Cybersecurity has been a buzzword for the past 10 years—and yet despite that, companies continue to have major security breaches regularly. We’re not just talking small businesses, either. So far in 2020, the largest breaches include many household names and tech titans—including Microsoft, Facebook, and Twitter.
It seems safe to say that most organizations are not even aware their systems have been hacked. If Microsoft can be compromised spending $1 billion annually in cybersecurity and employing some of the best tech talent on the planet, what does that say for the rest of us? Most organizations do not have the same deep pockets to spend on expensive security software or, more importantly, the talent required to operate them.
Thankfully, there are ways to practice strong cybersecurity even if you’re not a tech titan. Although it’s easy to feel like we are not making significant progress when news breaks about the latest breach, things are moving in the right direction. The five cybersecurity trends below give us hope for a more secure future. They may not yet be the lights at the end of the byte-encrypted tunnel, but they are steps in the right direction.
Increased Cybersecurity Spending
Organizations are putting their pocketbooks behind those secure browsing padlocks next to their URLs to ensure their customers’ data is secure. The global cybersecurity market has grown from $131 billion in 2017 to $173 billion in 2020 and is projected to be $270 billion by 2025. That is a whopping 86% increase in eight years! Although throwing money at a problem does not always solve it, an increase in spending signals that organizations are taking cybersecurity seriously—and the more folks who take it seriously, the more secure we’ll all be.
Multifactor Authentication (MFA)
MFA, sometimes also referred to as two-factor authentication, is a security system that asks users to provide multiple types of authentication to verify their identity when logging in or completing a transaction. Most commonly, they involve sending a verification code via text message or email. According to Microsoft, having MFA enabled on your accounts blocks 99.9% of account hacks.
This type of authentication requirement initially popped up in the financial industry, but it has since become more prevalent. MFA is expected to grow from a $8.6 billion market this year to $21.3 billion by 2027. Some companies are even getting creative in how they get customers to enable MFA. For example, Epic Games, the creator of Fortnite, prompts minors to get their parents to enable it in order to get more V-Bucks, the game’s currency.
While MFA is currently optional on a lot of systems, there’s a good chance it will be required in the not-so-distant future—and for good reason. With MFA enabled, you just need to make sure your phone is physically secured while in your car and public places.
Zero Trust Model
The zero trust model assumes that no user or device can be trusted. It has progressively gained attention from cybersecurity leaders who are frustrated by the weaknesses of network perimeter defenses like networks and firewalls. This model assumes that the perimeter defenses will be breached and that nothing on the network should be trusted.
The primary benefit of zero trust is that it provides another layer of network protection. It allows devices on the internal network to only see and communicate with other devices that it is dependent on. This differs from the castle moat approach—that once you have crossed the moat, you are free to roam the castle. Given this benefit, it’s no wonder 72% of organizations said they planned to assess or implement zero trust in some capacity in 2020.
Principle of Least Privilege
The principle of least privilege grants only enough access to a user needed to complete their job or task. This principle aims to reduce the risk of attackers gaining access to critical systems or sensitive data by compromising a low-level user account, device, or application. It can also help shield from an internal breach by a disgruntled employee who has system privileges they don’t need.
I cannot tell you how many times over the years I have inherited permissions from a defined system role that broke this principle. Usually this was because it was easier for a system administrator to add me to existing roles rather than taking the time to create a new role and add granular permissions. Admittedly, I have been guilty of this in the past as well. But if we’re going to improve, we must move to a security-first mindset. This trend leaves room for human error so it’s unlikely to ever become a perfect system. To get around that, regular privilege auditing is a core element of properly implementing least privilege.
As organizations continue to move to the cloud, they adopt base security infrastructure and controls that are best of breed. Security lies at the heart of success for any cloud provider—and providers like Amazon Web Services (AWS) and Azure stand above the rest in the security category.
Many companies are also moving toward managed or serverless architectures. For example, AWS’ immensely popular Lambda service is in the top 10 most used AWS services. These services put the server and operating system security burden on the cloud provider. The providers have the money and expertise to keep up with patching for vulnerabilities and system hardening that is a constantly moving target. This enables their customers to focus more on new features for their customers.
All this said, AWS’ customers still have a responsibility to ensure their configurations are secure—like enabling encryption when transmitting sensitive data over the network. AWS refers to this as the shared responsibility model. This, unfortunately, is another area that leaves room for human error—which requires monitoring and auditing configurations.
Cybersecurity will never be 100% failproof due to the human element inherent in system and user management. However, these five trends, when combined with proper monitoring and auditing, will significantly improve the security of your systems. The more secure your systems, the more difficult you make it for hackers to find a way. And the more difficult we make it for hackers, the more likely it is they’ll move on to other careers that are easier and more profitable—less hackers = less breaches.