How will we look back on the state of security in 2018?
We believe it will be seen as an inflection point – a year in which an organizations’ approach to security will finally shift to being more in step with our always-on digital society. A new model of IT security is taking shape, which is more integrated with network operations, and will offer greater value to enterprises, with fewer trade-offs.
The recently-published 2018 Security Report highlights the biggest security findings and trends from the past year, as seen and analyzed by our Application and Threat Intelligence (ATI) Research Center.
During 2018, we will see more and more organizations finalizing their cloud migrations, and moving to multiple cloud operations. As they do this, they will expect improved security as a given. But the reality is not quite so clear; cloud data breaches are up nearly 45 percent year over year. As enterprises are transforming their IT to embrace the cloud and mobility, security practices are not keeping pace: in fact, they are trailing behind.
Five key trends emerged from our research, and enterprises need to be aware of and respond to these trends if they are to evolve their IT security to keep pace with and protect against evolving threats.
Cloud security and compliance are priorities
The cloud is central to today’s IT security landscape. Spending on cloud computing is growing, with almost all enterprises now running workloads in one or more clouds. Yet 38 percent of organizations have cloud users whose accounts have been compromised, and 89 percent of these compromises showed a marked change in users’ behavior. It is no surprise that 93 percent of cloud IT managers are concerned about security.
Indeed, IT teams are struggling to deliver effective security in a hybrid, dynamically changing, on-demand environment. Our Security Report revealed that securing data and applications, and satisfying compliance requirements, overtook deploying and migrating applications as top public cloud priorities in 2018. The visibility gap introduced by deployments in public cloud environments is also a key concern, with 88 percent of our respondents experiencing issues related to a lack of visibility into public cloud data traffic.
The gap between cloud and security is growing
On average, there were over 4.3 new data breaches every day in 2017 – a nearly 45 percent increase from the previous year. Many of those attacks had common root causes, including unpatched vulnerabilities which allowed threat actors to compromise systems, overly permissive security policies between entities in a supply chain, and, above all, security misconfigurations allowing access to sensitive data.
In fact, one study found that nearly 73 percent of public cloud instances had one or more serious security misconfigurations. The combination of cloud growth and the high number of security misconfigurations suggests we will see more breaches where cloud is a factor in 2018. Many IT leaders are therefore turning to a multi-layer security approach to combat the challenges of an ever-expanding attack surface.
More focus needed on visibility and detection
Cyberattacks can have a severe impact on revenue as well as reputation. And yet, in the current cyber threat landscape, it is less a case of if an organization will be targeted, but when. Meanwhile, the days of securing the network purely as an on-premise challenge are over. Public cloud is forcing a wholesale shift in security architecture to one that must encompass both public and private clouds concurrently.
As such, although critical, firewalls and intrusion prevention are not adequate to protect an organization from advanced attacks that are designed to sidestep such systems. To reduce the risk of business disruption and potential data breach, companies need to deploy security analysis and threat detection solutions that use granular, network packet data to identify multi-layer exploits and contain attackers.
The cybercrime economy is booming
2017 was the year of ransomware. So far, 2018 is the year of crypto-jacking: that is, mining crypto-currencies on devices without the owners’ consent. Crypto-jacking offers cybercriminals a high-profit return that is far stealthier than a ransom attack. Code has even been found on compromised websites that can secretly transfer to users and melt down their battery powered devices. Critical IoT infrastructures are already targeted to mine digital currency. Research indicates that half a billion people are unwittingly used to mine cryptocurrency for others. As with ransomware, without a robust visibility, security and monitoring strategy to protect applications and computers, companies should not be surprised if they become the next victim of crypto-jacking.
Encryption is good for business, and for hackers, too
A significant Internet milestone was passed in February 2017, when it was reported that approximately 50 percent of all web traffic was encrypted using HTTPS. This protects users – but it can also be exploited by hackers, who can hide malicious traffic in encrypted streams. This makes detection of malware or abnormal traffic via traditional means impossible and demands a complete visibility approach that combines continuous inspection with multi-layered security tailored to the application environment.
Taking steps to improve security
Collectively, these trends highlight the urgent need for continuous visibility and layered security, to address the most urgent priorities of security and privacy in our cloud-dominated world. So how should organizations react to these emerging security trends, to cut their exposure to risk and shrink their attack profile? Here are our recommendations.
Visibility matters: security is dependent on total network visibility. Do not lose sight of the foundation of security monitoring: ‘You can’t protect what you can’t see.’ As network complexity grows, your visibility of traffic needs to keep pace. Work to understand how blind spots develop and how to eliminate them.
Make resilient security your goal: the focus of security has shifted from a single pre- deployment event to a continuous practice, designed to detect threats as fast as possible and limit the damage. Make sure your detection and analysis solutions have the real-time packet data they need to deliver the results you need. Use automation between your visibility platform and security solutions, to enable near real-time reactions.
Seeing into every cloud: remember that cloud providers are only responsible for securing their physical infrastructure, and not your data or applications. Take responsibility for securing these by gaining visibility of packet-level data and performing realistic testing of all your cloud environments.
Test proactively to reduce risk: testing gives you the insight needed to understand how your security infrastructure reacts under attack, so you can address weaknesses and accelerate recovery from incidents.
See into decrypted traffic: ensure your visibility platform supports ephemeral key decryption. Secure traffic is the de-facto standard for internet communication and transactions but can also hide threats – so ensure that you can decrypt and inspect secure traffic encrypted with ephemeral keys to expose any threats that may be otherwise hidden.
Train, and train again: effective cybersecurity teams must have access to a rigorous training and practice environment that features scalable real-world traffic and current attacks. A high-performance cyber training program needs to constantly integrate new scenarios and attack elements to build the ‘muscle memory’ that is needed in real-life situations. As the US Marines saying puts it: “Improvise, adapt, overcome.”