There’s kind of three main new emerging focuses. I would say one is reconnaissance, and this basically means are you familiar with how you look from an adversary’s perspective.
Frankly this is an emerging area that organisations need to take from governments, who’ve been working with this sort of thing for a long time: understand your adversary, know what they see about you, know what makes them attractive or what makes you attractive to them, and use that information to make better decisions about where to invest in security technologies and controls.
The next is simulation. The reality is it’s not a question of if you will be hacked or breached, but when, because every organisation is a target, because every organisation represents an opportunity for a cybercriminal to achieve their goals. Then every organisation needs to practise for that day because that day will come.
How will the board react? Will they come together? What will the CEO say? Do they already have pre-scripted responses to media and to external parties and in order to respond quickly while they’re able to get a sense of what’s happening to them, why it’s happening, and how to limit the effect? The more you practice the better you get, and those organisations that prepare through simulation and simulating the attack on their organisation are going to fare well in response and limit the impact. They won’t be able to bring the impact to zero, but they will certainly limit the damage that’s done during a cybersecurity event.
The third general area is digital identity. We’ve heard a lot in the cybersecurity industry and talked a lot about something we call identity management. Effectively can I identify who is accessing my systems, what they have access to, and what they’re doing while they’re on my systems. Now that is shifting to devices with the advent of internet of things and more devices being connected every day, those have an identity and those are often vulnerable points for a cybercriminal. If I can take over a simple device on a network, that might be enough for me to then launch my attack rather than just a user account, your personal account, or your ID and password, for example.