The internal security challenge, and what this means for you in 2019

CorporateSecurity Team

Sophos CISO Ross McKerchar looks forward to the next 12 months, and considers the security challenges that companies will face.

It’s the beginning of a new year, and I thought I’d take some time to look the security trends we expect to see over the next 12 months.

1. Security teams will need more development and engineering skills

Security teams used to focus on firewalls and endpoints, and many security professionals cut their teeth as system and network administrators. Nowadays, infrastructure is defined by code, breaches are increasingly caused by weak applications and automation is essential for understaffed teams.

This is changing the skillset required by security professionals, who need a deep understanding of applications and an ability to build automation into their tools and processes.

2. Organisations will increase their focus on software supply chains

These days, everyone relies a huge amount on open source libraries. These are often maintained very informally by loose-knit communities that are easy to infiltrate. This used to be the domain of nation states but the criminals are getting in on the action. Organisations will need to focus on keeping this area secured.

3. Application security will continue to grow

We are getting better at protecting endpoints, and attackers are shifting their focus. Legacy applications will continue to be a fertile hunting ground, and security and IT departments will need to keep up with this growing trend.

4. Threat hunting really will be driven by machine learning

It’s a bit of a cliché, but machine learning will no longer be something that you just buy. Tools and techniques that were previously the domain of data science experts are getting easier to use. It won’t be long before larger security operation centre teams are using the tools directly, rather than via models that are embedded in products.

5. Zero-trust starts to become achievable

Fourteen years after the Jericho Forum declared the end of the network perimeter, we are getting close to the point where many enterprises have a realistic chance of keeping their users off “trusted” networks. The tools, knowledge and technologies for achieving a true zero-trust architecture are rapidly maturing, and this year will continue to see improvements in this area.

1 Comment

Thank you for updates dear Ross , very informative data and congratulations to Sophos for leading skill sets needed for now and the future. We are very proud of our partnership between Willis College and Sophos best practices models on how Industry should work with education. All the best
Rima Aristocrat, Willis College Est. 1866

Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.