In life, there are things that are almost guaranteed. Feature articles on predictions and trends at the beginning of the year certainly fall into this category and in the cyber security industry, there’s plenty. Having picked the brains of leading figures within the cyber security industry, we’ve rounded up some of the best and most interesting predictions as we go deeper into 2018…
IOT
Sean Newman, director at Corero Network Security:
Internet of Things
“IoT is developing rapidly, but so are the threats that come with it, making this another major concern for businesses in 2018. The availability of Internet connected devices with vulnerable operating systems are paving the way for massive botnet activity – driven by DDoS for hire services. These “zombie armies” of connected devices can then be leveraged in both large scale and everyday DDoS attack activity. As we know too well, a DDoS attack is easy to launch as it does not require in-depth understanding of programming or networking. The largest (recorded) DDoS attack to-date was in late 2016 against cybercrime researcher and journalist Brian Krebs. Investigation into this attack showed that many IoT devices were hijacked as botnets to carry out the attack.”
Javvad Malik, security advocate at AlienVault:
Speaking of IoT, it’s made my predictions list three years in a row. How can this be, you ask? Because IoT is such a broad and all-encompassing term, the goal posts keep moving.
This year, we saw the devastation caused by Mirai and similar malware, which recruited many insecure IoT devices into a botnet to launch huge DDoS attacks. And the problem of insecure IoT devices will only worsen in 2018, as more and more manufacturers connect products to the internet. While some may be relatively harmless, such as a salt shaker that tracks your daily salt intake, others, such as smartwatches designed to protect children, could have more severe consequences if left vulnerable to attack.
IoT devices lack security by design, and they also don’t offer the option to upgrade or apply patches. Additionally, many vendors choose convenience (e.g., using default credentials in their appliances) over implementing proper security measures, which is a flagrant violation of best practices in product development.
Many vendors simply aren’t willing to put in the extra effort to ensure security unless it’s required. Perhaps 2018 will be the year we see governments around the world take an active role in IoT security and put pressure on these manufacturers to do the right thing for consumers.
DDOS
Sean Newman, director at Corero Network Security:
“DDoS attacks against cryptocurrency have been a fairly common occurrence as of late, crippling the exchanges. With the growing popularity of digital currencies, the number of those attacks is likely to increase in the future. DDoS attacks against any digital currency could be utilised to manipulate the exchange market or the targeted currency. They can prevent traders from logging into accounts and making transactions, causing the value to drop. Attackers can then pause the attack efforts to buy as much as they can while the price is low – impacting the overall value of the currency.”
ICS
Edgard Capdevielle, CEO, Nozomi Networks:
Our predictions for 2018 add up to the fact that ICS cybersecurity is going to be more mainstream 12 months from now. IT/OT convergence will advance, more OT security services will be available, and many more industrial organizations will be lightening the burden of securing their process by using AI powered tools.
Malcolm Harkins, chief security and trust officer of Cylance:
Social media was originally a fun a way to communicate and stay up to date with friends, family and the latest viral video. Along the way, as we started to also follow various influencers and use Facebook, Twitter & others as curators for our news consumption, social media became inextricably linked with how we experience and perceive our democracy. The definition of critical infrastructure, previously limited to big ticket items like power grids and sea ports, will similarly expand to include said social networks. While a downed social network will not prevent society from functioning, these websites have been proven to have the ability to influence elections and shape public opinion generally, making their security essential to preserving our democracy.
In addition, cybersecure products will be increasingly demanded by major customers. Unfortunately, “going mainstream” also means there will likely be new malware that directly attacks OT device software.
We look forward to the maturation of industrial cybersecurity practices, products and services. We’ll certainly be working with our customers to help them meet the challenge and burden of cybersecurity with top notch ICS threat detection and operational visibility tools.
GDPR & Encryption
Malcolm Harkins, chief security and trust officer of Cylance:
Companies are publicly touting their GDPR readiness, but behind closed doors, I expect a lot of uncertainty about the ability to comply with these new and incredibly strict guidelines. While GDPR won’t result in the same public hysteria as Y2K, IT practitioners who were around at the turn of the century will feel a bit of déjà vu. In particular, many companies in the US are waiting to see how GDPR plays out stateside, and I expect in the first few years after its enactment, the EU will look to make an example of a multinational who fails to check all the boxes.
Markus Braendle, Head of Airbus Cybersecurity
Concerns about data privacy, the increasing use of cloud computing, an increase in data breaches and the introduction of General Data Protection Regulation (GDPR) will all contribute to the emergence of End to End Encryption (E2EE) as the most effective way for enterprises wishing to secure their data. But E2EE will also represent some challenges to law enforcement as criminals continue to use this technique for espionage and subversion.
Braendle continues: “When weighing up the cost of any security solution, it’s important to consider the financial impact of suffering a security incident. After General Data Protection Regulation (GDPR) comes into effect, organisations could be fined up to 4% of their global turnover in the event of a data breach – so the cost of any solution must always be viewed in relation to the risks involved.”
Oliver Pinson-Roxburgh, EMEA director at Alert Logic:
“Next year we will start to see a general paranoia for data loss that can be directly attributed to GDPR. We are already seeing the increased budget opening up to help address it now, but for some it’s too late for next year. I can see organisations being held to ransom with exposed data now that it has a wider impact on them and their partners. We have already seen several misconfigurations in the cloud leading to huge data breaches; how many others have been brushed under the carpet or cleaned up by the cleaning crew?”
BREACHES
Tim Erlin, VP, Product Management and Strategy, Tripwire:
“We’ll see a significant breach in the healthcare industry in 2018. With a growing focus on the vulnerability of medical devices and electronic healthcare records, the hospitals, insurers and manufacturers will all be in the crosshairs of cybercriminals in 2018. By and large, the broad healthcare industry isn’t prepared for these kinds of attacks. We saw a taste of the potential impact in 2017 with the WannaCry incident and the UK NHS. Ransomware doesn’t stay hidden, but there are lots of attackers who aren’t quite as noisy.”
Josh Mayfield, director at FireMon:
After this diatribe about the history of prediction, one may think I am being hypocritical by making statements of what will happen in 2018. But isn’t it the goal of any method to take in data from the past and confidently make predictions about the future? Of course!
I believe the current model of Passive Security will keep its strong grip. But guess what? While organizations cling to what they know cybercriminals are going to advance. Maintaining this model will likely bring the following unpleasant headlines:
- A major bank in the U.S. or Western Europe will lose over 100 million records
- A major Western government will experience a breach where over 20 million full citizen profiles are abducted
- A major healthcare provider will have their Amazon S3 breached, exposing millions of patient records
- In the wake of a breach (perhaps from 2017), a major company will be charged with criminal neglect and broken up by a Western government
There are times, when I examine this state of the world, that I am confronted with remorse, anger, and immeasurable sadness at the gratuitous harm perpetrated on humans by other humans. Yet, as this planet keeps spinning on according to the laws of physics, this species has demonstrated the requisite faculties of reason, empathy, and awareness of its own limitations that will forge new paths.
Our methods will evolve, we will overcome this. A new method has been introduced and it has gained a toehold. It will bide its time until more hapless methods, tragically, run their course.
CLOUD DATA
Tim Erlin, VP, Product Management and Strategy, Tripwire:
“We haven’t hit bottom yet on the cloud data leaks, so we’re likely to see more misconfigurations that lead to accessible data. These will taper off in 2018 as the defensive tools, and the providers themselves, catch up with protecting against this particular misconfiguration. Still, the movement of valuable data to the cloud isn’t slowing down, and data is money for cybercriminals. I expect that we’ll see more cloud-based compromises in 2018, beyond publicly accessible S3 buckets. These may take the form of compromised credentials, other misconfigurations, exploited vulnerabilities, or other ‘classic’ attacks that have migrated to the cloud.”
AUTOMATION
Dr Gary McGraw, vice president of security technology at Synopsys:
“Automation will continue at a faster pace than ever before in human history. If you recall talk about the “information revolution” from 25 years ago when the web was in its infancy, you’ll wince at how quaint and wrong the pundits were. The real information revolution is happening now, and the robots are winning. Our politics are now infested with disaffected and displaced low-skill humans who have become obsolete. That situation will get worse as more people are automated right out of the economy. The Luddite backlash is here again!
CARS will drive themselves. But more importantly, trucks will drive themselves. This will eventually put 6 million more humans out of work (that is, truck drivers) and will have a devastating impact on the small Midwest towns supported only by servicing truckers (food, gas, and lodging). The economy will change.
Even white collar JOBS will fall to automation (with a heaping side of machine learning). Retool now. Learn to code. Become a technologist. We’ll need more techies than ever. But don’t pick a field where repetition is the main thing or processes are clearly-defined and algorithmic.
IoT has a minor part to play in this revolution, but one that gets inordinate attention from the press (and the marketing hype). Put simply, everything will be on the net, both chattering away about data it is gathering and automating parts of life that we didn’t even know needed to be Automated. Security and privacy will play an important role.”
MACHINE LEARNING:
Oliver Pinson-Roxburgh, EMEA director at Alert Logic:
“Machine learning will be used to predict next move of hackers and/or being used to recognise specific attackers based on their pattern of attack. This is already there in a basic form. However, learnings from large attack pattern datasets lead to improvements in detection and ability to detect ever increasing complexity of attacks. This will also lead to an arms race between the defenders and attackers, where the defenders will attempt to predict the moves of the hackers and perform remediation steps to target that are specific to the advisories. This can only really be done well based on specific vectors of what hackers target. The attackers will look to obfuscated attacks well enough to throw off the defenders or need to increase their paranoia to stay stealthy or randomise their attacks . As ever with ability relies on good data and the ability to collect the relevant data from each stage of the kill chain, many organisations today just don’t seem to be able to achieve on their own.
Technologies and machine learning that works back from the data and predicts the likely channels of attack in order to remediate using the cheapest and most effective option vs complexity. Self-healing and security hardening networks built in a way that are able to use machine learning predications to be fluid in nature and ever changing in order to stay ahead of attackers and outage. This can already be proven in a lab but in the real world most organisations are far way from being ready for this, technology enhancements and cost of service are now making this more and more of a reality.”