According to Centrify senior director APAC Sales, Niall King, while during 2017 Uber and Equifax opted to hold off reporting their respective data breaches, “this is not an option in Australia where mandatory data breach reporting legislation takes effect from February 2018".
And despite ransomware and blockchain disruptions holding cyber crime risks, Centrify predicts that developments such as machine learning and Zero Trust models promise greater identity protection in 2018.
King described the immediate cyber security outlook for 2018 as ominous.
|
|
“Embedding security bulwarks such as least privilege access, multi-factor authentication and machine learning-based risk assessment into standard corporate workflows will increasingly focus organisations on securing identities to follow a proven path that can turn the cyber security tide.”
Based on its industry research and discussions with customers, Centrify says it has identified seven trends that will affect cyber security during 2018:
1. The dark trend in ransomware will continue to explode in the coming year
According to the FBI, 2016 ransom payments totalled about US$1 billion, up from US$24 million in 2015. Centrify expects this trend to continue.
2. Blockchain will emerge as a potential disruptor across many areas of technology
While Centrify expects blockchain to emerge as a potential disruptor across many areas of technology in 2018, it will take several years to address blockchain vulnerabilities before the technology is sufficiently mature to act as a basis for enterprise security. That means blockchain technology may add to security risk before it starts to reduce it.
3. Automation frameworks will make it easier for DevOps to adopt AWS securely
Security vendors will continue to embrace Amazon’s shared responsibility model for AWS during 2018, resulting in the rise of DevOps, a fast-growing segment required for successful automation. Centrify says baking security into the process will allow for further adoption of cloud-based services.
4. Increasing identity-related breaches and vendor fatigue will force organisations to re-evaluate their security postures – architecture, budget and project priorities
Despite Verizon’s 2017 Data Breach Investigations Report reporting that compromised identities were responsible for 81% of all data breaches, companies spend just 4.7% of their total security budgets on identity and access management (IAM) – the very technology that could help prevent four out of five breaches. Centrify expects that a combination of increasing identity-related breaches and security vendor fatigue during 2018 will force companies to re-evaluate their entire security posture from the ground up, to put protecting identities at the centre of their security.
5. Organisations will respond to the current threat landscape with a Zero Trust Model
After the huge corporate impact of data breaches such as Equifax and Uber, Centrify expects companies to respond to increasing cyber security threats by implementing Zero Trust security models, which shift access controls from the perimeter to users and individual devices and grant access to services based on what is known about a user and their device.
6. The security market will incorporate machine learning to address identity-related breaches
Last year, companies integrated machine learning to ascertain the risk level of individual transactions and decide in real time whether to allow them. Centrify expects to see wider adoption of this approach, which pivots identity security away from detect-and-respond alerts and towards more automated preventative controls.
7. The rapid move to the cloud will increase the adoption of Zero Trust network models and modern microservices architectures that mandate the use of least privilege
During 2017, companies moved large segments of their infrastructure into the cloud, which still requires authentication and privilege management. Centrify anticipates widespread adoption of technologies that manage privileged identities with fine granularity. Least privilege will become an increasingly common term around the data centre.
