Cybersecurity strategies, identity access management, BYOD, and artificial intelligence
By Giridhara Raam, Product Evangelist, Manage Engine
There was massive technological growth in 2018; things like artificial intelligence and block chains have gained much support recently. IT departments often enable improved efficiency and security in their organizations by adopting emerging technologies, but that’s only if they have the freedom to do so. A few years ago, IT had very less influence over business decisions, but now times are changing: IT is gaining an increased role in business decisions with the implementation of cloud computing, data centers, and enterprise mobility. According to SWC’s 2018 Tech Insights Report, 81 percent of organizations agree that IT is a strategic enabler of their business, which is a whopping increase from 45 percent in 2016.
Organizations should constantly implement new technologies into their business to improve productivity, reliability, security, and efficiency. For example, with employees becoming more mobile, organizations need to take care of these mobile employees and their devices from one central location, employing enterprise mobility management solution can come in handy to maintain security and increase productivity. According to Paul Sallomi, industry leader from Deloitte, the digital transformation will push 60 percent of businesses to move their IT systems to the cloud by 2019. He also stated that the implementation of artificial intelligence (AI) will increase in 2019, up from 58 percent in 2018. Developments in cloud computing, the Internet of Things, the blockchain, and AI will enable and augment businesses’ digital transformation efforts in 2019.
All these massive expansions in technology listed above will attract a lot of attention from businesses, but there are a few trends, in particular, you should watch out for in 2019.
Proactive and predictive cybersecurity strategies
With cyber attacks evolving every day, businesses are looking to adopt both proactive and reactive security solutions to prevent and mitigate attacks. According to Ponemon 2017 cost of data breach study report, “It takes an average of 206 days to identify a breach in the USA”, which proves why reactive cybersecurity alone will not be the right choice, proactive cybersecurity with predictive analysis will keep businesses safe and secured.
Proactive security: Practicing security procedures by anticipating the scope and vector of cyber attacks. Preventive measures to keep the attacks at bay, by employing the right shields for devices and networks.
Reactive security: Practicing security procedures to detect cyber attacks by monitoring logs, file behaviors, etc. Reactive measures to identify and restrict the attack from spreading further to other devices.
Predictive security: Predictive cybersecurity procedure will combine machine learning and deep learning, allowing IT security professionals to identify, scrutinize, analyses and combat evolving cyber attacks. Addition of analytics to proactive approach offers better visibility for cyber professional’s top stay ahead of the attacks and also study the framework and workflow of attacks to implement better prevention procedures.
With banking Trojans causing chaos for financial institutions, that industry, in particular, will start looking beyond proactive or reactive measures, and hence predictive cybersecurity will become crucial in 2019.
Revolution in identity access management
With the cloud becoming the modern warehouse for data, cloud data security relies on strong and unique passwords to be used in your organization. Weak and reused passwords are easily cracked by things like brute-force attacks. Thanks to the recent introduction of biometric authentication and the increasing adoption of two-factor authentication, data, and password security have been greatly improved. In 2019, passwords will be further reinforced with Identity-as-a-Service (IDasS), Fast Identity Online (FIDO), and triple-entry accounting enabled by block chains. Each of these technologies brings robust and transparent protocols that prevent users from creating weak passwords.
BYOD expansions and security challenges
Bring your own Device (BYOD) will continue to expand in 2019, with more organizations expanding support for flexible work cultures. Although an increasingly mobile workforce has its benefits, it also means that organizations have to consider the difficulties involved in managing a variety of dissimilar mobile devices, that comes with different operating systems, application, framework and compatibility. What’s more, developments in enterprise mobility bring with them security challenges like watering hole attacks, rootkits, DDoS attacks, man-in-the-middle attacks, and more.
Enterprise mobility can bring in better productivity, provided organizations implement the security best practices mentioned at the latter half of this article. Moving into 2019, organizations need to be careful about which devices and applications they allow operating on their networks.
Alexa, SIRI, and Google Assistant have already brought the presence of interactive AI into our homes, and are being used in businesses more and more. These, however, are just examples of artificial narrow intelligence—the industry is yet to see artificial general intelligence, which will bring more challenges to businesses in the future. Though AI could bring in lots of pros to the business they also do have some cons, as businesses need to ensure how secure their AI adoption is. Only after complete testing and analysis of the AI with all the possible variation, it has to be adopted to avoid unnecessary data leaks at later date.
With continuous research in machine learning, deep learning, and artificial neural networks, the development of viable artificial general intelligence projects are more likely to happen in 2019.
Best practices for securing business-sensitive information
Businesses need to follow the right security best practices to keep track of all technological developments and build the right firewall environment to secure sensitive data and maintain user privacy. Here are a few to follow:
- Make sure that new technologies like predictive and proactive cybersecurity are thoroughly analyzed and tested before deploying them to your entire network.
- Use honeypot servers to help detect the flow of malicious inbound traffic and thus avoid unforeseen brute force attacks.
- Keep all of your applications, drivers, BIOS, and operating systems up to date. Promptly patch each of these to avoid having vulnerabilities exploited and malware running wild on your devices.
- Secure remote users by employing mobile-first security controls like Mobile application management (MAM), Mobile content management (MCM), Email security management, Mobile device management (MDM), Containerization and other data compliance procedures.
- Prevent insider threats by restricting employee privileges based on their department, role, and scope. Allow only authorized USB drives inside the corporate network.
- Achieve a complete ITIL process by combining ITSM and ITOM routines. The combined approach towards IT will bring in better productivity and security to the devices by deploying patches on time, blacklisting software and troubleshooting devices that malfunction.
- Monitor and control browser usage metrics like active add-ons and extensions that are outdated to avoid sneaky MITB attacks on your user devices.
Businesses need to keep themselves up to date from both a production and security perspective to compete in the market and avoid becoming victim to modern-day, sophisticated cyber attacks.
Combining proper awareness and continuous security best practices will help organizations fortify their business security, allowing them to thrive in the market without obstacles.
About the Author
Giridhara Raam is a Product Evangelist, Cybersecurity Analyst, GDPR Researcher, Author, Speaker, Dzone MVB, Blogger at ManageEngine, a division of Zoho Corp. Giridhara Raam can be reached online at (firstname.lastname@example.org, @giridhararaam, etc..) and at our company blog https://blogs.manageengine.com/author/giridhara-raam