Cybersecurity is a hot topic in today’s digital world. One of the leading authorities on the matter is Cisco, a company that built its brand identity of being one of the leading companies in this field. In a podcast interview with Kevin Delaney, Cisco’s vice president and CTO of its security business group, Bret Hartman shares some of his insight on the warnings, predictions, and best practices for cybersecurity in 2020. Below you can find the key takeaways of their discussion that can help you and your environment be better prepared for the cybersecurity market of 2020.
There is a staggering number of complex devices today, ranging from webcams, mobile phones, smart TVs, gaming consoles, smart home (smart office), and other IoT devices. This means more endpoints, each one of them posing potential entry points for hackers and other bad actors (in the context of cybersecurity, the “bad guys” are considered those that utilize their knowledge to harm rather than enhance and protect). At the same time, there is a growing of applications available for users, each requiring their own security features implemented.
Also interesting: Intel Tests TrailGuard AI to Fight Poaching in Africa
The way apps are built changed as now their data is mostly stored in private or public clouds. Growing product numbers, apps, software infrastructure, and access increases the amount of threats environments are facing. Nonetheless, at the same time, this leads to innovation in the cybersecurity field since when an intrusion or attack is identified, this eventually leads to better security upgrades. Bad guys also get more ways to attack environments, while the good guys are searching for ways to stop them.
There are three main phases that cybersecurity went through:
- Phase I: About 30 years ago, cybersecurity was focused on the protection of hardware infrastructure via firewalls, still used today as well.
- Phase II: At the beginning of 2010, cloud services shifted the focus from hardware to the cloud. Today it is the most covered topic of cybersecurity since it’s where most growth takes place across all global cybersecurity markets, and this the transitory step that will lead to the third phase.
- Phase III: Security embedded into the applications. The architecture of a product or soft will account for developing unique security features from the beginning of development, without using 3rd parties further down the line upon release.
Trends, predictions, and warning signs
- It’s an “arms race” – the good guys and bad guys iterate on new ways to protect or break the security of an environment such as companies, governments, or institutions. It is moved by human innovation and creativity, and both sides learn from one another.
- Heart of the challenge is managing complexity. It means staying up to date with the best security features and quickly adapting to breaches created by hackers, especially in the supply chains of software development and deployment. Since a lot of end products are developed across multiple companies, it is essential to be able to protect the intersections in between.
- AI and Machine Learning take place across all the IT-sphere. In the cybersecurity context, AI simulation of human intelligence is still far away at the moment, so we are safe from doomsday Skynet scenarios. Today every security vendor mostly talks about machine learning since it can process a lot of security-related information. Software utilizing machine learning can handle more than one petabyte of data per day and identify a potential threat to an extent humans are not able to.
- Think in advance – cybersecurity issues should be taken into account across all business units: IT, sales, legal, public relations, etc. Companies and institutions should have a plan in place so the right people can execute precisely and on time to fight off any cybersecurity threats.
Best practices of 2020
- Use segmentation to control how data flows from one network to another if an attack takes place in a particular business unit like a call center or sales department. It can be stopped in that specific segment. This way, it won’t cross-over to other groups such as manufacturing, keeping them secure.
- The visibility of networks should be imprinted in the architecture of an environment’s software. Many organizations don’t have visibility across their networks. Bret Hartman presents great examples of “telemetry of the environment” between the network endpoint (devices, mobiles), cloud (data stored in the cloud), and application “how do I know what the application is doing.”
- Communication – when speaking about cybersecurity issues, it is essential to use a vocabulary that translates well into business terms. The top-ranking security officers need to communicate technical terms in a way that helps stakeholders understand the impact of cybersecurity on a companies brand as a whole.
- Build and evolve talent – organizations should collaborate with universities to establish inclusive programs that help the next generation of graduate students become the cybersecurity professionals the world needs.
The Cisco podcasts make for a great conversation that stresses the importance of creativity and collaboration in a world growing more complicated each day.
YouTube: Cisco and Ransomware – Anatomy of Cyberattack