Cybersecurity Trends and Challenges 2020

Hello, and welcome to the webinar. Cybersecurity trends and challenges. 2020. My name is Christopher Schutze and I work as director of practice cybersecurity and lead Analyst for co a call Analyst. A call offers several services from executive use leadership call versus Analyst Analyst, briefing webinars, like this one advisory project and conferences, eLearning stuff, and meetups based on three practices. The one is the identity and access practice. The other one is the cybersecurity practice where I'm responsible for. And the third one is the practice cyber artificial intelligence. We offer several research formats like the leadership. It is an general overview over important products like identity and access management or endpoint protection, where we compare the market leaders to each other on different categories. We offer executive views. So short four to five pages to show you the strengths and challenges of specific products. We create advisory notes, which are concrete recommendations, how to implement or do something within your company.
And then short two pages, which covers business challenges and covers key issues. They are called leadership brief on our brand new KC plus platform. It is easily to access our research stuff. You can filter by several categories and you can have a look at different topics. It is direct available online, or you can generate a PDF and use it offline. Actually you can have for 800 euros full access for 12, besides that we have the fours, the KC strategy, the KC portfolio, the case tech compass and the Casey project compass, where we could support you with different topics within your company and organization. And last but not least for the marketing part at the beginning of the webinar we have this year four major events. The one is the EIC. It is from the 14th, from may the 12th to the 15th may in Munich this year, where we cover topics for identity management, for cloud things, and for cybersecurity in October the twenties, till the 20 seconds we have in Amsterdam, our tech, then we have in November, our two parallel parallel events decided security leadership summit, and the cyber access summit,
Where the core focus is on cybersecurity and brand new year. We have the cyber world, which is from the November. We see you on one of these events. So on this webinar webinar, all of you are centrally muted. We are controlling. These features no needed to mute or unmute yourself. We are also recording the slides. The podcast will be made available in short term, possibly tomorrow or latest on Monday. We also will provide the slide deck for download. That will be in question and answer session. By the end of the webinar, you can enter your questions at any time using the goal to control panel and try to answer all of at webinar cybersecurity trends and challenges 20 the new year has started. And it's time to look back in 2019. What happened in cybersecurity? What was our biggest challenge and why security is still
An important topic? 2019, we just had a few data breaches. As you can see, when I was researching for the slide deck, I found a nice Wikipedia page listed with data breaches since two four. And I'm pretty sure this list is only showing a few percentage of total breaches. So I'm that this list will be growing in the next years. A lot as you, there are a lot of big companies and organization and this extract of data breaches, all of them are marked in red. So for
Example, we
Have the Adobe and they're a creative cloud with 7.5 7.5 million user data breached like the mail and the product, which is used. Then we have a bigger one with 808 million entries below about blood donor from health science authority, which is pretty much higher, which is a really high amount of that. Microsoft shared 250 million
Customer service records and our all known master of data privacy uploaded in unintentionally 1.5 email contact without the concept of the users. So all of you, including me has on Facebook account and all of them were cross by security and misconfiguration and unprotected APIs. So as we can say, 2019 was really a successful year. The cybercrime industry in collecting data. I don't know if you know the websites have I been pound.com? I just checked my private throwaway email address yesterday and I got three hits. So this is why I used throwaway email addresses for services like that.
So one of our biggest biggest challenges are data breaches. In two 20, they are often caused by unsecured or sufficient secured APIs and weak authentication mechanisms protecting data's the most important thing in 2020. And I'm pretty sure this will keep a big topic in the next few years, hopefully not in the next 20 years, but I'm pretty sure we will have to do enough with that. In 2019, some hospitals in Germany became victim victim of an ransomware attack. Those attacks are usually caused by a software which is installed on your computer. This is often done by social engineering and trying to force people to click or download the software, maybe for some special assistance from their help desk.
Once install, our data is locked. So your computers not usable anymore. And this is horrible. The business model behind that is quite simple. The organizations have to pay a huge amount of money to remove the software and access their data. So again, data is very important. Part 2020 passwords are still the most common authentication mechanism that is used to prevent unwanted access to systems or data. And even in the communication between services or static passwords are frequently used using just a single password is from a security perspective, really horrible, especially if we think about the amount of data breaches in 2019, and users still tend to use the same password for multiple accounts. And just think about that. The account name might be your email address. It is really easy to try those credentials on another popular website. And this is only for, for you as an end user, just think about the company and users use the same password there.
The complex it services and relationships are causes a high coordinated effort within the organization's security approach, like product services, organizational structures, and so on. Even creating various smaller projects, the interaction and the dependencies to other is very high, which means those projects and the handling. The those requirements can become very, very complex during a project. The requirements and the scope is often changing or evolving. And this is still in 2020 and important topic. Most project do not fail because of technical issues. Most of them because of unspecified requirements and changing requirements and problems while defining processes. The last one of coping call's biggest challenges in cyber security for 2020 is the security of IOT and OT. Those connected devices within a company might have a big impact of the supply chain process or production process. We have various meters and actors give signals on information to the control center. And many of them are bios and only wood Terry protected. Any of these endpoints could be a way to get access to a network, even if they only communicate wireless to an central hub, which forwards the data into a network. This is a way to get access to a network.
So cybersecurity is a very connected topic. You often do not have a single software solution, which might mitigate a risk. It is more a wider topic that single trends have impact on several challenges. This table shows the five challenges coping a for 2020 in relation to the top five trends we see for cyber securities. Those trends are chosen because they have the biggest impact on my challenges. We have artificial intelligence in cybersecurity, which could have impact on data breaches, complex project and OT and OT security. We have API security, which has mainly impact on API security and for sure, IOT and OT security, we have privileged access management. This is still in 2020 and very essential topic for almost every challenge beside a complex project, but maybe it's could cause to more or it cause could cause more complex projects, too.
Incident response management and business continuity management are part of the same trend because they are closely linked incident. Response management has impact to everything besides complex project and business continuity management on ransomware passwords and in some way to complex project and the security oft and OT at dairy it's trend. Number five is the information protection life cycle, which covers data breaches, ransomware passwords. So let's have a more detailed look on the trends, trend number one, AR artificial intelligence used in cybersecurity. If we have a closer look at what we can use AI for, we focus on that five areas. The data correlation can be used to analyze lock data and automatically correlate same data. Some can be done on network traffic and on user behavior. All this can be used for risk based authentication and also to prevent access to structured or unstructured data like the bigger topic data access governance AI can be used for supporting decisions automatically typically use cases are for example, forensic Analyst, Analyst, threat hunting analysis of malware or next generation expert systems. And for sure it could be used in SOCs.
Using intelligent automation helps a lot in threat mitigation and security orchestration, especially in the area incident response. It will become a more important topic. We think besides that it can support also support robotic process, medication automation and DDoS attack medication and security testing. So these are typically use cases. Cybersecurity can also benefit from AI and cognitive processes. These are processes where usually people have to think about something with machine learning. This can be automated in areas like threat intelligence, fishing analysis of tech patterns, impact of risk for optimization of security policies. Also trend topic. The last area for artificial intelligence and cybersecurity is autonomous AI. This is some AI which can do automated self maintenance. It can do instance with mitigation and not only defenders use AI. Also the attackers use it. This can also be mitigated by section AI. So in general, it sounds like a good idea to use AI in cybersecurity, especially for preventing to hacked on API is misused for an attack. It improves security and reduces time on several tasks, but right now it cannot replace the human. So this is the problem. It is only really good extension, which introduces additional challenges. AI is still very costly, both in terms of needed resources and skill. And most AI implementations are highly specialized to perform a single task. And this makes it much more complex.
Trend. Number two, API security is applied. Ops interfaces are always a weak point in an it infrastructure. There's a need for a good authentication mechanism, and there's a need for keeping the API alive. In case of an tech, the so-called lifecycle of an API is very high based on frequent upcoming new requirements. So they are changing over time. Very often a new business requirement is coming up for new or an existing API. The architect designs it, the develop, develop it, the tester tests it so hopefully, and then it is deployed. But the lifetime of an API is often many years, which means there are new technologies developed and new threads come up over time. These challenges need to be covered in implementing APIs. This also leads to several problems with new APIs or with existing APIs. The human factor is always a non calculated point because it depends on the knowledge and the experience of a, there are still several APIs with a, let me say very special interpretation of how to design APIs.
And then the already mentioned topic distributed deny of service attack. An IPI must be deployed on that way that is scaling automatically, and it should block specific IPE IPS or ranges or specific requests. So there's, there's a good place for maybe some artificial intelligence. The more technical more technical are text due to the payload of the data package. There might be a protocol exploited or a Shama schema violation or an injection tech, maybe in that way. It is implemented. Like we all know it from the classic HTP forms and the SQL injection and they execute SQL theories block table. This might also be possible on an API API level. And for sure data breaches are most of the time triggered with an API from week encryption to weak authentication. Everything is possible if the API is not well designed, developed, and protected. So using DevOps is a good starting point for a development process with continued deployment and continued automated testing, but still security is not that important as it should be.
Thus API development should be done with where development and operations are responsible for security in every single process from designing to deploying an API trend, number three, access to critical systems or functions, data breaches, installations of ransomware, and the control of IOT could often be prevented with having a privileged access management. So what do you need to have a good pump? First of all, integrate Palm into your identity governance and administration. Those it tools, support provisioning self-services and OT, and should be the central point in an organization to see which user has or had which permissions when and why. So who approved it, then you need to identify the business critical actions. It is not only about protecting your root accounts or your domain admin. It is also about business critical functions. Having the critical assets identified. There must be a defined ownership model who is responsible, who is responsible for a system or an operation, and can he delegate it to another person or not. And also an important part for privilege access management is that users do not have direct access to systems. Everything is executed via service or technical accounts and the proxy. And in the back end, the passwords are rotating and this could also be used for any other technical or service account within your company.
Privileged access management gives us a central governance, the single point of truth with all the required limitations and information. We then have also a clear, we then also have clear responsibilities and know who to ask if there are any issues for target system or for operation. And we have the ability to implement the real segregation of duties, especially for business critical functions. This is relevant. So this would at the end for sure, enhance our security trend. Number four, incident response management business continue team management. And because it is also in some way related to information protection life cycle in general incident response, the response management consists of the shown five steps, identify, prevent, detect respondent, recover and improve. So it is continuous learning and improving, knowing what to prevent should be part of the it risk management, which is integrated into the corporate risk management.
And the prevention is part of the third, which integrates into the I security operations and configuration. The more active part in this graphic is the, the respondent recover part where the incident response management of the business continu management comes into effect. The incident response management is reacting to an incident which he has or which they have identified and then decides what to do and how to communicate, especially in case of an data breach. The external communication is a really essential part to prevent further damages for a brand. Just think about Facebook or whatever, if communicate the communication really key in case the ERs continuity management, its focus is more on keeping the business alive, which means to have a plan B for all identified risks like in blackout and it, or some ransomware blocked all the computers with the data of patients as we had in the public health sector in Germany last year, often incident is before the next incident and incident response management, continu management must improve.
This is in collaboration, it management and the it security and all this means. We have to understand the risk. We have to try to prevent a text. We have to monitor our systems permanently and we have to define what to do in case of emergent and emergency. And we have to learn from the past with continuous improvement. And on the other hand, there is again, the data which must be protected. And this data also has a life cycle from identifying the critical data, prevent that critical data is accessed by the wrong people, detect misuse and recover data. If it is blocked, lost, or accidentally deleted. So this is the information protection life cycle, where we will have a deeper look right now, the trend number five data has a lifecycle and needs to be protected. It all starts with the classification as mentioned and ends with archiving it at the end of the life cycle, based on organizations and country specific requirements between classification and archiving is the part where the data is actively used.
This is what we see on this slide. Information protection is also an layered approach in the center. We have the data which is classified and which needs to be protected. The outer layer is the access control a person or a group of person is allowed to access the data. This must be insured. The second layer is encryption tokenization and the mask of data. This is for the data in transport or the place where this is stored. It ensures that the data is that the data integrity is valid. The third layer are tools that can detect several activities on a system or a network level to prevent access. This is usually part of an SOC and the fourth layer is, let me say it's confusion. Different honey pots are created in that way that only attackers will try to access them. And if they attack and honey, honey pots, you can identify them and isolate the specific source.
So what does this mean for a company for two, the challenges, data breaches, UNS, passwords, and security, oft OT devices, besides the recommendations described in the trends we recommend to share your experience with other experts like the incident response management and the business continuity management process and important part is learning. The more you talk to others, the more, you know, risk management is key. You really need to know where the specific risks are in your company and how to fix or mitigate them. You have to benchmark your portfolio, your processes, your preparation, and how your organization is set up frequently threats and the way how they are executed change frequently. So your, it should also change frequently investing into, up to date hard and software and update them frequently and force or prevent usage, which is not necessary to achieve 100% of security is almost impossible. So you need to focus on the most important risk based, most important risk based things. And those risks should be based on the business requirements. If you do it that way, it allows you to work and focus on the most important things, because otherwise you will spend a lot of money in thousands of products, which does not improve your security at all. So this is also a really important topic and last but not least the education of the it team, as well as the education of your end users is essential.
So this is it for today in this webinar about trends and challenges in cybersecurity, 2020, I received one question or two, the one first one, the question is, do you expect that there will be more data breaches caused by attackers with, with the use of artificial intelligence? Yeah, that's a good question. I'm pretty sure that there will be more data breaches in the future, but this is simply caused because there will be more data available in the future. AI will take. And the important part. Yeah, because it allows the attackers to attack in a different way. But right now the AI is based on a training effect than the training is more the current state. I know that AI is heavily or frequently used to modify the source code of malicious software, for example, to prevent pattern matching on, on special scanners. But also there, the, the software on the other side is working to prevent. So in general, there's always a competition between attackers and defenders, I would say. So. Yeah, I would attack that would expect that attacks will raise in their amount, but I'm pretty sure we will do our best. All of you will, will do our best to prevent that in the future. So thank you very much for joining our webinar and see you soon.