Today, we present new 2021 Cyber Predictions from Dr. Mike Lloyd, Chief Technology Officer of RedSeal.
It’s hard to conceptualize, but we only just started 2021. Given how much has already occurred, both carrying over from 2020 and fresh challenges, it can prove easy to forget that the year is still young. There’s plenty of time yet to change course on your business’ cybersecurity and respond to predictions.
As such, we wanted to share these 2021 predictions on enterprise cybersecurity from Dr. Mike Lloyd, Chief Technology Officer of RedSeal. These predictions were submitted as part of our first annual Cybersecurity Insight Jam.
2021 Cyber Predictions By Dr. Mike Lloyd, Chief Technology Officer, RedSeal
1. The Next “Big Thing” in Security
The next “big thing” in security is to take something away, not add another widget. Most security teams have more technology stacked up than they can operate to get the intended benefits. Simplification is never easy – ask any poet. Still, we have to reduce the skill level required to drive our ever-expanding attack surface and corresponding technology chain.
It’s typical for organizations to have somewhere between 15 and 50 different security technologies, and enough staff to be expert in about 5 of them. This means the other choices either need to be integrated via automation, so they can be driven from the products your teams can handle or need to be eliminated.
Of course, it’s not a good thing to drop a defense that you decided you needed in the past. The good news is automation is improving, and vendors are willing to help since nobody wins if we drop our defensive posture due to the inability to drive all this complex technology.
2. What are some of the key security lessons learned from 2020?
Tool sprawl is a serious problem – we have to reduce the complexity of our technology stacks, making smart choices about which approaches are truly essential. In too many real breaches, there was a sensor in place, and it detected an anomaly, but the anomaly was buried inside an avalanche of other anomalies, none of them serious.
Organizations don’t buy tools they don’t need – we all have strong procedures to prevent unnecessary purchases. However, none of those controls can help you when you have too many alerts from too many products, without a good way to prioritize and put all the information in the context of your own network. Relevant prioritization of facts is the key missing piece in most organizations.
3. How businesses can prepare for 2021?
Ask what is truly essential, so that you can focus. A good model is known as the OODA Loop – it stands for Observe, Orient, Decide, then Act. We have a lot of “Observe” technology – many sensors. Most companies have invested heavily in Decide (using SIEM) and are in the early stages of automating Act (using SOAR). The big gap to address in 2021 is Orient – taking all the raw facts, and relating them to your specific business situation, so you understand what is relevant or critical, and what is low priority.
- The Best SOAR Tools and Vendors to Consider in 2023 - November 26, 2022
- The 10 Best Open Source SIEM Tools for Businesses - October 13, 2022
- The Best Managed Detection and Response Vendors to Consider in 2023 - October 2, 2022