Cyber criminals are constantly changing the tactics, techniques, and procedures (TTPs) they use to attack businesses and organizations across the globe. Those who have made it their mission to protect your digital assets respond in kind with new and updated countermeasures. When it comes to cybersecurity risk management, there is no such thing as a state of equilibrium. We’ll explore some of the future trends in cybersecurity risk management.
Artificial intelligence (AI) and Machine Learning (ML)
AI and ML technologies are increasingly being used to automate threat detection and response. They are also being used to identify patterns and anomalies in network activity that may indicate potential security risks.
It would be nice if only the good guys were using AI and ML. But that is not the case. Cyber criminals are increasingly using both to exploit weaknesses and inflict damage.
In addition, expect the proliferation of using AI for business purposes and personal use to give rise to new regulations (see Regulatory Compliance below).
Zero Trust Security
This is an elegant security model that assumes no trust of any user, device, or application unless specifically designated. Zero Trust requires continuous authentication, monitoring, and verification of all requests before granting access to any resource. Users and/or devices get assigned access to specific applications and/or data. If there is no authorization, there is no access.
For example, cyber criminals have long used USB thumb drives loaded with malware to deliver malicious content. Insert the device to see what’s on it, and the payload is delivered. With Zero Trust, that device (picked up at a trade show, delivered in the mail, etc.) is not authorized and is rejected. Simple. Effective.
In a similar fashion, employees are authorized to access only the applications and files that they need to do their jobs. No authorization – no access. This eliminates intentional data theft and rogue data exfiltration, which is the hallmark of many malware programs.
The rise of cloud-based services requires new approaches to managing security risks. Any user or device that has access to cloud applications poses a risk. Effective cloud security management includes identity and access management, data protection, threat detection, and compliance.
Many C-level executives and even IT professionals mistakenly think that moving key business applications to the cloud eliminates the need for cybersecurity risk management.
Imagine the following scenario. The company has no Password Policy in place, and most employees reuse simple passwords. They also use those same passwords repeatedly to log in to applications needed to do their job and personal sites.
A popular website visited often by an employee gets compromised, and credentials are stolen, including this person’s password to log in to that site (which happens to be the same one used for logging onto the company’s internal network).
Hacked data such as this is regularly sold on the Dark Web. Once in the hands of sophisticated cyber criminals, it’s easy to use that data to breach the company network. When access to the company network (and cloud applications) has been gained, there’s no limit to the damage that can be inflicted. Unfortunately, this is an easily preventable but all too common occurrence.
Supply Chain Security
With the increasing complexity and interconnectivity of technology systems, there needs to be a greater focus on securing supply chains and ensuring that 3rd party vendors and suppliers meet the same security standards as your business or organization.
“Because close collaboration is often required between businesses, suppliers, and resellers, computer networks may become intertwined or sensitive data shared. This can result in a breach of one organization affecting many. Instead of attacking the target directly, a cyber criminal may attack a weaker organization in the target's supply chain and use that access to meet their goals.” Tech Target
The old adage a chain is only as strong as its weakest link aptly describes supply chain security. Ensuring that vendors and suppliers do not create unnecessary risk requires vigilance and cooperation. Mitigating supply chain security risks may include some of the following Best Practices:
- Develop cybersecurity minimum requirements and continually measure compliance.
- Adopt Zero Trust Security (see above) and only grant sensitive data access to known and trusted users.
- Educate employees to be suspicious of any unusual requests or changes.
Internet of Things (IoT) Security
As more devices are connected to the Internet, new security risks are emerging. These risks require the development of new security standards and best practices to protect against IoT-specific threats such as device hijacking, data breaches, and physical attacks.
Some of the IoT devices in use today include:
- Industrial robots that are used in manufacturing.
- Medical devices such as surgical robots, implantable cardiac devices, infusion and insulin pumps, and telemetry devices that measure heart activity, blood sugar, or other “vitals.”
- Smart car/truck devices.
- Smart home devices.
- Smart appliances.
- Personal wearable devices.
- Security systems – commercial and residential.
- Smart building systems – HVAC, water, elevators, etc.
And the list keeps growing because these are all devices that bring tremendous benefits. As a result, securing these devices is becoming more and more important. Especially so when you consider the consequences of those devices getting hacked:
Manufacturing grinding to a halt. Medical emergencies resulting in injury or death. Accidents when cars or trucks malfunction. Air conditioning or heating that doesn’t work causes exposure to increasingly extreme temperatures. And so on.
These are serious (in some cases life and death) threats that need to be addressed as we become more dependent on IoT internet-connected devices.
The development of quantum computers could pose a significant threat to current encryption methods, requiring the development of new, quantum-resistant encryption algorithms.
Quantum computing (according to Wikipedia) in its current state “is largely experimental and impractical.” But because it has significant potential to “perform some calculations exponentially faster than any modern ‘classical’ computer”, a lot of global resources are being poured into development.
Given the above, quantum computing will make all current data encryption methods obsolete. And since encrypting sensitive data is a major component of cybersecurity risk management, new data encryption algorithms will need to be developed alongside this disruptive technology.
A blockchain stores information in digital form electronically, like a database. Blockchains are well recognized for playing an important part in cryptocurrency networks such as Bitcoin, where they keep a secure and decentralized record of transactions.
Organizations are now using blockchain to secure their data and reduce inefficiencies in the supply chain and logistics network, and in intellectual property management. Blockchain is also used in food safety, healthcare data management, fundraising, and investment.
As blockchain technology becomes more widely adopted, there is an increased need for security controls to protect against potential vulnerabilities such as 51% attacks and smart contract vulnerabilities.
“A 51% attack is an attack on a cryptocurrency blockchain by a group of miners who control more than 50% of the network’s mining hash rate. Owning 51% of the nodes on the network gives the controlling parties the power to alter the blockchain.” (Investopedia) If you’re not a cryptocurrency user – no need for alarm.
Smart contracts are programs that reside within decentralized blockchains and are triggered by certain instructions. Vulnerabilities resulting from the absence of security patches have challenged the sustainability of blockchain technology. Because this can impact food safety and healthcare for the general public, this is where the alarm bells should go off.
While this may seem Orwellian to some, the use of blockchain technology is nonetheless becoming more and more prevalent. So too, is the growing need to address blockchain security risks.
Cyber Liability Insurance (CLI)
As cyber threats have become ubiquitous - Cyber Liability Insurance has become a ‘must have’ for businesses and organizations. If a business or organization suffers a cybersecurity incident that leads to a breach, CLI can mitigate the financial impact of the attack.
In the past, it was easy to get a CLI policy. That’s not the case today. Insurance companies do not like risk. When it comes to cybersecurity, they’ve been at the forefront of defining ‘insurability requirements’ that benefit businesses and organizations. These strict requirements must be complied with, or the policy is invalidated, or the claim(s) denied.
Multi-factor authentication, managed detection and response, incident response plans, and backup and disaster recovery plans are just a few of the current cybersecurity risk management Best Practices required in order to obtain a CLI policy. This is a good thing – as many businesses would otherwise forgo these important cybersecurity risk mitigation tools and strategies.
Major insurers also have remediation teams that will jump into action when a cybersecurity incident is discovered, thus minimizing the event's harmful effects.
Having a CLI policy is important today. And having a CLI policy in place will continue to grow in importance as cybersecurity threats show no sign of slowing down.
A regulation is a ‘rule or directive made and maintained by an authority’. Regulations must be complied with, or negative consequences result. Governments and regulatory bodies are constantly introducing new cybersecurity regulations.
Some of those regulations, such as the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and New York Shield Law have been in place for several years. These three are designed to protect personal data and increase transparency and accountability.
The Biden Administration (March 2023) “announced a policy of more aggressive regulation to secure critical systems like banks, electric utilities, and hospitals against cyber attacks. That approach signals a break from two decades of efforts to get companies in critical sectors to voluntarily strengthen their cybersecurity.” (Politico)
The onslaught of cyber crime can be expected to prompt the proliferation of new regulations. Compliance with current and emerging regulations will become a significant focus for businesses and organizations in the future.
Integrating security into the software development process will ensure that security is a priority from the earliest stages of the development of any new software.
“Building security into the product from the beginning, rather than a bolt-on after the fact is a more secure and cost-conscious approach,” (Brian Harrell, the former assistant secretary for infrastructure protection at the Department of Homeland Security under the Trump administration.)
New regulations (see above) will continue to impact software developers to create more secure applications.
Cyber crime is a big business.
It’s not going away any time soon and, in fact, is increasing in both volume and severity. Cybersecurity risk management tools and strategies will need to not only keep pace but also stay ahead. If they do not, the consequences are too dire to imagine.