Getting Ready for 2020

In addition to upkeeping hygiene and employee training, here are some considerations for defenders as we close out 2019 and prepare for 2020.

  • Prevention alone is not enough. Get eyes inside of the network with an early detection infrastructure. Deception technology has been taking its place as a de facto detection security control based on its ability to slow down and derail attacks across all major attack vectors and attack surfaces
  • Use a security framework to assess security efficacy and reliability
  • Look at the MITRE ATT&CK framework to see how well attacks are addressed throughout the attack phases
  • Double-down on reducing credential risks related to theft and Active Directory harvesting. Understand lateral movement attack paths based on exposures
  • Artificial intelligence (AI) is here, and attackers are already using it to their advantage. Consider how to use AI and machine learning to understand threats better and automate operations
  • Track dwell-time, mean-time-to-respond, contain and restore operations
  • Run red team and purple team tests in addition to having ongoing controls that assess whether existing infrastructure is performing reliably
  • Update and test out incident response playbooks for all attack scenarios, including data theft, ransomware and other disruption of operations
  • Study prior attacks on your industry and review how your organization would have fared if they had been the victim
  • Validate how well security plans hold up against insiders and suppliers in addition to external adversaries
  • Check cyber insurance coverage and understand its requirements and restrictions

The odds are inherently against our information security teams, who are expected to operate flawlessly with limited resources, while protecting over 26 billion devices, with over five million applications and the more than six billion connected people behind them. The worldwide information security staffing shortage only serves to compound these challenges further. As we ramp up for the beginning of a new decade, we should learn from the attacks that have come before us. We should also actively seek out and embrace smarter technologies that improve our ability to detect threats early and that leverage the benefits of automation for responding to threats more efficiently. It’s a new decade and with it comes great opportunity to shift the tides and make 2020 the year of the defender.