1 year ago


2018 predictions THROUGH

2018 predictions THROUGH THE GLASS, DARKLY COMPUTING SECURITY ASKED THOSE IN THE KNOW TO DO SOME FUTURE-GAZING AND GIVE US THEIR TOP PREDICTIONS FOR CYBERSECURITY IN 2018. HERE'S WHAT THEY HAD TO SAY Whether it's in the run-up to a new year, or as we dance, hug and kiss while the clocks strike the midnight hour, most of us tend to wonder what the next 12 months have in store. And it isn't that different in the security world - with maybe less hugging and kissing? - where the question is all too often: "Will I be hit by a damaging attack in the months ahead?" The truth is that way too many organisations suffered a harmful event in 2017 and the prospect of even more cyber-attacks in 2018 is in the minds of most organisations. Here are the thoughts of a number of people we asked to pinpoint what the threat landscape might look like in the coming months… JOHN PESCATORE, DIRECTOR OF EMERGING SECURITY TRENDS AT THE SANS INSTITUTE Business reliance on cloud will drive increased direct attacks against cloud services. We will continue to see a rapid increase in the adoption of cloud-based Infrastructure-as-a- Service offerings for running business-critical applications on public cloud. The elasticity of cloud-based services is attractive to businesses to reduce costs and increase speed to market. While the top tier of these services is designed and managed with security in mind, the promise of cost reduction means enterprises are not investing in the skills and tools required by IT operations to safely manage the cloud. Server administrators have been understaffed and under-skilled, unable to securely administer a relatively small and constrained number of servers found in traditional data centres. Daily news stories of misconfigured cloud services are already showing how the use of cloud is exposing this risk and making cloud services attractive targets for cyberthieves. Denial of service will become as financially lucrative as identity theft. Cybercrime has represented the majority of damaging cybersecurity incidents for the past several years. Using stolen identities for new account fraud has been the major revenue driver behind breaches. However, in recent years ransomware attacks have caused as much, if not more, damage, as increased reliance on distributed applications and cloud services results in massive business damage when information, applications or systems are held hostage by attackers. The focus on 'increase staff or automate' vs 'increase skills and support' will fail to show any return on investment. There are countless media headlines touting massive underemployment in cybersecurity, when most enterprises really see a need for more effective cybersecurity staff vs just more bodies. Similarly, the latest buzzword technologies such as 'machine learning' and 'AI' have yet again been vastly overpromised as technology that will eliminate or drastically 16 computing security Jan/Feb 2018 @CSMagAndAwards

2018 predictions reduce the need for experienced and skilled cybersecurity staff. The real successes in cybersecurity have been where skills are continually upgraded, staff growth is moderate and next-generation cybersecurity tools are used to act as 'force multipliers' that enable limited staff to keep up with the speed of both threats and business demands. Consumer advances in secure use of technology will drive workplace change. Phishing attacks continue to succeed because the vast majority of Windows PC users within businesses are still using reusable passwords. However, large numbers of consumers now routinely use biometric authentication on their mobile phones and 28% of consumers are using two-factor authentication on at least one personal account. Apple and Android mobile phones and tablets include advanced technologies like application control, privilege management and encryption that are rarely enabled on work PCs. Home users are actually often safer using their own technology than they are using systems at the office! Just as users have driven businesses to adopt technologies like the Internet, Wi-Fi, smartphones etc, they will start to drive stronger forms of authentication and data protection at work. Cyber-insurance policies will not demonstrate any actual reduction in business costs from cyberattacks. The high levels of business damage due to cyberattacks has greatly increased the interest of boards of directors in managing this risk. This has driven an increase in procurement of cyberinsurance policies, as capping liability via insurance is well known to directors. However, for a variety of reasons, cyberinsurance does not bound liability in any way, and the payback very often doesn't even cover the costs of the premiums and the deductibles, if an incident does occur. BRIAN CHAPPELL, SENIOR DIRECTOR, ENTERPRISE & SOLUTION ARCHITECTURE, BEYONDTRUST The bigger they are, the harder they fall If we think the headlines shocked us with Equifax, SEC, and NSA, we will learn that large organisations have poor cyber security hygiene, are not meeting regulations, and are failing to enforce the policies they developed, recommend and enforce on others. 2018's news will have even more high-profile names and the root causes will be as shocking as the OMB breach. More end-user targeting Penetration through unpatched servers like in the case of Equifax will happen, but hackers will continue to target end users with more sophisticated phishing and targeted malware taking advantage of unpatched desktops where clients have far too many privileges. Again, don't take your eyes off the end users. Biometric hacking will take front and centre Attacks and research against biometric technology in Microsoft Hello, Surface Laptops, Samsung Galaxy Note, and Apple iPhone X will be the highest prize targets for researchers and hackers. The results will prove that these new technologies are just as susceptible to compromise as touch ID sensors, passcodes and passwords. IAM and privilege management going hand in hand IAM and privilege management adoption as a required security layer will continue. We will see more security vendors adding identity context to their product lines. Identity context in NAC and micro-segmentation technologies will increase, as organisations invest in technologies to minimise breach impact. Greater cloud security investments Vendors will begin to invest more heavily to protect cloud-specific deployments for customers migrating to the cloud. Supporting Docker/containers, DevOps use cases and enforcing secure cloud configurations are some initiatives that will be driven by customers. Chaos erupts as the GDPR grace period ends As organisations enter 2018 and realise the size of the task to become GDPR compliant by 25 May, there will be a lot of panic. This legislation seems poorly understood, which has led to many organisations tabling it for 'later' and, for many, they will wait until the first prosecution is underway before they react. The EU gave more than two years after GDPR passed into law (27 April 2016) for organisations to become GDPR compliant; there is likely to be little tolerance for noncompliant organisations that are breached after 25 May and, more than likely, some example setting. Those who completed their GDPR compliance ahead of the deadline will be right to feel smug, as they watch their competitors flail. The United States launches a cyberattack against an enemy Bombshell! Following announcements by current President Donald Trump to 'Wait and See' how the US would handle foreign enemies, the US will launch a coordinated cyberattack on Iran and North Korea rather than sending in physical troops. This 'act of war' will be launched pre-emptively as the first public internet attack from a first-world nation and will cause the near total destruction of internet resources in these countries. Increased automation in cybersecurity response The size of the cybersecurity threat continues to grow through 2018, with increasing numbers of attack vectors, combined with increased incidence of attacks via each vector (driven by commoditisation of attack tools), leading to massive increases in the volume of data being processed by cybersecurity teams. This demands improvement in the automation of responses in cybersecurity tools to do much of the heavy lifting, thereby freeing the cyber teams to focus both on the high-risk threats identified and in planning effectively for improvements in defences. Increased use of machine learning technologies and, from that, more positive outcomes will lead to a significant growth in this area. @CSMagAndAwards Jan/Feb 2018 computing security 17