To improve security, all businesses will need to embrace the zero-trust paradigm.
It wasn’t just Brexit and the general election that dominated the 2019 news agenda. Large scale data breaches that affected the world’s biggest organisations also resulted in constant media headlines, writes Jesper Frederiksen, VP and GM EMEA, Okta.
Perhaps most interesting about these data breaches was not just the volume of data stolen, but the significant consequences and scrutiny that organisations now face owing to the enforcement of the GDPR and the CCPA legislations.
In the UK, British Airways was hit with a record $230 million penalty, followed shortly by a $124 million fine for Marriott, while in the US, Equifax agreed to pay a minimum of $575 million for its 2017 breach. According to Norton, in the first half of 2019, there were an unprecedented amount of breaches: 3,800 publicly disclosed breaches, 4.1 billion records exposed, and a 54% increase in the number of reported breaches compared to the first six months of 2018.
One thing is clear, no matter the size of your company, everyone is susceptible to data breaches. Only by having security front of mind and having an awareness of the security threats emerging in the year ahead can organisations take the steps required to ensure their organisation is safe from data breaches and it’s financial and reputational repercussions. With that in mind, here are five security trends we’ll see in 2020.
Five Security Trends We’ll See in 2020.
Deepfakes will Become a Hacker’s Best Friend in The Evolving Security Landscape
A big trend for social media this year has been the rise of deepfakes and we’re only likely to see this increase in the year ahead. These are manipulated videos that are made to look real but are actually inaccurate representations powered by sophisticated AI. This technology has implications for past political Facebook posts.
We will start to see threat actors use deepfakes as a tactic for corporate cyberattacks, in a similar way to how phishing attacks operate. Cyber crooks will see this as a money-making opportunity, as they can cause serious harm on unsuspecting employees. This means it will be vital for organisations to keep validation technology up to date. The same tools that people use to create deepfakes will be the ones used to detect them, so we may see an arms race for who can use the technology first.
API Security Will Move up on the Enterprise Priority List
Data breaches have surged over the years but in 2019, many of them were the result of insecure APIs. Panera, Venmo, USPS and Salesforce are just a few of the high profile companies that dealt with API security breaches last year, and despite all the damage, companies in general have been slow to respond to this growing concern by bringing API security under the purview of security teams.
That said, 2020 will be the year that companies wake up to the threat and move API security up on the priority list.
One way to do so is by embracing OAuth (a delegated authorisation framework for REST/APIs) which helps to place the user in control of his or her data, as opposed to the company. We expect this open standard to spike in adoption.
Contextual Access Spending Will Spike to Meet Zero Trust Strategies
In the coming decade, organisations will shake up their security budgets to account for a Zero Trust strategy. Spend on perimeter will move instead towards access points that are more dynamic. We will see a decrease in firewall and perimeter investment and in 2020, we can expect an increase in spend on context-based access management.
With 97% of organisations now using cloud services, the network perimeter can no longer serve as a barometer for trust, with companies starting to operate through the lens of least privilege; analysing each authentication and authorisation deeply. As machine learning technology continues to evolve and move past heuristics towards true individualised pattern recognition, we will see that increasingly integrated into security budgets as well.
The First Wave of Companies to go Passwordless
Next year, we will see the first wave of companies go passwordless, embracing more effective ways of securing digital identities. Passwords have failed us as an authentication method for too long and enterprises will move beyond the reliance on this ineffective method. According to Verizon’s Data Breach Investigations Report 2019, 80% of hacking-related breaches were as a result of weak, stolen or reused passwords.
Companies will adopt alternative methods to determine access, such as biometrics, IP addresses and geolocation. As these factors are increasingly considered as trusted, more organisations will grant access without the need to enter a password. Additionally, organisations should move to a discrete and modern identity system that removes any reliance on personal information, such as passwords, to increase security. This will ensure safety as stolen personal information would become worthless on the black market, acting as deterrent to hackers.
Best-of-Breed Security Challenges to be Overcome
In the year ahead, the number of businesses adopting ‘best-of-breed’ applications will continue to increase exponentially. We will see an explosion of applications as the workforce now has a much bigger say in tech purchasing decisions. This bottom-up approach enables teams to go out and pick the tool that they feel will enable them to do their best work.
But, this new approach to workplace tools has inevitably led to new challenges, the greatest being security. Due to the increasing volume of cloud-based applications, the attack surface is far greater, making companies more vulnerable than ever. With 40% of large UK businesses expecting to be cloud-only by 2021, according to McAfee, 2020 will see companies forced to adapt and strike a balance between autonomy and security.
To improve security, all businesses will need to embrace the zero-trust paradigm. The old perimeter-centric, binary model of security has failed and firms need to embrace this new approach that encompasses every connection that their workforce and wider stakeholders make.