.

Explore:

Browse the full list of 2018 round-ups and 2019 predictions in TechTrade Asia

*The research was conducted from October 2017 to March 2018.