It's that time of year again so I took some time to reflect back on 2018 and what we can expect to ring true in 2019. I've boiled it down to two predictions. The first takes an introspective view into the organizations we're all ultimately tasked with protecting. The second takes an outward-facing view that acknowledges that enterprises are part of a broader business ecosystem, and with that comes upstream and downstream risk.
We’ve already started to see some signs of folks investing in these areas in 2018, so I hope these predictions will inspire you to get a head start as those trends become the norm in 2019.
MORE ORGANIZATIONS WILL RECOGNIZE (AND START DEALING WITH) THE RISK FROM FLAT NETWORKS
Assuming breach needs to be the new cybersecurity stance and we’re going to see this mindset take a stronger hold next year. The flat, hyperconnected network will be identified as one of the biggest risks to address. To solve that, organizations will need to step back and look at what’s accessible and how to protect it, not just focus on the outer walls. They need to be strategic and stay ahead of their adversaries because the landscape has changed and organizations either haven’t realized it or kept up.
When networks are flat, everything is hyper-connected, making it incredibly more efficient to connect applications and devices and facilitate business services. However, a lot of organizations don’t realize that since it’s so easy to move around inside a flat network undetected, malicious actors who penetrate perimeter defenses can then traverse and target critical assets.
Firewalls can be very helpful at the perimeter, but once your perimeter is breached, these solutions are unable to protect the organization. Companies need to start assuming breach and think about mitigating their risks from flat networks where the firewall can no longer go.
MORE ENTERPRISES WILL ENSURE THEIR INTERNAL SECURITY AND SEGMENTATION PRACTICES ARE ADOPTED BY VENDORS
Gartner research concludes that 2019 will bring increased exposure due to expansion of digital business ecosystems and more widespread adoption of third-party services. As part of that, we anticipate seeing large enterprises increasingly demand that their strategic suppliers adopt their internal security practices.
It’s been known for years that malicious actors are turning to the weakest links in the digital supply chain – the third-party suppliers – as a rich entry point for accessing their target’s most valuable systems. More enterprises will start mandating that these vendors adopt their internal best security practices and enable more granular controls. This mindset is consistent with moving the security perimeters closer to the data.
If a third-party vendor is managing critical data and systems, enterprises will increasingly require these vendors to adopt their internal security standards. For example, we are already seeing the largest financial institutions executing this practice with the law firms that handle their eDiscovery, regulatory response, M&A, and IP-related transactions.
I think we'll see more organizations push their policies to their vendors in 2019 because they're starting to recognize the value of consistent and transparent security protocols across the digital supply chain. Not only will this provide peace of mind, it will also increase efficiency, streamline operations, and allow best practices to be shared.
Editor's Note: Bonus – visit www.crn.com to see what industry PJ predicts will start taking cybersecurity seriously in 2019.