In the past year, we’ve seen the pressures on security teams exacerbated by geopolitical turmoil, economic uncertainty and evolving regulations. The attack surface continues to grow, while security teams remain strapped for resources. Advancing security under these conditions is going to require planning. And while no one has a crystal ball, anticipating issues ahead should be part of the planning. Speaking with Deepwatch’s security strategy leaders, here are their predictions for 2023:
Continued Development on Breach Reporting Requirements
“The regulation issue that everybody’s been talking about, and the one that I think has the most impact, is simply the breach reporting laws. The fact that the US already has three different ways in which companies may or may not have to announce breaches now – whether it’s to CISA, the FTC for publicly traded companies, critical infrastructure requirements – I think we’re going to see more activity on this, and it will be complex and complicated for security teams who need to adhere to it. Keep in mind, India introduced a law that expects breach reporting back to them within less than a calendar day, which is an extremely aggressive timeline. We’re just at the beginning of this. It needs to coalesce into something reasonable and meaningful.” – Bill Bernard, AVP Security Strategy at Deepwatch
Intensifying Pressure on Healthcare Security Organizations
I’m worried that companies are going to start getting priced out of the cyber insurance market. I’m especially worried about that in healthcare. Healthcare, 11 years in a row, has been the most breached industry vertical in at least the U.S. We’re hearing anecdotal stories of their cyber insurance rates going up. Not 15 percent, but 15 times, especially if they’ve had a breach event in the past year. How they can afford that is beyond me. I think everybody’s going to have problems with this, but healthcare I think is the canary in the coal mine. – Bill Bernard, AVP Security Strategy at Deepwatch
Healthcare was one of the first verticals to really get hit hard with cyber related regulations like HIPAA or standards like HITRUST. One of the trickle down aspects of this is that public companies in the healthcare industry were told that in order to do business they must have some form of cyber insurance. With the ever increasing cost of cyber insurance, how are these organizations supposed to stay in business? Are we looking at the possibility of self-insuring for cyber insurance? Are we going to get to the point of a cyber-insurance cottage industry? Do we need to start looking at the providers as well moving forward? – Neal Humphrey, AVP Security Strategy at Deepwatch
Making More Friends in Privacy
“Within the next three or four years, the vast majority of people in the world will be covered by one or more privacy laws. And that will include the identification, the self notification, the breach notification, and all the other downstream effects. Privacy is not security, but it is related and it uses security as an enforcement arm. So we in the security world who do not consider ourselves to be privacy professionals better make friends with someone who is, because that train is coming in; it’s not hitting any breaks no matter what’s on the tracks. Reporting privacy incidents will be very complex because even if a regulation is passed at the Federal level, it will likely be superseded at the individual state level – this results in multiple authorities that organizations have to report to, especially if you don’t easily know where someone lives.” – Chris Gray, AVP Security Strategy at Deepwatch
New Security Leadership Roles for Accountability and Decision-Making
“For a while we’ve had in the CISO world hens watching the hen house. CISOs write the policy, and then they’re also declaring whether or not they are abiding by that policy or other requirements and standards. That’s why there are all these calls for the government to do something. Regardless of whether they do, I can start seeing a new role kind of being rolled out that is going to be focused more on GRC and policy management that holds the actual security officer accountable.
One of the new roles I think we’ll see is effectively a risk officer that works with the CISO when an incident happens to 1) certify you have enough visibility to make appropriate business or insurance based decisions and 2) decide who is the one that’s going to take the risk on saying ‘hey this happened, but we are going to continue operations.’ Because nobody wants to make that decision on their own. We’ve seen attacks have had a greater blast effect or blast damage than maybe actually intended. We know attackers don’t need to break the glass to cause a problem, just rattle it a little bit. Years ago we didn’t lose gas because the pipeline was broken. We lost gas because they had a ransomware attack in a different part of their network that didn’t impact the actual piping network, and they shut down the pipeline in an abundance of caution.” – Neal Humphrey, AVP Security Strategy at Deepwatch
Professional Hacker “Corporations” Working Under the Cover of Weaponized Amateurs
“We will continue to see the weaponization of the space at both the professional and amateur levels. That is incredibly dangerous. Hacktivists and other groups will put out calls around the world and say, ‘Want to mess some stuff up? Give me a call and let me know what you can do. We will go to war together.’ This leads to the weaponization of the non-professional, perhaps even amateur, levels. These users are enabled by an increasing number of available tools and are being taught how to use them by some of the best. That will not go away. Keep in mind, a lot of the time their goal is going to be disruption, noise, and distraction.
Professional hacker groups, acting almost like corporate organizations, don’t want the flash and the noise on their part. They want everyone else doing it. If they can cause security teams to look that way, the professionals can operate unimpeded. It is a business. These are serious folks – look at the whole ransomware world. It’s evolved where now ‘I’m not only gonna block you out of your systems, but I’m stealing your data while I’m at it. So I’ll get the money from you with a ransomware, and then I’m gonna come back to you in three months and say, oh, by the way, I have all your data.”– Chris Gray, AVP Security Strategy at Deepwatch
“If we think about different attack groups as ‘the military’ versus ‘mercenaries,’ we’re going to end up with more ‘mercenary’ types of attackers: small groups who want to get known, who want the prestige of taking these actions and claiming their attacks. For example, getting into your Slack network and saying how bad they’ve owned you. Whereas attackers more like the military, like a nation state actor, would never do that. They are going to sit and be quiet and gather as much as they possibly can. So I think you’re gonna see more flash in the can along with other more serious attacks happening quietly elsewhere in the supply chain.” – Neal Humphrey, AVP Security Strategy at Deepwatch
“One of the scariest things about the DDoS attacks that Kill Net has been carrying out is that it would make fantastic cover for doing something else in your environment, while everyone’s eyes are on the DDoS. The good news is nobody seems to think that’s happened so far. But it would be like a magician’s sleight of hand: have a noisy attack going on over here while quiet things are going on in the background.” – Bill Bernard, AVP Security Strategy at Deepwatch
As every organization plans for what the next year has in store, the fundamentals remain: identify, protect, detect, respond and recover. In addition to hardening the attack surface as much as possible, 24/7/365 coverage and quicker means to detect and respond is and will continue to be more important than ever. If building and maintaining SOC capabilities internally is a challenge, Deepwatch is here for you.
Deepwatch partners with its customers to speed detection and response, providing fully managed SOC capabilities and 24/7/365 protection. The Deepwatch SecOps platform leverages security telemetry across data sources to detect complex threats and provide complete real-time response – programmatically, customized to the customer’s environment. As a partner and extension of internal security teams, Deepwatch offers peace of mind and assurance that threats are rapidly and holistically addressed, unlocking a new level of security that supports business outcomes.
Learn more about how to enable your security team to overcome restrictive budgets here: https://go.deepwatch.com/how-security-teams-can-overcome-restricted-budgets