2018 in Review: The Top Four Takeaways in Security, and What Does it Mean for 2019?
It’s hard to believe that 2018 is almost over. While many of us may remember 2018 as “The Year of GDPR,” there were many other security developments and trends, many of which could affect our view of security in 2019 and beyond. This blog takes a look at four of the most newsworthy cybersecurity trends in 2018.
#1: Breaches can’t be stopped, and the impact is getting worse
One of the most frightening cybersecurity issues is that breaches won’t be stopping any time soon and are just getting worse. In late November, Marriott International Inc. disclosed that it had been the victim of a cyber-attack that affected up to 500 million guests.
This example is just the newest in a long line of breaches in 2018. For example, in one six-month stretch, there were more than 945 data breaches involving 4.5 billion records, affecting market-leading companies such as Adidas, Facebook, Under Armour, Panera Bread, and more.
CSPi has long held the opinion that breaches are a matter of when, not if, and it is because of this cybersecurity trend that companies need to re-think their security approaches for better defense.
#2: Threat detection and prevention tools aren’t working
Why do breaches continue to happen? Unfortunately, in part, it’s because standard tools such as threat detection and prevention aren’t working. One reason is the fact that there’s too much noise. InfoSec teams now receive 5,000 (or more) intrusion alerts per day from installed security tools. There’s just no way they can investigate all of these incidents.
Cost and complexity play a role, too. Most companies rely on a “stack” of discrete – siloed – security tools. While each is valuable in its own way, their lack of orchestration leaves sizable gaps in network activity and therefore cannot provide the full security organizations require.
In addition, traditional software tools can’t easily scale to support a hybrid network (a mix of on-premises servers, remote data centers, and public clouds) without incurring a lot of cost and effort. Today’s organizations have IT infrastructures that are highly complex with many moving parts to keep track of – PII data residing in different places in the network, applications coming online or going offline, applications that need securing, consistently applying security profiles – just to name a few.
Inevitably, it will take hours for highly skilled resources to properly configure existing tools, especially as they attempt to insert the desired level of automation and cloud deployment that often require additional costs for compute cycles. As a result, traditional security tools become very costly, challenging, and hard to manage as an organization scales making them an unsuitable to the challenge of data breaches present.
Related blog: “The Emperor’s New Clothes: Threat Hunting for Breach Prevention is Not Working.”
#3: DevOps must evolve to “SecDevOps”
There’s another reason, too, and it’s related to the cybersecurity issue of the need for companies to build security into their application development.
So many companies utilize an agile DevOps methodology to launch applications faster and more efficiently. Yet since security isn’t natively built into the DevOps model, it will take a concerted effort to evolve DevOps into SecDevOps. Four specific challenges will need to be addressed for this to be successful:
- Application developers do not have an easy set of tools to implement advanced security features, such as encryption or tokenization, during normal build cycles.
- Along with this, the notion of “shifting left” and expecting application developers to learn how to code advanced security features (like encryption) into their applications just isn’t feasible. It drains resources, forces developers to change their design and execution processes, and ultimately, slows DevOps processes.
- Operations teams are responsible for maintaining the applications throughout their entire lifecycle and providing 100% service levels. Both goals can be at odds with a developer’s wish to release applications as fast as possible.
- InfoSec resources are generally left out of the application planning and development phases. So as the Ops team begins to test, the whole process can grind to a halt when InfoSec pushes back with valid concerns related to application vulnerability and risks to production-level data.
To learn more, read our blog article, “Five Tips to Secure DevOps.”
#4: The rise of data privacy regulations adds complexity and confusion
New data privacy regulations are quickly being developed at the state, national, and international level. This doesn't count industry-specific regulations such as HIPAA, PCI DSS, and more. And many more are in the works or are being implemented now.
These regulations are being put in place due to the cybersecurity trends of breaches becoming more and more frequent, leading to the perception that organizations are not doing all they can to protect consumers’ data. Yet the resulting complex landscape of industry regulations can be hard to understand – and hard to comply with.
The U.S. currently has a patchwork system of state laws and regulations that can dovetail, overlap, or even contradict one another. For example, each regulation has its own requirements such as breach notification within 30 days, which could conflict with another regulation where breach notification may be three days (yes, 72 hours).
For more information about these cyber security problems and solutions, download our new how-to guide: “Successfully Complying with Data Privacy Regulations.”
A new security approach
At CSPi, we understand the struggles of not only meeting data privacy regulations but also proving compliance to the appropriate authorities. Our security solutions are uniquely suited to meet these challenges and other cybersecurity trends.
CSPi’s ARIA™ SDS platform, for enterprise-wide network and data security, makes it easy for organizations to secure any DevOps environment, increase application security, and automatically apply the appropriate security and user policies.
Our nVoy Series of compliance assurance solutions provides organizations with a means to automatically verify data breaches and receive a notification while it is ongoing. Detailed reporting is also provided identifying the exact data that was impacted. With this information in hand, organizations can conduct a tightly focused breach investigation – completed in hours – and have the proof needed meet the most stringent compliance requirements.
If you would like to learn more about the Secure DevOps methodology, check out our white paper on the subject, “How to Secure DevOps Across Any Environment.”
CSPi is a leading cybersecurity firm that has been solving security challenges and leading cybersecurity trends since 1968. Our security solutions use emerging cyber security approaches and technologies. We take a radically different approach to enterprise-wide data security by focusing on the data at its source, securing DevOps applications, and leveraging network traffic for actionable insights. CSPI’s ARIA SDS platform uses a simple automated approach to protect any organization’s critical data, including PII/PHI, on-premise and in public clouds, no matter if is in use, in transit, or at rest. Our Myricom® nVoy Series appliances provide compliance assurance, automated breach verification, and network monitoring enabled by the 10G dropless packet capture capabilities of our Myricom® ARC intelligent adapters.
To learn more about our cyber security solutions and how they can protect your organization from future cyber security threats, download our white paper, “How to Secure DevOps Across Any Environment” now, or contact us today.