Organisations will move from zero trust to digital trust cybersecurity models, enabling companies to create digital fingerprints of their employees, improving access to data and applications, and preparing for more mature cyberattack approaches, says information and communication technology multinational Dimension Data cybersecurity group executive Matthew Gyde.

The increasing sophistication of attacks and the emergence of insider threats during the past year prompted information technology (IT) teams to adopt a zero trust approach. However, verifying the identity of anyone inside or outside the network trying to connect to systems or access data before granting access proved difficult to roll out – especially for organisations with legacy networks – and often was an impediment to employee productivity and customer engagement.

“Digital trust will emerge as the next security model. Zero trust laid the foundations for digital trust by enabling IT teams to build a ‘digital fingerprint’ of their users. They established a comprehensive behavioural profile for each user, which includes information, such as the devices they use and their location, thereby granting a user access to applications and systems, provided they remain consistent with their profile.”

Additionally, digital trust involves the deployment of different tools, such as deception technologies, and robo-hunters, which are, essentially, automated threat seekers. If information regarding a genuine or decoy user is being used on the Dark Web, organisations will be notified that they have been breached.

They can then immediately erase the breached digital identities and – through their backup and recovery systems – reinstate the known, accurate version of the user’s digital fingerprint.

Secure-by-design digital projects are the norm and are achieved through cybersecurity-conscious decisions at every point in development and deployment.

“Developers and security operations teams are working more closely together – as a DevSecOps team – creating the tools that allow for secure digital transformation. Additionally, cybersecurity is increasingly being seen as an enabler of the business and we expect to see closer collaboration between cybersecurity and all levels of an organisation,” says Gyde.

To meet the need to prevent, rapidly identify and contain attacks, machine learning will play a critical role in gathering intelligence. Machines will also start making more decisions on their own and execute changes based on intelligence to minimise the threat of attacks and human error.

An organisation’s repository of digital identities represents a gold mine of opportunity for cybercriminals, so the security surrounding that repository needs to be rigorous, he adds.

“Compliance pressure on organisations has grown in the past year, with the introduction of legislation such as the General Data Protection Regulation, in Europe, and the Notifiable Data Breach scheme, in Australia. Standards groups, industries and governments are constantly implementing new security policies.”

Therefore, Dimension Data expects to see governance and compliance playing an increasingly important role in how organisations manage their risk profile in 2019.

Organisations, many of which have limited IT and security resources, need to find a way of adapting to ensure that IT operations comply with these new regulations and manage compliance reporting while maintaining day-to-day operations and supporting the business using secure digital transformation and innovation.

Companies will be more critical in their decision-making process when deploying a new application or technology, as they must consider the additional risk it might add and how it will affect their risk posture.

These competing pressures are expected to result in the role of the chief information security officer being split into that of the chief information security officer and the chief risk officer.