You can’t protect everything equally…we have to find a way to control only what matters,” said Earl Perkins, Research Vice President in the Internet of Things Group at Gartner, during the Gartner Security & Risk Management Summit 2017 in National Harbor, Md, USA. In fact, according to Gartner, security experts should know four things: you can’t fix everything, you can’t make assets fully secure, you can’t know how secure they all are, and you can’t know how secure your digital partners are. However, Mr Perkins believes that in a world of unknowns there are five cyber security trends for 2017/2018, and they are listed below:
Security experts should know four things: you can’t fix everything, you can’t make assets fully secure, you can’t know how secure they all are, and you can’t know how secure your digital partners are
Cyber security skill sets are scarce
With a zero percent unemployment rate, security skill sets are scarce. The industry needs and will continue to need new kinds of skills as cyber security evolves in areas such as data classes and data governance. It is a problem that security experts have avoided, but the reality is that in the next three to five years, enterprises will generate more data than they ever have before.Changes in cyber security will require new types of skills in data science and analytics. The general increase in information will mean artificial security intelligence is necessary. Adaptive skills will be key for the next phase of cybersecurity.
Cloud security becomes top priority
As the cloud environment reaches maturity, it is becoming a security target and it will start having security problems. It is possible cloud will fall victim to a tragedy of the commons wherein a shared cloud service becomes unstable and unsecure based on increased demands by companies. When it comes to cloud, security experts will need to decide who they can trust and who they cannot. Companies should develop security guidelines for private and public cloud use and utilise a cloud decision model to apply rigor to cloud risks.
More focus on detection and response
“Take the money you’re spending on prevention and begin to drive it more equitably to detection and response,” said Mr. Perkins. “The truth is that you won’t be able to stop every threat and you need to get over it.”
A dedicated, well-financed player who is after something in your enterprise is going to get it, even if they use the weakest link–people–to do so. This means adapting your security setup to focus on detection, response, and remediation. That’s where the cyber security fight is today. In the future it will most likely move to prediction of what’s coming before anything happens.
Combine security and operations into one unit
There is a new window of opportunity in application security, but most enterprises don’t take advantage of it because of the expense. It’s time to figure out the right way to evaluate the value of security and the best way to explain that to the business.
Additionally, DevOps should become DevSecOps, with a focus on security. This is a good time to marry development and operations. The time to market has shortened so much, it creates an endless connection between development and operation, which means it’s important to stop running them as isolated units. This is the time to bring security to DevOps, or if the team is not internal, to ask the service provider what kind of security they provide.
Digital ecosystems drive next generation security
Safety, reliability and privacy are also a part of cyber security. When these systems begin to have a direct physical impact, you now become responsible for the safety of people and environments. Without a handle on security, people will die. The reliability portion is essential for operation and production environments or anyone in asset-centric firms.