It’s been another lap around the sun for the cybersecurity industry, filled with great technological developments and monstrous security incidents that once again saw the theft and exposure of millions of records.
If you recall, to wrap up 2018 we caught up with SpiderLabs experts to get their take on the cybersecurity events of the year, but most importantly, we wanted to test their forethought and have them share what they believed the cybersecurity industry could be in for in 2019. Midway through the year we checked back in to see how the predictions held up, and it was pretty impressive to note that many became a reality.
As 2019 is behind and the road to 2020 seems like a far stretch ahead, we once again checked back in with some folks from the elite SpiderLabs team at Trustwave to get their thoughts on what’s taken place, but most importantly, what 2020 could have in store for us.
Let’s get started.
Looking back at the developments in cybersecurity in 2019, what stood out to you the most?
Mark Whitehead, Vice President, Americas: I found it interested how much providers are baking security more into normal everyday products. Some of the world-leading software and service providers have put a huge emphasis on security. While that is the case for well-funded organizations, ones that weren’t so fortunate were IoT device makers. This is a space that organizations will continue to struggle with in years to come. They will also get highlighted more this year as wireless providers turn on more 5G services. The consolidation and simplification of offerings was another item I predicted in 2019. We will continue to see this trend as organizations and security providers race to shorten dwell time.
Ed Williams, Director, EMEA: The amount and scale of data breaches were significant in 2019. No sector seems to have been unaffected by this either, we’ve seen financial data breaches, organizations in the entertainment field, technology healthcare and even government. What’s worrying is that it isn’t always hackers who are manipulating environments, we often see misconfigurations from organizations that are leaving services and data on the internet, which are unsecured.
Matt Lorentzen, Principal Security Consultant: I think the biggest development for me was around a renewed focus on the external attack surface. 2019 saw some critical bugs in VPN software and also in Microsoft Remote Desktop protocols. This again highlighted to me that the perimeter does not fall into the “setup and forget” category and we cannot assume that the products and services we expose are always going to have a known state of security. Bugs will continue to exist and be discovered and once publicly available, organizations are in a race against time.
Based on the conversations you’ve had with security leaders surrounding their challenges in 2019, are there any common themes that come to mind?
Mark: I am surprised in 2019 how visibility is still something organizations struggle with. Visibility into where their data goes, legacy systems causing risk, shadow IT, and attacks not normally highlighted in a traditional prevent, detect, respond workflow. IT departments still like to avoid databases and assessing the risk. Which is counterproductive due to the rich data they often contain. Also, organizations still struggling to put all the pieces together to be resilient to cyber attacks is notable. We’ve had numerous Red Teams where organizations had all the technology you could hope for, with our SpiderLabs testers thinking the deck is stacked against them, only to be able to breach them pretty quickly. A few of those examples were right after they had selected reputable MSSP or their in-house teams had acquired cutting edge technology.
Ed: Gaining and measuring security maturity at an enterprise level is a very common theme. First of all, how are organizations gaining a degree of maturity across their estate and secondly how do they measure this maturity. When we discuss this with clients we always go back to the basics, ensure you have robust asset management, regular vulnerability scanning, pen testing of assets both external/cloud and internal/on-prem. Once this cycle is mature, look to add red teaming to test the people, process as well as the technology to ensure that detection and response are working as intended.
Matt: I would say that most leaders I speak to have made a transition to the cloud and now they want to understand the attack surface. They know that by adopting a cloud-centric strategy they have made the business more agile, flexible and available. These decisions also have the effect of expanding the ingress points sometimes in ways that the business has no control over.
Last year we accurately predicted an uptick in cryptojacking, complexity surrounding available security solutions and the use of modular malware. Looking ahead at 2020, what do you anticipate from the threat landscape?
Mark: Cloud attacks will continue to plague organizations as they have many cloud providers and various on prem solutions working together. These will not necessarily be technologically advanced. As detection and response of traditional attack vectors get more focus, I predict we will see an uptick in physical attacks. 5G wireless adoption will drive this as well. Sometimes it is just simple and cheaper to fly someone out vs develop and modify a payload.
Ed: From what I’ve seen in 2019, I believe data breaches will once again be prominent. As I said last year, I’ll repeat again this year, make sure you have the basics covered and for ‘any’ external authentication service, ensure you have MFA (multi-factor authentication).
Matt: I expect to see a continued rise in supply chain attacks. Organizations that are investing in security programs are moving forward but the nature of business is collaborative and therefore you have limited control over how secure entities within your supply chain are. This can serve as a blind spot that can be exploited by attackers who are goal orientated and not bound by scope.
Learn more about how the elite Trustwave SpiderLabs team can help your organization bolster its defenses.
Marcos Colón is the content marketing manager at Trustwave and a former IT security reporter and editor.