<article class="article_main post-14387 post type-post status-publish format-standard has-post-thumbnail hentry category-it category-security tag-cyber-threats tag-cybersecurity tag-cybersecurity-trends"> <div class="entry-summary"> <p>Gartner&#x2019;s top cybersecurity trends cover the skills shortage, cloud and a shift to detection and response. </p> </div> <div class="entry-content"> <p><span><a href="https://blogs.gartner.com/smarterwithgartner/files/2017/06/LivefromGartnerSEC.png"><img class="wp-image-14329 size-full alignright" src="https://blogs.gartner.com/smarterwithgartner/files/2017/06/LivefromGartnerSEC.png" alt="#GartnerSEC" width="200"></a></span><span>In the every changing world of cybersecurity, there are a few truths about what leaders want.&#xA0;</span>Cybersecurity leaders seek:</p> <ul> <li>Balance risk, resilience, usability and price</li> <li>Require enough visibility into what is happening</li> <li>Gain more control&#x2013;but only over what matters</li> </ul> <p><span>But there are hard realities that govern cybersecurity.</span></p> <p>&#x201C;You can&#x2019;t protect everything equally&#x2026;we have to find a way to control only what matters,&#x201D; said Earl Perkins, research vice president, during the <a href="https://www.gartner.com/events/na/security">Gartner Security &amp; Risk Management Summit</a>&#xA0;2017 in National Harbor, Md.. In fact, security experts should know four things: you can&#x2019;t fix everything, you can&#x2019;t make assets fully secure, you can&#x2019;t know how secure they all are, and you can&#x2019;t know how secure your digital partners are.</p> <p><span>However, in a world of unknowns, five cybersecurity trends appear for 2017/2018.</span></p> <figure id="attachment_14384" class="wp-caption alignnone"><a href="https://blogs.gartner.com/smarterwithgartner/files/2017/06/PerkinsSEC_AArticleImage.jpg"><img class="wp-image-14384 size-large" src="https://blogs.gartner.com/smarterwithgartner/files/2017/06/PerkinsSEC_AArticleImage-1024x503.jpg" alt="Gartner analyst Earl Perkins, research vice president, presents five cybersecurity trends during the Gartner Security &amp; Risk Management Summit 2017. " width="1024"></a><figcaption class="wp-caption-text">Gartner analyst Earl Perkins, research vice president, presents five cybersecurity trends during the Gartner Security &amp; Risk Management Summit 2017.</figcaption></figure> <h2>Skills and organization for cybersecurity continue to change</h2> <p><span>With a zero percent unemployment rate, security skill sets are scarce. The industry needs and will continue to need new kinds of skills as cybersecurity evolves in areas such as data classes and data governance. It&#x2019;s a problem that security experts have avoided, but the reality is that in the next three to five years, enterprises will generate more data than they ever have before, said Mr. Perkins. </span></p> <p><del><strong>Read More:&#xA0;<a href="https://www.gartner.com/smarterwithgartner/7-top-security-predictions-for-2017/">7 Top Security Predictions for 2017</a></strong></del></p> <p><span>Changes in cybersecurity will require new types of skills in data science and analytics. The general increase in information will mean artificial security intelligence is necessary. Adaptive skills will be key for the next phase of cybersecurity.</span></p> <div class="gs-ad gs-ad--article"><div class="gs-ad__content">Position your organization to thrive in a connected world.</div><a href="https://www.gartner.com/technology/books/iot-business/" class="btn gs-ad__button">Free Gartner E-Book</a></div> <h2>Cloud security becomes a top priority for many</h2> <p><span>As the cloud environment reaches maturity, it&#x2019;s becoming a security target and it will start having security problems. It&#x2019;s possible cloud will fall victim to a tragedy of the commons wherein a shared cloud service becomes unstable and unsecure based on increased demands by companies. When it comes to cloud, security experts will need to decide who they can trust and who they can&#x2019;t. Companies should develop security guidelines for private and public cloud use and utilize a cloud decision model to apply rigor to cloud risks. </span></p> <h2>Shift your focus from protection and prevention</h2> <p><span>&#x201C;Take the money you&#x2019;re spending on prevention and begin to drive it more equitably to detection and response,&#x201D; said Mr. Perkins. &#x201C;The truth is that you won&#x2019;t be able to stop every threat and you need to get over it.&#x201D;</span></p> <p><del><strong>Read More:&#xA0;<a href="https://www.gartner.com/smarterwithgartner/the-gartner-it-security-approach-for-the-digital-age/">The Gartner IT Security&#xA0;Approach for the Digital Age</a></strong></del></p> <p><span>A dedicated, well-financed actor who is after something in your enterprise is going to get it, even if they use the weakest link&#x2013;people&#x2013;to do so. This means adapting your security setup to focus on detection, response, and remediation. That&#x2019;s where the cybersecurity fight is today. In the future it will most likely move to prediction of what&#x2019;s coming before anything happens.</span></p> <h2>Application and data security are led by development operations center</h2> <p><span>There is a new window of opportunity in application security, but most enterprises don&#x2019;t take advantage of it because of the expense. It&#x2019;s time to figure out the right way to evaluate the value of security and the best way to explain that to the business. </span></p> <p><span>Additionally, DevOps should become DevSecOps, with a focus on security. This is a good time to marry development and operations. The time to market has shortened so much, it creates an endless connection between development and operation, which means it&#x2019;s important to stop running them as isolated units. This is the time to bring security to DevOps, or if the team is not internal, to ask the service provider what kind of security they provide. </span></p> <h2>Digital ecosystems drive next generation security</h2> <p><span>Safety, reliability and privacy are also a part of cybersecurity. When these systems begin to have a direct physical impact, you now become responsible for the safety of people and environments. Without a handle on security, people will die. The reliability portion is essential for operation and production environments or anyone in asset-centric firms. </span></p> <h2></h2> </div> <div class="get-smarter"> <div class="get-smarter__section get-smarter__section--research"></div><div class="get-smarter__section get-smarter__section--webinar"></div> </div> </article>

<article class="post-55470 post type-post status-publish format-standard has-post-thumbnail hentry category-cso-perspective category-predictions tag-2018-predictions-recommendations tag-asia-pacific"> <header> <div class="container"> <div class="row"> </div> </div> </header> <div class="entry-content"> <p><a href="https://researchcenter.paloaltonetworks.com/predictions/"><img class="aligncenter wp-image-55473 size-full" src="https://researchcenter.paloaltonetworks.com/wp-content/uploads/2017/12/cpr-apac-Blog-600x300.png" alt="cpr apac Blog 600x300" width="600"></a></p> <p><em>This post is part of an ongoing blog series examining predictions and recommendations for cybersecurity in 2018.</em></p> <p>To say that 2017 was a challenging year for organisations would be an understatement. As we become increasingly interconnected, businesses should look at cyberattacks as foreseeable events they should be planning for today. All businesses should maintain a good level of &#x201C;cyber hygiene&#x201D; wherein they regularly backup their data, patch their systems and applications, and reduce the attack surface of their digital assets as much as possible.</p> <p>As we continue to transform the way we do business in 2018 by leveraging new technologies, we need to be aware of security concerns and act to reduce the risk rather than avoid these new technologies. It&#x2019;s about being sensible and trying to stay ahead of cybercriminals by understanding current and potential threats, and what can be done to mitigate the risks.</p> <p><span><br> 1.&#xA0;&#xA0; The Cloud Is Someone Else&#x2019;s Computer: You Still Need to Protect Your Information</span></p> <p>Third-party cloud storage has been a recurring theme in the news of late, in particular Amazon&#x2019;s Simple Storage Service, otherwise known as S3. In AWS, there is a so-called &#x201C;bucket&#x201D; that is your organisation&#x2019;s container for online data storage on the AWS cloud; and this can contain sensitive information.</p> <p>Some organisations have had sensitive data exposed via misconfigured AWS S3 buckets. In recent months, we have seen exposure of sensitive files, passwords, home addresses, customer databases and information on over 180 million U.S. voters. In each case, a misconfiguration of the S3 buckets left the data freely accessible to anyone via the internet.</p> <p>Buckets can have specific security settings, which is where the problem begins. The reason for that is human error.</p> <p>AWS, like many other cloud providers, has a shared responsibility model. This means Amazon is responsible for the security of the cloud and infrastructure, which includes network, storage, and compute. The customer, on the other hand, is responsible for security of the data in the cloud. When you leave the data open for anyone to read, the exposure is clearly the fault of the customer and not AWS. This is not an AWS-specific problem, but one that applies to any other cloud platform or data repository.</p> <p>Now, the challenge every organisation needs to consider is that if we leave the buckets open to be read, they are automatically exposed. The risk is greater for data that can be overwritten. If an adversary were to locate a bucket that could be modified, they would have the ability to upload malware into the bucket and overwrite files. In addition, if you were to store codes in a repository like this, people could make changes to those too.</p> <p>Tools are already available on the internet to allow an adversary to easily search your organisation&#x2019;s buckets using keywords. If the bucket happens to be open to read and/or write, then changes can easily be made.</p> <p>With most businesses either embarking on or already leveraging cloud to store data, as well as migrate or build applications, every organisation needs to inspect and verify who is accessing its data/applications. Based on recent events, it&#x2019;s foreseeable that someone will come looking for your information, but it&#x2019;s up to you to manage the risk. Therefore, you should consider and get answers to the following questions:</p> <ul> <li>What sensitive data is stored in the cloud, and what kind of impact would there be if the data was exposed?</li> <li>Who among your employees and third parties has access to your sensitive data?</li> <li>How is the data protected? Does the protection you have in place meet the right level to mitigate risk?</li> </ul> <p><span>2.&#xA0;&#xA0; Data Is the New Oil, and Integrity Is the Key</span></p> <p>The basic principles of information security are confidentiality, integrity and availability.</p> <p>Traditionally, most attacks target confidentiality and availability: an attacker compromises or steals your intellectual property or some form of data you have, and engages denial-of-service attacks to prevent you from accessing your information and/or systems. Businesses have become so used to looking at these two issues that we may have forgotten about integrity &#x2013; yet that&#x2019;s one area in which more challenges are appearing.</p> <p>Data is the new oil. It propels businesses forward and dictates everything from business operations to the way governments roll out policy. As such, the risks data theft poses are well-understood. However, the dangers of hackers changing their approach and instead choosing to manipulate data are only just becoming clear.</p> <p>Data integrity is the assurance that information can be accessed or modified only by authorised users. A data integrity attack compromises that assurance with the aim of gaining unauthorised access to modify data for any of a number of reasons, such as financial gain, reputational damage or simply making the data worthless.</p> <p>Financial markets could be poisoned and collapsed by faulty data, such as through manipulating sales figures to inflate the value of a company&#x2019;s stock. Utility companies, smart cities and other IoT systems, from traffic lights to the water supply, could be severely disrupted if the data they run on were altered.</p> <p>Every organisation should begin the conversation now to prevent these types of attacks from being successful. As part of this conversation:</p> <ul> <li>Educate employees and customers on the steps they should take to remain safe and protect their personal data themselves. This helps build their understanding of how to protect the company&#x2019;s data.</li> <li>Understand what data you have, how it is collected and produced, and where the most sensitive parts of that data sit. It&#x2019;s crucial to understand what you are trying to protect before you can even think about how to protect it.</li> <li>Leverage multi-factor authentication, which provides that extra layer of security should usernames or passwords become compromised. This security measure involves having something you know and something you <em>have</em>, rather than just the former (i.e., a password).</li> <li>Utilise encryption to protect sensitive data, whether it is on-premise, in the public cloud, or in a hybrid environment. If someone were to get to your &#x201C;crown jewels,&#x201D; it would be better to limit the impact they could have by destroying or modifying the data. Encryption is only as good as the key management strategy employed, and companies must ensure keys are kept safe through steps like storing them in secure hardware modules. It&#x2019;s no good having the best locks on your house if you leave the house keys under the mat for someone to pass by and take them.</li> </ul> </div> <footer> </footer> </article>