Today I want to share a few thoughts about the current and future state of cybersecurity. We’ll talk about how to defend your organization and your employees from cyber threats.
I’m not a psychic, but there’s one thing I know for sure – everything evolves. Every business is on the path to become a technology business, and security plays a HUGE role in this process.
Before we dive into technology, let me tell you about Col. John Boyd, a Korean War fighter pilot. He is known for developing a theory about how to lead the combat, which has been adopted by the military all around the world. As a part of this theory, he developed the concept of the OODA loop.
OODA loop is a decision-making process based on 4 steps:
and then… repeating the entire cycle.
What the OODA loop adds to the combat, but also to the business strategy, is the conclusion that those who can handle the fastest rate of change will survive. It’s not important how many weapons you have, or how heavily is your jet fighter loaded. What matters is how fast you can adapt to change.
Keep this in mind – we’ll come back to it later.
No time to read? Watch the video instead!
You might wonder by now, what does it have to do with security?
If you apply this principle to security in the modern world, it is not important how thick walls you build, it is not important how many appliances or network firewalls you put your network behind, it is important how fast you can detect and react to an incident in your network.
Because the attack service is cheap. People trying to attack your network use commodity services just as you do.
If you wanted to execute a ransomware attack against an organization, you wouldn’t build this capability. You’d rent it as a service. You’d pay a monthly fee, and use the software.
Speaking of ransomware – it was recently described by European Union agencies as one of the top threats in 2020.
We have a lot of experience in fighting ransomware and recovering companies from it, and we were part of the efforts to recover Maersk in 2017 from a NotPetya attack.
That happened three years ago. And today, when I’m writing about this, we have other logistics companies being affected by the exact same type of attack. Why is this happening and what do we need to change to avoid those kinds of threats in the future?
A simple kind of threat, like ransomware, can put your business in jeopardy, and make it suffer financial losses.
So, what can you do?
Let me tell you about the 4 trends I think will shape security in the 2020s.
Every user using your company’s resources, laptops and computers, is an entry point to your network. That is the biggest shift in the security approach we are observing right now.
Before that, it was defined by the network itself. You had firewalls, gateways and a point of entry, which you could protect.
Right now, every user who is using thousands of applications and services is a point of entry. If somebody breaks your user’s security, they can try to leverage it to break the security of your network.
It is clearly visible from the latest Digital Defense Report from Microsoft. If you look at the top concerns of CSOs and other C-level executives, threats targeting remote workers and breaching the identities of the users are some of the most common.
This is also why most of the organizations surveyed for this report are now speeding up the efforts to implement a zero-trust approach.
The zero-trust approach is about using a set of services and products to implement a policy where security is enforced constantly.
The first step is to evaluate a lot of factors, such as who is the user, what kind of device are they using? What kinds of risks do they have? A different risk profile might apply to a standard user or to the administrator.
Use these factors to decide what kind of security countermeasures to apply for your users. You are not building a wide, open network where you place your servers.
You segment your services and solutions, to become a part of the zero-trust policy network. Then, you gather the signals to automate the investigation process and to get insights if something bad is happening at your company.
The other trend, which will be significant in the years to come, is DevSecOps – or Security DevOps. DevOps and Agile development are on everybody’s mind because they allow us to get the most out of the cloud investment, or to deliver faster.
We have fast deployment cycles and automated CI/ CD pipelines. But not every developer will be trained in security, and not every product or development team includes a security expert.
What is really missing at most of the organizations I work with, is that CI/CD infrastructure itself is a major security point, since it has the highest possible access privileges to your infrastructure. And it’s very often managed by people who are not security professionals.
The big question is, whose business is it to care about security?
Well, it’s EVERYBODY’S business! And instead of thinking about Security and DevOps as separate processes, you need to embed security into DevOps.
There are a lot of tools and practices for that right now, but it will mature over the years. You will see more and more investments in this area, and you should start investing in it as well.
Educate your developers, educate your organization and security people on it.
The third big trend in security is the SOAR (Security, Orchestration, Automation, Response) approach. Remember the OODA loop? SOAR and OODA loop are creating a new security landscape for your organization.
Here’s why – the security process is about observing what is happening, gathering the intelligence and all the information that we have, making sense of it, and then, if we detect something’s happening in the network, decide what it is – and decide fast.
It doesn’t have to be the perfect decision, but it has to be a decision made fast because you want to start limiting the impact of the incident as early as possible before it unfolds.
Security operations are changing. The modern approach will be more aligned with the OODA loop.
Cloud providers are uniquely positioned to deliver the supporting tools because they see a lot. Microsoft sees all the attacks against Azure or Office 365 environments. It also monitors the attacks on Windows 10 and on consumer services, like Xbox.
Microsoft puts this knowledge into products like Azure Sentinel or Azure Security Center, which provide us with insights we would find very hard to collect on our own.
We also get tools for identity and user protection. We have Azure AD and Windows Defender Solutions, which act as distinct OODA loops for protecting users or workstations.
Together they are delivering modern security operations focused on quick decisions, based on the gathered information to quickly decide how to protect our environment.
Besides that, what we are seeing as a trend as well, is that security consulting is commoditized and delivered as a service.
If you’ll go to Office 365 or Microsoft 365 control panels, you’ll find tools like Compliance Manager or Microsoft Secure Score. They deliver specialized knowledge and apply it to your environment, to deliver actionable items for you to follow.
If you are running Office 365 or Microsoft 365 environment right now, after this reading, check your compliance and secure score. You will find a lot of insights there.
To improve your security posture, you need the right people with the right skills. These skills in the new environment will be very different from what we’ve seen so far. We are moving towards the environment where cybersecurity is about security operations and development.
To get all of it together, your organization needs to start acting now and you need to prepare for this new security landscape. It is already out there, but a lot of companies are still catching up with it.
To start, I have 3 steps for you to follow.
It is different than the on-premises security model. You need to understand how it is different from what you’ve been using and building before, and how you can leverage the new services for your benefit.
Many organizations we are helping to recover from ransomware attacks, failed on very basic things, like separation of privileged accounts, turning on the MFA or patching the domain controllers. You don’t want to be in the same boat. Get the basics, fix them before going for any new security investments.
Look at the tools you have at hand from vendors like Microsoft. You might have a lot of them already purchased in your current environment, and not putting them to work.
Ultimately, it is your decision, which direction you will choose. You can stay in the past and take care only of the network infrastructure. OR you can turn your security process into very dynamic, very well-organized OODA loop-based security operations.
I highly encourage you to read the Microsoft Digital Defense report, which was released in September 2020, to learn more.
If you want to ask me any questions, you can follow me on Twitter or just click here to send your question! And I hope this insight into four major cybersecurity trends for 2020s will prompt you to act. As soon as possible!
Sometimes it feels like I'm pushing too much with security and software development, but then you prove me wrong. Rec...
We talk a lot about perimeter security, zero trust, etc. And there’s a good reason for it. Malware attacks don’t jus...