1 year ago


2018 predictions Markus

2018 predictions Markus Braendle, Airbus CyberSecurity: criminals will continue to use end-to-end encryption for espionage and subversion. Travis Farral, Anomali: cryptocurrency mining will become one of the major monetisation avenues for attackers Nation States continue to grow in cyber security expertise with the skill, will and resource to monetise from their endeavours or disrupt their neighbours. Not every threat model needs to protect against adversaries that seek to destabilise a nation, however, with the increasing adoption of digital services and frequent attribution of cyber-attacks to Nation States, it is feasible to suggest attacks against commercial entities to support political objectives will only continue to increase. ADRIAN DROZD, FROST & SULLIVAN DIGITAL TRANSFORMATION RESEARCH DIRECTOR: The managed security services (MSS) market in Europe, Middle East and Africa (EMEA) is experiencing significant transformation. While new market entrants with network-based MSS propositions and remediation capabilities are disrupting the MSS provider (MSSP) landscape, mature technologies such as cloud migration, enterprise mobility, and always-on availability are boosting MSS adoption. These factors have stoked demand for expert security professionals, who are in short supply. Partly in response to this human resource crunch and the need to ensure compliance with Europe-wide General Data Protection Regulations (GDPR), businesses and public entities of all sizes are turning to MSSPs. Frost & Sullivan's research, 'EMEA Managed Security Services Market, Forecast to 2021', finds that the market was valued at $4.27 billion in 2016 and is expected to reach $8.26 billion by 2021 at a compound annual growth rate (CAGR) of 14.1 percent during 2016 through 2021. The research analyses current market dynamics, external challenges, drivers, restraints, forecast and trends. Market share and competitive analysis of key players such as BT, Orange Cyberdefense, IBM, HP Enterprise, Atos, Telefonica, T-Systems and Verizon are provided. Customers want solutions that solve problems, rather than mere alerts to a potential problem. Therefore, MSSPs that offer consulting, professional and technical services could well outpace the overall market. The key to longevity and success in an agile MSSP environment is staying ahead of the competition by: Capturing the next wave of highervalue MSS. The two growth MSS segments in the next five years are threat intelligence, and research and detection services Growing the midsized market segment with the right pricing strategy Following a customer-centric approach by delivering solutions that meet evolving demands Adopting technology-led approaches to service delivery, such as unburdening tedious tasks through automation and a collaborative solution approach. Although the media has extensively covered security breaches, many enterprises still believe that they will not be subject to targeted attacks and, hence, do not require protection against advanced threats. This approach to security has curtailed the adoption of MSS in the EMEA region - and is one that will doubtless change as the threat landscape evolves. A FINAL THOUGHT… FROM RICHARD PARRIS, INTERCEDE CEO AND CHAIRMAN: When are organisations, their customers and regulators finally going to do something about the parlous state of information security? The black hats have had it their way for far too long, but 2018 could well be the year that the pendulum swings back. On the back of some truly momentous incidents over the past 12 months, many stakeholders are now saying "enough is enough", and that could spell some big changes ahead, with the concept of digital identity front and centre. 16 computing security March/April 2018 @CSMagAndAwards

inside view EVERYONE IS AT RISK FROM SPEAR PHISHING TO RANSOMWARE AND THE EVER-PRESENT THREAT OF BOTS, COMPANIES OF ALL SIZES HAVE REASON TO LOSE SLEEP AT NIGHT. ELIZABETH SHELDON, CHAIRMAN, EVIDENCE TALKS, CONSIDERS WHAT THAT MEANS FOR ORGANISATIONS EVERYWHERE Cybercrime targeted at small businesses is increasing at an alarming rate and it's a problem that's not about to go away. What's more, the threat is increasing in scope, as well as size. Gone are the days when having a relatively unknown brand used to work in favour of smaller organisations to ward off hackers. These days, it would be wrong to assume that hackers will only pursue well recognised companies with huge volumes of data. As smaller businesses are far less likely to have security personnel and technologies in place that can efficiently detect and respond to an attack, it's easy to see why hackers are shifting their focus. The reward may well be smaller, if a SME is breached on an individual basis and this perhaps explains why many hackers are now leveraging attacks against smaller businesses in their multitudes. According to recent data, almost 50% of cyber attacks are aimed at the small business - a number that's likely to increase in 2018. For many small businesses, cyber security competes with other day-to-day concerns for time and resource, but better measures must be put in place to ensure they are less vulnerable to attack. As per their own structure and business model, every business faces different risks. Some will be heavily reliant on their e-commerce systems, while others, for example, may be more severely impacted by the loss of customer data, procurement systems or their intellectual property. The onus for the SME, therefore, lies in evaluating how cyber risk can be mitigated by prioritising spend in the areas that matter most to them. Long gone are the days when small businesses can view themselves as too small or insignificant for cyber security. Defending your corporate reputation is paramount and cannot be overlooked in the ongoing drive to retain your competitive edge. While a lot of attention is focused on external threats, it's now emerging that one of the single, greatest causes of information theft, loss or attack actually comes from within business walls. Over the past few years, data leaks and other news events have brought insider threats to the forefront of public attention and yet most companies, both large and small, seem to lack the motivation and capabilities to protect themselves from the malicious insider. With a lack of appropriate internal defences increasing exposure to fraud, the opportunities for miscreants are now more prevalent than ever before. For example, for those intent on stealing or causing damage, phishing has turned into a relatively straightforward exercise, due to the ease with which good phishing kits can be purchased, often Elizabeth Sheldon, Chairman, Evidence Talks. with the relevant technical support, on the black market. It's even possible to purchase ransomware-as-a-service in underground markets. Fortunately, the rise of analytics and digital forensics technologies make the identification of insider threats easier and less intrusive. Alongside adoption of the appropriate technologies, however, businesses need to gain accreditation to the Cyber Essentials (CE) scheme, have an awareness of what to look for and focus more on their security efforts to achieve best outcomes and the reassurance that robust cyber security protocols will bring. @CSMagAndAwards March/April 2018 computing security 17