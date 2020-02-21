In 2020, there will be more, and more complex, cybersecurity attacks and we should expect an escalation of these threats, driving the urgency for companies to adopt more stringent cybersecurity practices. In recent times we have seen that the region is not immune to cyberattacks and data breaches, we expect this to get worse.

In our 2020 cybersecurity predictions report we highlighted some key trends and technologies that will be important for businesses to consider in the fight against cyber criminals. These are our observations.

CLOUD ADOPTION EXPANDS UNKNOWN THREATS LANDSCAPE

As companies embark on digital transformation, the continuing adoption of hybrid and multi-cloud infrastructures expands the unknown threat landscape. As such, companies will need to raise the standard for managing identities and access.

In 2020, as the adoption of cloud services grows, chief information officer (CIO)s and chief information security offices (CISO)s will need to play catch up to properly get to grips with changing risk profiles in areas such as the cloud. A 'cloud-first' attitude increases the challenge of managing associated identities and credentials across any organisation.

Capabilities such as federated authentication, single sign-on and adaptive multi-factor address the challenge of striking a balance between security and usability, and in 2020, we predict that the use of these controls will become standard, if not required practice. Identities and associated credentials are the points of attack usually exploited in a data breach — they are 'keys to the kingdom'.

Without sufficient controls, especially for those with privileged rights, it will become increasingly difficult for organisations to securely manage identities and mitigate the risk of a data breach.

PASSWORDS WILL BECOME OUTDATED

To address the evolving threats and mitigate against vulnerabilities, 2020 will see a departure from old-fashioned password management practices to passwordless technologies.

To get there, companies will need to adopt end-to-end passwordless access to critical information and company assets, especially in scenarios where Privileged Access Management (PAM) is required.

The shift is being driven by the increasing number of cases where privileged credentials and passwords have been compromised, so too, passwords are painful to manage in a secure and cost effective way.

Passwords are also easy to forget and the increasing complexity requirements placed upon users increases the chances of passwords having to be written down or stored insecurely, thereby creating opportunities for those with malicious intent.

Biometric technologies and ephemeral certificates will provide a more secure and user-friendly way to manage credentials and ensure assets and data are kept secure.

AI WILL NEED REAL SECURITY

Although many have predicted that artificial intelligence (AI) is the so-called silver bullet that will put an end to cybercrime, finally, I have also identified a paradox, which is the surprising lack of focus on the security of AI itself.

This, I predict, will change in 2020. AI security is a problem because AI models are still insecure, and therefore vulnerable to attack. An adversarial approach could look like a malicious hacker intervening in the training process of an AI. For example, an AI learning to recognise cats could be tricked into believing that an image of a dog was also a cat: an exploit that could later be leveraged.

It is also possible to extract parts of an AI model, leading to intellectual property theft, as well as the ability to craft “adversarial” AI that could manipulate the intended model. Currently, it is hard to detect and remediate these attacks. I think it is highly likely we will see a shift towards research in this area, with a greater focus on explainable and accountable AI, which would allow for human response and remediation on what are currently black-box models.

SOAR IS A REAL GAME-CHANGER

Finally, one cybersecurity technology that is making significant forward strides is SOAR (Security Orchestration, Automation and Response) – a term first coined by the research firm Gartner. It is a solution stack that allows an organisation to collect data about security threats from multiple sources and respond to low-level security events without human assistance.

In Fujitsu's view, 2020 is the year when early adopters will see the business benefits of these technologies as the threat landscape continues to expand. It has taken a while for SOAR to be understood and adopted, but the business benefits are tangible.

At a granular level, the correct adoption of SOAR helps organisations map, understand and improve their business processes, provide enhanced reporting, and be enabled to improve their security posture and the ability to respond faster to threats that could impact their reputation, operations, and bottom line.

The topics discussed are not only topical but also relevant for businesses operating in all industries. It is therefore important for us to continue this discussion from a national perspective and put in place the necessary legislation. Regional companies must take the necessary precautions and steps to address cybersecurity, to mitigate against risk and reputation damage to your business.

Evan Hemans currently serves as Head of Digital Technology Services of Fujitsu Caribbean, where he is responsible for leading the regional services organization and is tasked with driving the company's strategic business growth by developing and deploying industry-focused, IP-based, innovative solutions enabled by emerging digital technologies such as AI, Advanced Analytics, Blockchain, IoT and cybersecurity.