As we sit facing the security prospects of 2019, and without the early on set trend of 2018’s CPU bugs, the following 3 items come to mind as primary indicators as to how 2019 is going to play out.
The challenges faced by identity in recent months and years is visible through multiple attack vendors including plain old email access to advanced phishing campaigns which can cost companies huge amounts of money. The growth of Identity Access Management features including multifactor authentication (MFA), privileged account management (PAM) and Just In Time (JIT) access help with these challenges, and are further bolstered through the use of Identity based threat protection services and incident management solutions. In a cloud-based environment where identity provides a large portion of the perimeter based security of a system, these solutions will become a key component of securing systems and the data within.
Privacy – Data Access V Data Breaches
Data breaches dominated the landscape in the second half of 2018, and whilst the use of personal data remains a trade-off between privacy and security, the introduction of the Assistance and Access Bill will undoubtedly ignite the topic to unprecedented levels. The Interception and Access Act in 2015 may not be familiar to everyone, but its better known name of the ‘Metadata act’ should be. The Assistance and Access Bill has (at least in its current form) all the trademarks of slowly boiling the frog (more about that anecdote, and its impact to civil cases, at Electronic Frontiers Australia - https://www.efa.org.au/privacy/metadata-civil/ ). The challenges imposed by encryption to law enforcement is real, however the access it provides is open to mis-use, and without proper legislation it is entirely possible that it will enable access by a number of groups that should not typically require the access to information being sought. A recent public request under the Freedom of Information Act has shown the extent of access to data permitted through the Interception and Access Act, and this should serve as a warning as to the potential implications of an improperly implemented Assistance and Access Act.
Things and Bots
The exponential growth of IoT devices and bots will continue to challenge the security of user information and personal data, potentially to the point where bots will chat with other bots to organise our lives. The security of these solutions, including the data these systems access but also the behaviours associated with this information, will present a huge challenge between some of the largest digital advertising platforms in the world (Google, Facebook and Amazon) and their users. On top of this is the combined processing power of these solutions when used in a malicious botnet, and the potential for large-scale disruption-based attacks. This only services to exacerbate data privacy challenges and existing perimeter security challenges in a modern world, and will no doubt become an increasing discussion point as rollout of online assistants, smart lights, and fitness trackers, and the intelligence behind them continue to evolve.
- Cameron Reeves, Solutions Architect