In this article
Multi-Factor Authentication will become standard—and much more intelligent
While multi-factor authentication (MFA) isn’t necessarily an emerging technology, the market for this technology is growing. Thanks to the increasing uptake of cloud computing, more and more businesses are seeing the need for this technology.
But while enabling better working environments for both in-house and remote employees, our cyber attack surfaces are also increasing. As such, it’s not enough for businesses to just set up MFA piecemeal.
MFA should be a key pillar of your business’ cyber security
Stringent MFA protocols are crucial in improving cybersecurity in 2022 and protecting your business’ sensitive data—but they only work if they’re implemented in the right way.
MFA adds that crucial extra layer of security to what should already be a strong line of defence. It allows businesses to better protect data and systems, and deliver stricter access controls; not just to business-critical platforms and networks, but everyday email accounts and for daily business logins.
In a high-profile example, US President Joe Biden signed an executive order in May 2022 requiring US federal agencies to implement MFA practices to boost national security.
Security controls for businesses of all sizes
It’s not just the government agencies or international business juggernauts however, that should be looking to adopt MFA. It’s the small-to-medium businesses—the ones that might think they’re small enough to fly under the radar, when compared to governments—who need to capitalise on this growing security approach to safeguard data.
SMBs are increasingly becoming the target of cyber incidents. A report issued by Barracuda found that SMBs are three times more likely to be the target of a cyber attack rather than a larger company—and yet they’re the ones who are lagging behind in the adoption of MFA.
So as these attacks continue to increase, and we see higher-profile adoption of MFA technology, we’ll likely see a raft of new MFA policies come into action for businesses all over the globe.
Passwordless security may become big business
Another emerging information security approach we’ve seen in recent years is passwordless security. It may sound counterintuitive in our security-conscious landscape, but the simple logic behind it is surprisingly sound: if you don’t have a password, it can’t be stolen or spoofed. Eliminating password authentication reduces attack vectors removing the opportunity for password input.
So instead of supplying a password to log in to an application or device, the user provides an alternative source of identification. It could be using fingerprint identification, facial recognition, voice recognition, or a USB key that’s used to confirm a user’s identity. It’s an access management technology that’s seeing growing penetration in mobile devices, such as smartphones and laptops, or as a sign-on option for physical office locations.
A more secure form of authentication
When it comes to passwordless security, also known as zero trust security, you may already have used it. Just look at the prevalence of Apple’s Face ID, or Windows Hello. These biometrics-based technologies can be found in laptops utilising Windows 10 and above, and required a fingerprint, iris scan, or user facial recognition as an alternative to passwords.
Also known as Fast Identity Online, FIDO, or zero trust model, this data security approach was designed as a way to remove the need for passwords from cloud applications.
It’s one of the emerging technologies that may not be that new
Passwordless authentication isn’t necessarily a new concept—but its adoption is. The FIDO Alliance, an open industry association, was founded in 2013 to develop and promote better authentication standards. And since then, the FIDO Alliance has since developed FIDO Authentication, an authentication system based on their free and open standards.
FIDO Authentication works by utilising standard public key cryptography techniques. Authentication is required by pairing the public key with a private key, held in an external device. This is activated by a simple gesture, such as speaking into a microphone, providing a fingerprint, inserting a second-factor device—or simply by pressing a button to authenticate the login action. This allows for one device to work across multiple services.
So in 2022 and beyond we may well see a decline in the need for multiple passwords, with businesses leveraging a multi-step authentication process that eliminates old-fashioned passwords, replacing them with passwordless physical identification portals—and thereby improving their data protection and security posture significantly.
Mobile cybersecurity will improve
Since the large-scale, meteoric rise of working from home that COVID-19 initiated, businesses have been adapting their technologies to this new way of working, while (sometimes begrudgingly) enjoying the benefits and flexibility that these new setups have delivered for their teams.
And despite what some companies may try and implement, according to Gartner it’s predicted that by the end of 2023 40% of businesses will combine both office-based and work-from-anywhere operations.
But this good news for working flexibility significantly increases the attack surface for cyber threats. As such, to truly take advantage of this framework and optimise data privacy, companies need to take a completely new approach to their enterprise security, information security policies and protocols, user behavior, and the tools required to support this increasingly distributed way of working.
More distribution means more cyber attacks
A report co-authored by Splunk and The Enterprise Strategy Group, the State of Security 2022, has only confirmed what we’re all thinking: the rise in emerging technologies and increase in cloud access provides more vulnerabilities for a threat actor to exploit.
But it’s not just the nature of cloud computing and increasing speed that makes this more apparent: it’s how it’s deployed. Deploying a combination of ad-hoc cloud and on-premises technology creates far more complexity than all-encompassing cloud infrastructure, creating gaps and vulnerabilities that may not be discovered until it’s too late—or at all.
But this adoption of new ways of work leads to an opportunity. As with any newer technology, the more time and research a business invests into it, the better understanding they’ll gain of their mobile and cloud environment. And, similarly to the increased adoption of MFA and passwordless authentication, the rise in remote work will lead to vast improvements in cyber security technologies for mobile devices.
We’re more mobile than ever—and so is our critical data
Not just smartphones, laptops, or tablets, but for wearable devices and IoT-enabled technology.
Improved intelligence, and deeper security practices, will see businesses identify and deploy technologies that combine both hardware and software security measures as a way to improve their mobile device and data security further.
But creating new security system can take time. So rather than waiting it out, businesses will look for ways to add extra security layers to their information technology infrastructure.
Security consolidation becomes more prevalent
Building on this, it’s likely that we’ll see an increase in cyber security consolidation. Rather than multiple standalone systems designed to tackle specific security risks, businesses will look to defence in depth.
Hardly a new concept, businesses will start to look at engaging security vendors that can implement a broader depth of cyber defence for them.
Developing a deeper, broader security system
Rather than one company supplying a firewall, another an antivirus, and an email checker from a third, this security-as-a-service defence framework will be deployed by, managed, and charged to the one managed services provider.
This allows the business to develop a security solution that’s tailored to their specific needs, rather than relying on off-the-shelf options that have the potential to leave cracks in their armour.
Best-in-breed technologies don’t work if you don’t use them properly
Security consolidation delivers a simpler prospect than managing one’s own cyber security.
While a business can go and individually buy best-in-breed cybersecurity tools, without a strong integration plan or comprehensive strategy these tools won’t be utilised to their full effect.
Vulnerabilities will form in their security posture, users will become complacent, and these expensive tools won’t live up to their potential—or worse, will allow a data breach to occur, regardless of reputation and price tag.
Seeing the value in external security practitioners
For a multi-level system to truly work, a business’ IT security needs to start with a robust strategy. Designed according to the needs of the business, consolidation of security tools, platforms, and services delivers a more robust security posture for a business.
It works to:
- Improve the efficiency of their defence systems;
- Optimise their budget while reducing overall spend;
- Provide end-to-end visibility of their networks; and
- Ensure that the solution is managed by an expert security team, rather than run in-house by the on-premises IT team.
Cybersecurity Mesh Architecture gains traction
Where security consolidation brings a business’ cyber security together under one provider, a cybersecurity mesh architecture (CSMA) solution sees different security platforms, managed by different vendors, working together to bridge any gaps.
Building a safer internet
The idea behind this solution is to bring the security world closer together and combat the increasingly insidious nature of cyber threats and risks. Rather than allowing security vendors to continue working in siloes, CSMA enables different vendors to work together to achieve distinct security goals.
While not a clearly-defined platform, as such, it’s more of a framework, similar to a business adopting the Essential 8.
CSMA could revolutionise cyber security
CSMA is a solution that was inspired by Gartner, who predict that, by 2024, businesses adopting a CSMA to integrate their security tools will be able to reduce the financial impact of individual security incidents by up to 90%.
It’s a very strong statement—but one that could have a momentous impact for cyber security for small-to-medium businesses.
Gartner have identified four foundational levels of CSMA:
- Consolidated management of a company’s security policy and posture.
- Distributed identity fabric.
- A consolidated dashboard.
- Security analytics and intelligence.
The aim is to create a safer cloud
Designed to make cyber security a more collaborative approach, CSMA is suited to the ongoing shift towards multi-cloud environments. It empowers an organisation to combine security architectures, with peace of mind that they’re not opening themselves up to the same security threats typically associated with multiple security platforms and vendors.
CSMA provides a framework in which discrete security solutions can be designed and deployed to work together for common goals—and for the common good.
An increase in AI use across the board
As technology evolves, artificial intelligence and machine learning is getting smarter. And, as this emerging technology progresses, it will soon become a useful addition to a company’s cybersecurity toolkit.
AI can sift through data far quicker and more effectively than a human ever could. It allows for faster threat identification, and is much better at detecting patterns in these vast rafts of data.
AI’s key role in security technology transformation
2022 and beyond will see the rise in businesses leveraging AI-driven security tools and deep learning to better combat cyber risks and secure their internet experience. But this isn’t designed to replace human-driven security measures—not yet, anyway—AI can be a core pillar in deploying behavioral analytics tools, and be instrumental in helping a business recover post-attack.
Moreso than a human brain, AI and machine learning algorithms can be deployed to identify attack patterns and methods, and the actions that cyber criminals take once they gain access to these systems. So instead of being used as a first-line data defence mechanism, AI will be utilised to gather intelligence and learn, enabling businesses to detect attacks faster and more accurately in the future.
AI won’t just be used for good
However, cyber attackers are capitalising on AI and machine learning too. We’re seeing an increased number of DDOS attacks, which are steadily growing year on year.
And where AI can be used to identify patterns in cyber attacks, it can also be used to analyse and identify patterns within data security programs and software, enabling threat actors to effectively tweak their threat arsenal to evade security platforms.
It’s not just the hyper-sophisticated world of hacking, either
Artificial intelligence can be used to augment even the most low-level hacking attempts. For example, where a human user can typically identify and ignore a phishing email due to its poor grammar and spelling, cybercriminals can deploy consumer-level spellcheck and grammar tools, or AI writing technology tools, to create phishing content almost indistinguishable from a human-made email. So it may not necessarily be elegant—but it will work.
The good news though is that while artificial intelligence will likely become more prevalent in the world of cybersecurity, good AI is difficult to build, typically requiring a team of trained specialists to ensure it works the way it’s designed. Luckily, this is something that’s generally not available to your everyday cybercriminals.
Cybersecurity technology continues to evolve: is your business prepared?
As we’ve said before, improved cybersecurity measures are fast becoming a business requirement, and it’s crucial that your company stays across the emerging trends and technologies in the data protection and cybersecurity world.
But simply knowing the new technologies and approaches, and associated risks, isn’t enough. Implementing a comprehensive and robust cyber security strategy—one that’s tailored to your specific networks and infrastructure—can set your business up for a secure future.
At TechBrain, we deliver smarter cyber security solutions that boost your security environment against future cybersecurity threats.
Get in touch with us today to discuss your business’ network security, and organise a free consultation to discuss how we can improve your cybersecurity solutions.