"We will continue to see artificial intelligence deployed in the security operations center (SOC). Most SOC jobs are checklist-driven, particularly for first- and second-tier analysts who review logs for indicators of compromise (IoCs),"

Expanding on this, national cyber security expert and the Director of Information Security Services at Integral Partners, Kayne McGladrey, told the Cyber Security Hub that, “If you’re breached by a third party, nobody cares that it’s the third party’s fault. It comes back to you.”

He continued: “It’s your fault for not having adequate controls. And the single easiest third-party control is around onboarding and off-boarding third-party accounts.”

Even if you’re rotating passwords, monitoring privileged access, auditing, etc., McGladrey said you must know, empirically, who’s accessing your network.

"Patching is a reactive strategy, and there are a couple of challenges that have led us to the current situation. One of those challenges is that the market has rewarded companies that develop and produce products rapidly, and the market has shown a willingness to accept post-release patching as an acceptable trade-off. As a result, developers and architects are rewarded by their employers for producing code and architecture very quickly with less thought given to cybersecurity.

"The other significant challenge is that the cybersecurity community is generally homogenous. We have a diversity problem when just 11% of women work in cybersecurity. This lack of diversity in backgrounds and life experiences has influenced the analytic methodologies that are used to evaluate potential security issues with products. This lack of diversity of thought has led to the unfortunate set of expectations that breaches are inevitable, and this situation will continue until the cybersecurity industry does a better job of including diverse voices and opinions in the global conversation about security."

Include Cybersecurity

With between 1.8 and 5.5 million cybersecurity jobs that are likely to go unfilled by 2021, the cybersecurity industry needs to encourage people who have not previously considered these jobs to include cybersecurity in their job options. The world does not need another whitepaper about the lack of diversity of race, gender, and orientation in cybersecurity.

“Organizations should focus on defining a least-privilege security model for each permanent or temporary role a user may inhabit, and then apply those roles to every device, server, and service that an individual may interact with over the course of each day,” says Kayne McGladrey (@kaynemcgladrey), Director of Information Security Services at Integral Partners.

“Organizations need to move past the quaint but antiquated concept of a network perimeter and recognize that the only measurable unit of security is the individual. Individuals include employees, project team members, contractors, third-party service providers, customers, prospects, and guests at a minimum. “

Four Critical Cybersecurity Predictions for 2018

One fact will hold true in 2018, no matter what organizations do: cybercriminals will continue to reinvest their profits into building sustainable but illegal businesses. The underlying economics of cybercrime continue to give massive financial incentives to the attackers. Organizations should retaliate by adopting a “keeping up with the Joneses” mentality so that they’re always slightly more secure than organizations in the same market or vertical.

Three cybersecurity predictions for 2018, according to Twitter

On December 12th, I moderated the #securityinsiderchat on Twitter, where more than twenty cybersecurity experts gathered to discuss their predictions for 2018. It’s always a pleasure and a privilege to learn from a diverse gathering of people and to read their ideas over the course of nearly 300 tweets. Plus, it’s an excellent opportunity to post animated cat gifs in the context of work.

How An Identity and Access Management Program Saved a Retailer $100k+ In Fraud Annually

Gartner estimates that 63% of all IAM products will be thrown out in the next two years as the ‘requirements have changed’ since the date of original purchase. The challenge for new and existing IAM programs is to establish and maintain a strong justification for the program’s continued existence.  One retail client recognized this potential risk to their IAM program and took a novel approach to clearly illustrating the benefits of an IAM program.

“Organizations should focus first on protecting heartbeat user identities with strong identity governance, multifactor authentication and privileged command escalation roles,” says Kayne McGladrey (@kaynemcgladrey), director of information security services at Integral Partners.“Nonheartbeat users, such as service accounts and shared accounts, require protection levels that include vaulting and automatic password rotation, on a defined schedule.”

Mind the gap: three actions to take today based on AT&T’s latest Cybersecurity Insights report

Taking these three actions immediately — investing in both cyber liability insurance and cybersecurity, investing in a trusted consulting firm, and getting people emotionally invested in cybersecurity training — will not prevent the next breach. However, these actions make it exponentially more expensive for criminals to breach your organization and are the socially responsible course of action to protect both your organization’s reputation and the public.