Forcepoint: Future Insights 2021

Chatkul Sopanangkul, regional manager, Forcepoint Thailand and Indochina
Chatkul Sopanangkul, regional manager, Forcepoint Thailand and Indochina

Chaotic and unpredictable are the words that describe 2020 most accurately. As workers moved from onsite to remote, IT security and corporate leadership was forced to accurate their digital transformation, and, as well all became more reliant on technology across work, school, and entertainment, cybersecurity threats increased exponentially.


In 2021, Forcepoint believes we will start to realise exactly how much intellectual property was stolen by external attackers and malicious insiders during the 2020 remote working shift with the implications it had on ways-of-working, maintaining infrastructure security and continuing to protect data everywhere. Forcepoint Future Insights offers four separate points of view on the trends, and events we believe the cybersecurity industry will need to deal with in 2021.


Cybersecurity being a Business Differentiator


In 2020, it seems that the future rushed right at us, startling us and shaking us all up. As we have all moved to remote working, Cloud deployment is a necessity. Digital transformation has happened; and where it hasn’t, it needs to.


All of these macro factors has led to the conclusion that cybersecurity is now a business differentiator, and it needs a category disruptor. Cybersecurity has become the enabling engine that permits businesses to accelerate their pivot to the cloud and take advantage of the speed, scale and resilience of digital transformation.


When Gartner first introduced SASE as a concept in 2019, their first report indicated that the market would not be ready or would not move to this model for between three and five years. Only 40 percent of companies will move to the model by 2024. But a combination of existing market forces in shifting to the cloud, plus the new blueprint of remote working forced upon us, means we’re facing a faster defragmentation of the market and an emergence of the “security platform” as the tool of choice.


Cybersecurity grows in importance at the board level, thus driving demand for security cloud platforms. Boards of directors seek out differentiation and innovation for their businesses, speedy solutions and cost savings: all of which will deliver pressure for security in the cloud, and thus a need for a cloud platform security solution.


These changing demands at the top will deliver metamorphosis within the cybersecurity industry. The need for a converged, digital, cloud-delivered platform means we’ll see the emergence of the “Zoom of Security.”


Any serious category disruptor must be more deeply integrated into the public cloud ecosystem. Currently, developers are using security as a tool, but having to shoehorn in applications and functions not necessarily designed as cloud-native. Security will move to the left for the developer, and will become easily deployable and fully integrated.


This integration will result in security becoming so ingrained in applications and platforms that people will no longer realize they are being “secured.” Forrester is predicting that Zero Trust architectures will grow 200% in 2021. Once we emerge out the other side of this shift, security will be a cloud commodity, and the combination of technology plus data will give IT leaders true visibility of how and where data is moving through an organization.


It is this visibility of data which is the game changer. It’s not about monitoring in terms of keeping tabs on people’s actions, or invading their privacy: it’s about giving data analysts and business leaders a clear line of sight over data and its movements. Behavioral analytics gives us the telemetry we need to make intelligent, risk-based decisions on the fly, without intruding on either people’s privacy or their workflows.


Balancing Machine Learning and Human Insight in Cybersecurity


In 2021, Forcepoint believes that machine learning and analytics will fall under tighter scrutiny, as trust in their unbiased nature and fairness as well as ethical boundaries will be questioned.


A number of cybersecurity systems use machine learning to make decisions about whether an action is appropriate (of low risk) for a given user or system. These machine learning systems must be trained on large enough quantities of data and they have to be carefully assessed for bias and accuracy.


To build cyber systems that help identify risky users and prevent damaging actions, the data we analyze comes for the most part from looking at a user’s activities. It’s worth saying upfront that user activity monitoring must be done appropriately, and with people’s privacy and the appropriate ethical guidelines in place. Understanding how people adapt to, respond to, and inform their environments is critical for organisations, the need to build behavioural understanding into cybersecurity systems and designing security for the human element.


In 2021, Forcepoint expects further applications to fail due to inherent bias, and a lack of expert oversight and control of the algorithms. Not the least problem being that the majority of supervised machine learning algorithms act as a blackbox, making verification either impossible or incredibly hard.


This doesn’t mean that all machine learning algorithms are doomed to failure. The good news is that bias is now being discussed and considered in open groups, alongside the efficacy of algorithms. Forcepoint hopes that we will continue to develop explainable algorithms that model expert input. The future of machine learning is bright; the application of algorithms in smart ways is only bounded by our imagination.


The Biggest Threats from Where you Least Expect


In 2021, we’re going to see threats emerge from unexpected places, and sometimes the call will be coming from inside the house.


In 2021, it's expected to see organized cells of recruitment infiltrators offering specifically targeted means for bad actors to become trusted employees, with the goal of exfiltrating priceless IP. These “bad actors,” literally, will become deep undercover agents who fly through the interview process and pass all the hurdles your HR and security teams have in place to stop them.


According to McKinsey, synthetic ID fraud is the fastest- growing type of financial crime in the United States and is spreading to other geographies. Synthetic fraudsters use real and fake credentials to build a phony profile good enough to apply for credit. Although the applications are normally rejected by the credit bureau, having a file is enough to set up accounts and start building a “real” credit history to apply for bank accounts, credit cards and loans. It’s almost impossible to tell a real identity from a synth, and since there’s no individual person whose ID is stolen, the real victims are the businesses left with no way to recover their losses


You would think that modern technologies such as machine learning (ML) could easily identify this kind of fraud. The issue is finding the data set to train the ML: how do you show it how to identify a fake persona when they’re almost indistinguishable from real people?


The answer is to dig deeper to establish identity with third party data feeds that show a consistent history or a face-to- face identification of a passport or driving license. Over time, businesses can build a checklist of inconsistencies commonly found in synthetic identities and use this to train an algorithm to automatically flag suspect files for action.


Where is your Data? You’ll Find Out In 2021


In 2021, data visibility and the management of data protection is the most important cybersecurity imperative for enterprises


As part of this, we must address the elephant in the room. Data loss is damaging to business, and in order to stop that loss, we need to know exactly where our data is, on a minute- by-minute basis. That means we must introduce real-time (or near real-time!) user activity monitoring. We should be monitoring to prevent data loss: not productivity tracking. Transparency in the roll- out of these solutions and the careful consideration of user privacy should be at the heart of any user activity monitoring solutions.


The fact that we have shifted to remote working so quickly, and relatively smoothly, may mean that we have no need to go back to a structured perimeter. But we will need to move quickly toward user activity monitoring—an approach that relies on analytics to understand data access patterns and indicators of Behavior (IoB) that can indicate levels of risk.


Without visibility of data in this way we cannot scale and understand how to work productively, flexibly and securely. Through the combination of behavioral analytics and IoBs to form the foundation of dynamic risk assessment, we can achieve visibility. Data usage must be examined and understood in context, and data loss prevention policies applied adaptively, and dynamically. If we can create cybersecurity technologies which build upon machine learning and analytics to measure and understand data movements in quasi real-time, we can avoid the upcoming dawn of disappointment on the horizon.


As the “new normal” becomes “just normal”, leaders must get the basics right: revisit their policies and processes, validate their posture and risk appetite, and avoid assumptions that all is well just because they haven’t seen an incident yet. Longer term, cloud-native solutions with a deep understanding of users’ behavior will deliver permanent solutions, rather than stopgaps when it comes to protecting data and intellectual property.