2020 Cyber Security Predictions from a CISO
2020 is here and hopefully, all security teams have resolutions of improving the cybersecurity of their business in the new year. But what new challenges and developments will 2020 bring that you need to be prepared for?
How cybersecurity will change in the next 10 years
Fewer passwords: In the next few years we will see the adoption of more non-password-based consumer authentication technologies (e.g. FIDO). Consumers and tech companies are increasing the pressure to move to systems that require fewer passwords. Technologies like single sign-on (SSO) and multifactor authentication (MFA) can help users authenticate users without requiring them to remember passwords.
Biometrics: There’s going to be more movement towards leveraging rich biometrics for convenience (e.g. Iris scans). These rich biometrics will leverage significantly more and better sensors (iris scanning, body posture, etc.) in consumer/end user-facing devices.
Machine learning: Advanced machine learning models will allow for better context-based authentication assessments and improve the authentication process, like geofencing and device biometric sensors. Some of those models and technologies are already available. For example, MFA solutions can do geofencing based on GPS. Advanced sensors on mobile devices will also be usable over the next several years.
The key to implementation is back-office instrumentation – there’s machine learning that needs to take place to understand normal vs. anomalous behavior and that takes time.
Security breaches and passwords
According to the Verizon Data Breach Investigations Report, 80% of breaches are still caused or enabled by weak and reused passwords. So the question remains: when will consumers and end-users improve their password behavior?
This really comes down to two questions: 1) When will it be harder for breaches to occur so fewer passwords are exposed? and 2) When will users use better and stronger passwords?
In terms of reducing breaches, this will be a long journey that requires enterprises to incentivize good security practices such as secure development over glitzy features. Over time, insecure services will have a higher likelihood of failing due to falling customer trust. This has started (e.g. scrutiny over Facebook’s data losses) but will still take more time to become considered a top tier risk for enterprises.
In terms of better passwords, this is all driven by consumer awareness. Newer authentication technologies will continue to whittle away at password-based systems, which may alleviate parts of this problem. But companies dealing with sensitive data (fintech, healthcare, etc.), they will also start enforcing more complex password policies to lower their risk.
Biggest identity and access management challenges/ trends in 2020
All companies will face different challenges depending on their size and their sector. However, all companies face the challenge of security awareness among employees, contractors, and customers. And without the support from all users, technological efforts will not be fully effective.
To help with this effort, here are a few recommendations:
Multi-directional communication is extremely important in a security program, meaning working from the top-down, bottom-up, and side-to-side to get your message across. Reinforcement of best security practices should come from an employee’s manager, peers, c-suite and more. And yes, it’s true. Security is everyone’s responsibility.
People learn differently – some are more receptive to visual guides or written instructions while others may want a hands-on lesson. Also, the content can vary depending on your audience. Some may like content that is funny, serious or provides historical background. Whatever you choose, providing consistent communication is the key to a strong awareness program. Part of our focus is to make sure we are delivering our security training and materials in a variety of channels. We’ve also included employees in everything from video creations and contests – and it gets them involved and excited about it too.
When it comes to high-tech industries like those in the finance or healthcare industries, the key is to establish and maintain control over BYOD and Bring-Your-Own-App policies and mentality without impacting employee productivity.
I’m excited to see where this new decade takes us. Leave a comment below with your predictions for 2020.
By Gerald Beuchelt LastPass blogs
Owning Your Digital Profile by Setting Up LastPass
October is the perfect time to take stock of your cyber security. Every year, worldwide efforts like NCSAM in the US, ECSM in the EU, and Stay Smart Online in Australia aim to raise awareness of important cybersecurity topics. Throughout the month, there are many resources available to help you better protect yourself online.
Whether you’re new to LastPass or a long-time user, this month is also an ideal time to review your LastPass account. The first step to staying safe online is understanding the devices and applications you use every day. When it comes to LastPass, that means understanding how best to use the service and the security features that are available to you, to both protect your account and to use LastPass to its full potential in keeping you safe online.
Start Using a Password Manager
If you aren’t using a password manager yet, you can sign up for LastPass here. Getting started only takes a few steps, and you’ll be on your way to protecting your passwords and replacing every account with a strong, generated password.
With LastPass, your passwords and other vault data is encrypted with a key that only you know. It’s more secure and accessible than your browser password manager and gives you on safe place to store not only your account logins, but all other important pieces of information you want to keep protected but convenient.
Use the LastPass Browser Extension
The LastPass browser extension is key to using LastPass to its full potential. The browser extension is what allows LastPass to securely detect whether to save a new password or fill one you’ve already stored. If you’re signing up for a new account, LastPass can offer to generate a new password (and then remember it for you, of course).
If you haven’t already, be sure to download the extension to all browsers that you use on a regular basis, including Firefox, Chrome, Safari, or Edge. The extension will give you quick access to all LastPass features, including your vault, and puts your password manager to work for you.
Create a Strong Master Password
Your master password is not only required to access your LastPass account, it also forms part of your encryption key. Your encryption key is used to encrypt the sensitive data in your LastPass vault, before it’s synced to LastPass servers. Of course, that means that keeping your data secure partially depends on choosing a strong master password.
Be sure to follow good habits when it comes to your master password – never reuse your master password, or share it with others, or use something easily guessable. If you think your current master password could be stronger, simply update it in your account settings. It’s a good idea to update it regularly anyway, such as once a year.
Download the Mobile App(s)
LastPass isn’t just for your desktop or laptop. Our apps for iOS and Android ensure you always have your passwords and other stored data with you, no matter where you are or when you need them. You might be surprised how often you might need to use LastPass when you’re on the go. The apps are free – and sync your data for free – so there’s no reason not to go download them from the app stores today!
Investigate LastPass Features
Of course, the tips we’ve provided above are just the beginning. LastPass has a lot of features and settings to help you better protect your data online, and to better secure your LastPass account. Be sure to familiarize yourself with how the main features work. Take a few moments to explore the menus and settings available in your browser extension, mobile apps, and the vault.
As you become more familiar with LastPass, you’ll feel more confident in using it! And with that confidence will come the peace of mind of knowing you’re following the advice of top cybersecurity experts and better protecting yourself – your data, your money, your identity – with a password manager.
By: Amber Steel, LastPass Blogs