Cybersecurity is one of the world’s fastest changing industries, and the ability to anticipate what the future holds is critical to the success of any company working to prevent the types of massive breaches we continue to read about in the headlines, including the recent Marriott and Quora debacles.
It is an industry uniquely driven by innovation, as both cybercriminals and enterprise cybersecurity experts strive to create or identify the next major development that will give them a leg up over the other. In that way, predicting what comes next within the cybersecurity field provides an interesting lens on today’s threat landscape, even as it gives us a glimpse of the future.
This week, a group of Sectigo leaders sat down to discuss the future of the industry and Sectigo’s place within it. CEO Bill Holtz, Senior Vice President of Enterprise Sales Jennifer Binet, and Senior Fellow Tim Callan ruminate on some of 2018’s most important developments and predict how the industry will respond in the coming year.
The Digital Certificate Field Will Continue to Evolve
Tim Callan, Sectigo Senior Fellow: The future of digital certificates is a topic for serious consideration as we move into 2019. With free Domain Validation (DV) SSL certificates now available, phishing attacks using certificates have risen exponentially as fraudsters can now display their counterfeit sites as “secure,” in hopes that victims will think the website is safe.
But a browser’s definition of “secure” is not the same as the common definition of “safe.” By placing an identifier of the site operator’s genuine identity in the interface of the browser, Extended Validation (EV) SSL complicates the phisher’s tasks considerably and allows users to spot the difference between one that is real vs. a fake. As a result, next year we will continue to see businesses up their levels of both consumer protection and confidence online by implementing EV certificates.
Bill Holtz, Sectigo CEO: I agree. Digital certificates will evolve, fueled by automation and innovation. At the end of the day, security will remain a layered solution, with digital certificates serving as one important layer. There is no silver bullet, but user safety, education and authenticity guarantees will go a long way towards protecting users on the web.
S/MIME Will Become a Standard Email Security Tool
Jennifer Binet, Sectigo SVP of Enterprise Sales: With the rise of business email compromise (BEC) and phishing scams, the need for enterprises to protect their data and defend their organizations from email attacks will only grow. In fact, the FBI reports that identified global exposed losses have increased 136 percent between December 2016 and May 2018.
IT teams will look to S/MIME to digitally sign and encrypt emails, guaranteeing the sender of the email and ensuring email data integrity. Zero-touch deployment and intuitive user functionality will make it easier than ever for enterprises to leverage S/MIME to protect critical email information.
Holtz: Private, public, and S/MIME certificates, driven by their proven importance to both organizations and users, will become the norm. This means that enterprises will look to manage the lifecycles of all of their certificates from one pane of glass, and that the industry must work to quickly identify and remove from service certificates used for nefarious purposes.
Binet: It’s going to become a necessity for businesses — if it isn’t already. As enterprises deploy more non-windows machines and devices (Android, iOS, etc.), it is increasingly hard to rely on just Microsoft CA to secure the entire network. With the growth of connected devices and mobile workers, ‘free’ or bundled PKI solutions are not always able to adequately secure an organization or deliver the required flexibility.
I agree with Bill 100 percent. To meet the rise in connectivity, organizations need one pane of glass for both Public SSL/ S/MIME certificates and Private CA. Businesses needing an agile management framework will adopt trusted, mutual-authentication solutions for all IoT devices and networks, so that they can securely build out and scale their ecosystems and manage the device lifecycles.
The Threat Landscape Will Continue to Evolve
Holtz: Ransomware, data breaches, and email impersonation will continue to grow in 2019 — it’s just the world we live in today. I don’t envision we will see new types of attacks in 2019, but threats will be more severe in nature.
Callan: Combatting those threats will require a proactive approach, and the systems in place to protect against them will need to evolve as well. IT systems will need to employ both legacy and new encryption methods in a seamless way to mitigate the risk associated with sudden changes in encryption requirements. According to the NIST guidelines maintaining crypto-agility is imperative to enterprises preparing for the quantum computing era.
Next week: Sectigo leaders look ahead at the future of Internet of Things (IoT) security.