This article first appeared in Forum, The Edge Malaysia Weekly, on April 4 - April 10, 2016.

CYBER attackers have continuously changed their tactics, becoming more persistent and expanding their capabilities and skills. Consequently, cyber threats have evolved as well. Today, cyber attackers are finding new and better ways to take advantage of the rapid expansion of digitisation and the increasing connectivity of businesses. As organisations strive to understand and address cybersecurity, these are a few trends that should be on every business’ “watch list”:

Cyber threats from the interconnected world

The sophistication of cyber attacks is increasing, especially when it comes to attack routes, which are growing exponentially due to the rise of the Internet of Things (IoT). Long gone are the days of the client-server architecture and limited internet access gateways, which were relatively easy to protect, with mobile, social media, customer and supplier ecosystems. Now, with IoT, everything is connected with everything else. Previously disconnected systems — things — are now becoming internet-enabled, and “channel hopping” from one system to the next is a real threat to organisations. Approaches to cybersecurity will need to encompass the IoT. For example, the security operations centre (SOC) will need to extend its coverage to include IoT and it should be subject to security reviews and penetration testing.

Growth in digital identities

The dramatic growth in IoT means that organisations must rethink how they recognise and treat identities. Until recently, identities have all been associated with real people. To manage these traditional identities, organisations maintained directories — simple lists of staff that were used to decide who should have access to what. The same approach had been used with customers, suppliers and third parties. When “things” are in the mix, and they may be owned and governed by different entities, the “directory lookup” function no longer applies. Instead, new collaborative trust models will need to be developed to enable trust to be shared from one IoT device, which has a high degree of trust, to another. This approach will require organisations to establish robust data ownership and data protection policies.

Hyper-regulation is leading to a more complicated landscape

Hyper-regulation for all sorts of issues related to cybersecurity will make the compliance landscape even more complicated. This will not necessarily lead to better cybersecurity for many organisations, given the different regulations across jurisdictions. For example, with the demise of the (Safe Harbour) agreement between the EU and the US, it is likely that EU nations will develop separate regulation on data privacy over the next year, which will result in additional challenges for organisations covering many jurisdictions. In addition, regulations on breach reporting, checks on cybersecurity maturity and expectations of cyber exercises/incident response planning are proliferating, with little consistency across jurisdictions. The danger is that organisations will become so focused on complying with different requirements across jurisdictions that their ability to develop an overall strategic and balanced approach to cybersecurity improvements across their business will be jeopardised.

Criminal marketplace will become increasingly professional

The traditional classification of types of cyber attackers, their motivation and skill levels is quickly evolving. Skilled individuals are able to advertise and sell their services to any interested group. As a result, these attacks are becoming easier to launch, as long as there is money to pay for expertise. For example, it is easier to buy sophisticated malware from credentialed vendors; deploy the malware, with the help of bought instructions; and advertise the buying or selling of criminal services.

Due to these changes, it is more important than ever for organisations to conduct a tailored threat assessment aligned to protect their most valuable data and establish mitigation measures around vulnerabilities for access to it. In fact, all attackers — whether a 16-year-old working alone, an organised criminal network or an insider — are getting access to more ways to compromise their chosen targets.

Traditional models for defence are no longer adequate

Our increasingly connected world continuously pushes the defensive capabilities of even the most mature organisation. This is compounded by the diverse set of cyber attackers, their wide array of motivations and their continuously evolving tactics and techniques. The regular reporting of successful attacks indicates that traditional models for defence are no longer adequate. Leading organisations are looking for ways to proactively engage their highest risk adversaries and protect their most critical data assets.

 Advanced ‘active defence’ to detect and respond to advanced cyber attacks

Advanced capabilities such as “active defence” are being enabled through the use of security analytics. For example, security analytics can be used to detect deviations that are consistent with cyber attackers. Another example, behavioural analytics, has a significant advantage in “active defence”, because it can be self-learning; it does not require evidence of past malicious behaviour. A mature and integrated set of security operations capabilities — powered by data science and an analytics platform — enables the visibility, context and insight needed to detect and respond to advanced cyber attackers. Moreover, by applying “active defence” techniques and leveraging security analytics, organisations will be able to shift the paradigm from reactive to proactive.

Jason Yuen is a partner of Ernst & Young Advisory Services Sdn Bhd focusing on cybersecurity. The views expressed are his own and do not represent those of the global EY organisation or its member firms.

Save by subscribing to us for your print and/or digital copy.

P/S: The Edge is also available on Apple's AppStore and Androids' Google Play.