Cybersecurity needs to move towards automated responses in 2019: Sophos
With cybercriminals constantly on the lookout for weak entry points, the focus needs to shift from protection and detection to intelligent and automated responses in 2019 that isolate a cyberattack, said cybersecurity firm Sophos' chief information and security officer Ross McKercher.
Explaining further, he said that, as endpoint protection has improved, criminals are on the lookout for the next weak entry point. McKercher also listed out five predictions:
- Security teams will need more development and engineering skills: Security teams used to focus on firewalls and endpoints and many security professionals cut their teeth as system and network administrators. Nowadays infrastructure is defined by code, breaches are increasingly caused by weak applications and automation is essential for under-staffed teams. This is changing the skillset required by security pros. We now also need to have a deep understanding of applications and an ability to build automation into our tools and processes.
- Organisations will raise their focus on software supply chains: Everyone relies a huge amount nowadays on open-source libraries that are often maintained very informally by loose-knit communities that are easy to infiltrate. This used to be the domain of nation states but the criminals are getting in on the action.
- AppSec will continue to grow: We are getting better at protecting endpoints and attackers are shifting their focus. Legacy applications will continue to be a fertile hunting ground!
- Threat hunting really will be driven by machine learning (ML): A bit of a cliché but ML will no longer be something that you just buy. Tools and techniques that were previously the domain of data science experts are getting easier to use. Won’t be long before larger security operations centre (SOC) teams are using the tools directly rather than via models that are embedded in products.
- Zero trust starts to become achievable: The tools, knowledge and technologies for achieving a true zero-trust architecture are rapidly maturing. Maybe like nuclear fusion – 15 years away and always will be but 14 years after the Jericho Forum declared the end of the network perimeter we are getting close to the point where many enterprises have a realistic chance of keeping their clients off “trusted” networks, particularly non-technical employees. The Jericho Forum is a global organisation formed to help members deal with the challenges of information security.