Please click here for the original article in FinTech Magazine.
By Peter Carlisle
Peter Carlisle, Vice President at Entrust Security, shares five predictions that will impact and force the fintech space to re-evaluate and improve their cybersecurity in the new year – including a decreasing hype around blockchain, the impact of IoT device vulnerabilities and an increase in multi-cloud environments.
Finding that sweet spot between ‘too little’ and ‘too much’ security
In 2020 cybersecurity will inevitably become a global priority due to a rise in threats and a heightened sense of vulnerability when it comes to unauthorised access to confidential data. As criminals become more organised, they will continue to take advantage of human error and the struggle businesses face in trying to find a balance between ‘just enough’ and ‘too much’ security to commit attacks. In this context, and in order to best protect themselves in the new year, enterprises must take action and improve their systems to avoid being compromised – especially those involved in financial services as they manage vast amounts of sensitive information. The following five predictions provide focus on where improvements can be made and what must be considered to reinforce security systems:
Increase in multi-cloud and multi-deployment environments to protect data:
There will be more of a focus on technologies that cater to on-premises, private, and public cloud environments. We can attribute this to the ‘boomerang effect’. Just a couple years ago many organizations were planning to go 100% public cloud and, in some cases, moved a number of their applications there. However, many others discovered that in some instances the public cloud did not meet their needs – due to security issues, having to re-write applications, etc. – so the apps “boomeranged” back on-premises. Having undergone this process, organizations are now increasingly choosing to embrace multi-cloud, multi-deployment environments. They’re deploying applications because they offer the best technology, and because they’re secure – regardless of whether or not they’re on-premises or in the cloud.
Rise in business applications that mimic cloud environments.
Even if they technically don’t fall under the public cloud umbrella, organizations will build infrastructures and architect in a way that allows them to stretch and expand applications and turn on and turn off workloads. These environments will look strikingly similar to the public cloud but will be built on-premises or in a “private cloud”.
Increasing impact of IoT device vulnerabilities.
Enterprises will struggle to effectively prioritize IoT security mechanisms in accordance with their threat environment due to lack of up-front involvement of security teams in IoT projects, and not having an IoT architect in place. According to the 2019 Global PKI and IoT Trends Study by Entrust Security and the Ponemon Institute, despite IoT being one of the fastest growing trends in technology today enterprises are leaving themselves vulnerable to dangerous cyberattacks by failing to prioritize PKI (Public Key Infrastructure) security. This research also revealed that the two biggest concerns IT professionals have when it comes to IoT security threats are an unauthorised third party altering the function of their devices through malware or other attacks (68%) and being able to control the device remotely (54%). Despite a growing number of options for PKI deployment (cloud, managed and hosted), internal corporate Certificate Authorities (CAs) remain the most popular and have grown 19% over the past five years to 63% – with 80% of financial services organisations favouring this option.
AI tools will help analyse and make sense of data collected with IoT devices.
In 2020 we will see the first wave of leaders in the ‘AI for IoT’ space. However, cyber criminals will also leverage artificial intelligence (AI) and machine learning (ML) to find exploits on systems which will lead to prolific and public data security breaches. AI and ML are powerful tools for data crunching and therefore we should expect to see the development of exploit tools that are based on these. We also know that both systems can be defeated or biased to give anomalous results. Additionally, most of the data being used for AI and ML is not normally under the control of a single body. There are multiple sources and owners, so preserving the integrity of data used to train intelligent systems is not an easy problem to solve and attackers can easily exploit this loophole.
Decreasing hype around blockchain technology.
In 2020 both consumers and businesses will come to understand blockchain is not a financial panacea. However, keeping this technology secure still entails relying on security best practices, which include secure key management and correct use of cryptography. Concurrently, we will begin to see a focus on quality over quantity – blockchain applications will become more meaningful due to a better understanding of the limitations of the system and where real benefits may be derived.
Organisations need security and privacy controls but must also be mindful as to not drive consumers away. In 2020 the challenge will still be finding that sweet spot between ‘too little’ and ‘too much’ security, and those that are on the lesser side will find themselves at great risk of suffering attacks.