What Cybersecurity Issues to Think About in 2020

Every year, multiple companies, professionals, peers, colleagues and others publish their respective reports on the top issues/threats/risks/emerging trends to be on the lookout for the new year. As it is, we are ending the 2010's decade and entering 2020. In looking at the past and thinking about the future, I wanted to provide my top 6 trends to be on the lookout for, that will continue to require attention and investment especially if you are responsible for protecting your organization.

Data is King - By now, most organization have seen what can happen when they don't protect their most prized assets - data; whether that be employee data or the coveted consumer data. Data is everywhere in an organization, on premise, in the cloud, stored on laptops, external devices, written down, stored in a file cabinet, etc. Bottom line is, organizations need to do their best in identifying all data and types of data, especially the data that is deemed sensitive and/or required to be protected due to compliance, regulatory and/or contractual reasons. Once identifying your data and types (as part of your comprehensive asset inventory), then applying requirement and standards for protecting each data type and ensuring the data is protected at a minimum while in transit, at-rest and in-use.

Security Operations + Alerting + Tools/Tech + Training - Most compliance or regulatory requirements mandate that an organization must be monitoring security events, responding to events and incidents and remediation and further mitigation. Larger style security incidents (where IR plan comes to play) should be following industry standards for identification, triage, investigation, etc., etc., down to root cause analysis and lessons learned. But, in the bigger scheme of things - setting up a SIEM, tuning it, managing it, identifying your use cases and then monitoring it 24/7 and responding in a timely manner is a large task that many security groups can't accomplish by themselves; lack of qualified staff is usually the key here. Use of an MSSP or 3rd party will be important. Co-managed, fully managed or something in between is always possible. Identifying your critical assets to monitor is key, and again aligned to a comprehensive asset inventory. The other area of importance is understanding what tools and technology you already have in place, where your gaps are and filling those holes as necessary. A good practice is conducting a maturity assessment for your SOC to better understand these areas. Training - and I mean ongoing situational awareness training (e.g. cyber range, SOC range training, attack simulation) is very key to your blue teams (SOC) and even your red teams, purple teams, etc. The old days of 1 table top per year is not sufficient anymore, and your teams should be training constantly (ongoing), at least once a month.

Cloud and Digital Transformation - More and more organizations find that employees, business units, stakeholders, etc., are moving their workloads into the cloud. For some companies, they have been proactive in their cyber security program and have embraced the challenge and have addressed the need by supporting their business partners. Others, are still behind and figure they will wait until it becomes a problem. Visibility into your cloud landscape is going to be important. Commercial SIEM products can certainly cover the basics and then additional standalone technology - CASB can assist. As with all cyber security programs, having some standards to live by and enforce in the workplace will be very important (Cloud Security Standard as an example). Various assessments and analysis of your cloud environments will be important to understand your gaps. Very important is ensuring that all of your 3rd parties are assessed for risk and that you are dictating some requirements for securing the cloud (and those containers and dockers too). Many organizations are moving to create "intelligent" workplaces, infrastructures, etc., so ensuring that cyber security is always considered in these projects.

Application Security and Vulnerabilities -This one remains on the list, as its always there year after year and rightfully so. For those organizations that have applications accessible via the Internet - ongoing application scanning and remediation is necessary including review of source code every time there is a production change. If you have internal developers, cyber security should be partnering with these teams to ensure they are utilizing secure development practices (including the coveted OWASP) and testing and validation is conducted at all times. Organizations need to have an overall vulnerability management and patching framework and program. While patching is usually the responsibility of IT, cyber security groups should be partnering and providing oversight on identifying vulnerabilities and a patching protocol to ensure your systems are free from exploitation.

Endpoints + Threat Detection + Mitigation - The news has been taken over by a number of ransomware and malware attacks on cities, governments and companies alike. Ransomware is a real threat and your organization should be developing a plan of attack and preparations and defense should this style of attack occur; again partnerships with your server teams, storage teams and IT in general is going to be paramount here. Figuring out and identifying the best foot forward on an endpoint protection strategy is going to be key. Using 1 product or a combination of products might be the answer, just depends on your organization and what you are trying to protect at the end of the day. Also keep in mind how monitoring of your endpoint is taking place -e.g. is it 24/7 by your SOC team and SIEM or is performed separately and alerting is the same, or other? The ability to mitigate endpoint threats is going to be key as well. The endpoint is the new perimeter if you think about the use of email is key to any organization, and email is the largest and most common way for threats to be delivered to an organization.

Compliance - Wrapping the whole package with a nice bow on it, is your compliance requirements (which could include regulatory and contractual) and depending on where your company is located, does business, does it cross international lines, store data in other countries and a myriad of other questions you should be asking yourself; compliance is going to continue (or should be) to take a front seat in your cyber security program. Don't get blindsided by compliance. Run those risk assessments, gap assessments, maturity assessments and other reviews to ensure your organization is compliant. Then choosing appropriate security controls is going to be key too. Tracking your risks (in a risk register), or developing an ISMS for protecting sensitive data, understanding your requirements when it comes to data privacy are all areas that organizations should be addressing.

Happy Holidays and look forward to 2020.