New Year - New Security Threat Predictions - Same Reality
As we all come bleary-eyed and fresh-faced off of another holiday season, we brace ourselves for the inevitable reflections on 2018, and, of course, predictions for the threat landscape in 2019. It is an exciting time of year for reflection and new beginnings, but has anything really changed?
If we look back at 2018, there were some very interesting highs and lows. There were new regulatory controls for identity and data protection that were put in place, including the European Union's General Data Protection Regulation (GDPR), New York: Department of Financial Services Cybersecurity Regulation (NYDFS) and Australia's Notifiable Data Breach (NDB) scheme.
Unfortunately, even though these controls are being defined and cybersecurity is a priority for organizations, there were still a number of large-scale breaches of notable companies that hit the news, including Reddit, Facebook, Twitter, Marriott Hotels and Quora.
Given that there is so much attention on security in this digital age, the prevalence of breaches must mean that malicious attackers are changing their tactics and getting more sophisticated, right? Various 2019 market and industry predictions published so far don’t show things changing drastically; in fact, we will likely see more of the same - as evidence of this, if you’re one of 7.6 million users that play the online game “Town of Salem” you may want to check your account.
But I am not here to theorize about what the future may or may not hold.
The reality is that while the attacks may be becoming harder to detect, attackers are still using the tried, tested and true approaches of phishing, malware, botnets, and ransomware focusing their attacks on the weakest links of the IT security chain. With the workforce on the go, workloads in many clouds, and devices outside corporate controls, knowing who and what to trust are still the biggest IT security challenges being faced.
The outlook for 2019? IT security professionals have a daunting task ahead of them, and a deficit of talent - but that’s a blog post for another time. The influx of bring your own device (BYOD) policies, shadow IT, platform decentralization and the migration to the cloud means that both the C-suite and IT teams need to effectively reduce the threat surface of their organization and meet industry compliance regulations. Meanwhile, they need to balance risk reduction with usability - to eliminate user frustration with minimal impact to their workflows.
The concept of zero-trust security, originally proposed by Forrester in 2010, is re-emerging as the methodology to address security risks and tackle these security challenges being faced, but often this approach is regarded as an arduous undertaking due to the vast number of moving parts and aspects that need to be addressed.
The union of Cisco and Duo Security in 2018 means that IT and security teams have a comprehensive solution available to address the challenges being faced as we go into 2019 and helps organizations meet components of compliance and regulatory requirements with a secure, easy-to-use zero-trust security platform.
Cisco Trusted Access makes it easier and safer to grant and restrict access by establishing trust and software-defined perimeters based on dynamic context, not just static credentials or network topologies. The cornerstone of our approach is to verify user identity and device hygiene before granting access to cloud and on-premises apps with the solutions that Duo has to offer. We do this by providing tools and solutions that help organizations:
Verify and gain trust in users with multi-factor authentication (MFA).
Validate and get insight & control over devices accessing your corporate resources with endpoint visibility
Secure access to all applications with adaptive authentication & policy enforcement and remote access & single sign-on.
So as you embark on all of the excitement and adventures that 2019 has in store, feel free to reach out to us to learn more about how you can go into this new year with a strong security posture so that you can focus on your key business initiatives. You can also give us a try to see how easy it can be to rapidly deploy a security solution that can keep you safeguarded from malicious attacks.