By Gilad Peleg, CEO of SecBI
1. In SaaS nobody knows you were hacked leading enterprises to seek better visibility solutions.
The model of enterprise software deployed on premise will gradually disappear as it will be replaced by SaaS. Many of the resources once in the hands of corporate, like the database, email server, ERP, CRM and others will all move to the cloud leaving enterprises vulnerable.
SaaS’s greatest advantage is also its greatest weakness. With SaaS, you need much less IT which is a benefit at first glance, but upon inspection it comes a problem – you don’t control the access, or the data, therefore you don’t know you were hacked, nor do you don’t have the tools to know.
That is to say, the security implications here are that organizations will cease to have visibility into the perimeter, and all the perimeter’s defenses. As enterprises acknowledge they are left blind by this change they will need new visibility solutions.
2. Data exfiltration is made child’s play by SaaS.
The proliferation of SaaS applications across businesses of all sizes is giving insiders more ways to exfiltrate data. According to Blissfully, this trend shows no signs of slowing down, with SaaS spending expected to double by 2020. Savvy, malicious insiders will take advantage of multiple new channels to exfiltrate data and hide their tracks (including collaboration platforms, cloud storage, email, IM, SaaS apps, and more). There will simultaneously be a spike in accidental threats as well, because new apps ease-of-use directly correlates to poor account security practices (such as weak or re-used passwords, lack of multi-factor authentication, or open sharing settings). This lethal combination will leave enterprises more vulnerable to data exfiltration.
3. Greater attack surfaces due to IoT points to the urgency of network-focused security.
IoT will continue to increase the attack surface and leave enterprises exposed, but with so many IoT types, end point security solutions lose relevancy. Since many IOT endpoints are not conducive to having an agent installed, (not to mention the cost of adding an agent on numerous endpoints), security must be dealt with on the network level. Handling security on the network level will be the only way to mitigate the increase in attack surface and ensure protection.
4. AI-empowered cyberattacks
AI will power cyberattacks more and more. In fact, it is reasonable to assume that armies of AI hackers will have greater, faster penetration with more automation, allowing hackers to achieve greater success executing cyberattacks. Cyber defense must look to AI for faster analytics needed to find malicious activities. With machine learning and AI-driven response, security teams can automate triage and prioritization, while reducing false positives by up to 91%. Enterprises will seek innovative solutions that enable them to stay ahead of the next unknown threat. They can’t simply look at what they have and just upgrade. Nor can they rely on homegrown solutions. They require out-of-the box, automated solutions based on AI.
5. The most complex aspect of GDPR is yet to come…
GDPR is maturing. The regulation that will become important in 2019 is that organizations will need to report breaches within 72 hours. This aspect is very difficult and require the support by AI-powered cyber vendors to fulfill this requirement.
6. Adopt AI-based automation or die…
Organizations will take advantage of AI-based automation beyond the basic function of automating playbooks for faster and more comprehensive threat detection, either by:
- By adding AI solutions in their SOC, or
- By using an MSSP who offers AI-based automation
But here’s the rub, home-grown solutions will take them down. Only field-proven, out-of-the-box solutions will be their salvation.
7. The MSSP market will take off.
A shortage of cyber experts will lead to more MSSPs using automation and more services from cloud-based solutions. MSSPs who offer network traffic analysis based on enterprises’ existing infrastructure to their service portfolio will be more effective and successful than other systems going forward.
8. There’s no turning back from a full lifecycle approach to add to an enterprise’s cyber defense
Enterprises will approach their cyber defense as a full lifecycle, incident management, including turnkey integrations that serve as the glue between pieces of incident management, investigation and security operations. They will be forced to move into macro incident management by adding products that complete the full life cycle management of kill chain. Failure to approach their cyber defense strategy in this way will cripple enterprises and leave them ill-equipped to mitigate complex threats and attacks from different directions, resulting in partial remediation if at all, with costly consequences. The sooner they realize that there is no one source solution, the safer their enterprise will remain.