Mimecast Limited (NASDAQ: MIME), a leading email and data security company, on 4 February, 2020 announced the availability of Commencing a New Decade: 2020 Predictions, the trendy eBook from the Cyber Resilience Think Tank (CR Think Tank). This crew of security leaders currently gathered to mirror on the past decade and forecast the primary trends predicted in 2020 and beyond. The eBook is designed to grant specialist insight to international industry influencers on what to anticipate and how to prepare for the upcoming security challenges companies may also face this coming year.
During the CR Think Tank meeting, plenty of the discussion based on the transformations of the SaaS, InfoSec and Application Security industries. The group also covered the challenges associated with not including security from the start.
To best prepare for a sturdy and strategic 2020, the CR Think Tank outlined 4 key trends that will affect how companies approach cybersecurity.
1. DevOps and Security Efforts will Align to Mitigate Business Risk
New features, bug fixes, configuration changes, and much more are delivered and iterated upon rapidly to offer the excellent possible end user and client experience. However, because of the consistent iterations and improvements, safety can no longer be an afterthought. DevOps teams are dependent on cloud deployments, which means that security have to be top of mind at each stage of the application development process.
According to Malcolm Harkins, chief trust and security officer at Cymatic, DevSecOps has lagged because security processes, tools, and processes that slow down the development process, however automation should be the answer. When standards are automatic into the task at hand, DevSecOps can suit the needs of development, security and operations.
2. Industry Consolidation will Increase the Possibility of a Breach
After a period of explosive innovation and growth in the security solutions space, 2019 saw a busy year of consolidation, with large players snapping up smaller ones to enlarge their portfolios.
Shawn Valle, chief security officer at Rapid7, commented that there will be an onslaught of new players that received their way into key positions: “We should see new leaders in all things cloud security and all things security applications.”
Beyond the economic implications for the industry, consolidation in cybersecurity has another perspective that all companies want to consider. The complexity that comes with numerous security technologies and the ecosystems where they function collectively injects risk around inadvertently acquiring your next breach. To mitigate this challenge, security leaders have to be added into mergers and acquisitions in the early levels of planning to have a better grasp of the security posture and capabilities of the company being acquired.
Christina Van Houten, chief strategy officer at Mimecast, stated “most organizations use M&A to purchase growth and revenue, but typical financial due diligence is no longer sufficient to make sure success. Achieving a deep grasp of the technology and how it will function inside the broader ecosystem is critical.” She additionally stated that more emphasis be put on constructing relationships at all ranges within the organization well before the transaction takes place. “The ‘softer side’ of M&A is a massively essential part of the due diligence process in the days following the acquisition. This requires a wonderful deal of thoughtfulness and programmatic cross-organizational collaboration, but when done right, the acquiring company and blended entity become stronger, delivering a better solution for customers.”
3. Attack Simulation will Grow as Pen Testing Becomes Table Stakes
When it comes to constructing defenses against attackers, what worked in years past will no longer be adequate in 2020. Traditional pen checking out has been considered a key pillar of good cybersecurity because it forces leaders and analysts to proactively push the bounds of what they’re doing, constantly validating the equipment and alerting inside security environments. Beyond kicking the tires to make sure the whole lot is functioning properly, programs have been used as valuable training approaches and to demonstrate system skills and processes to stakeholders.
Harkins mentioned that this brings the scarcity of cybersecurity experts to mind. While pen testing is highly-priced in resources and restricted in scope, assault simulation technology appears much more attractive for excessive yields and low cost. Security leaders who can minimize manual labor costs and cover more ground using automation will free up time for greater valuable development cycles.
4. Hyperconvergence of Technologies will Increase Risk of Microbreaches
Microbreaches are slight manipulations of data that can cascade throughout distributed IT environments. Given the market consolidation that’s underway in the security solution space, CR Think Tank members agree with these sorts of attacks will emerge more pervasively in 2020. Beyond the ecosystem complexity and lack of integration, these assaults will be enabled by mobility and other rising technologies that have created new points of entry.
Peter Tran, head of international cyber protection at Worldpay, believes microbreaches will be off the radar because the present day equipment and telemetry companies install are designed to monitor and alert on the environment, such as SIEMs, packet capture, netflows, etc. – and they won’t be sufficient to combat microbreaches in a distributed IT world.