[BreachExchange] Six Cybersecurity Predictions for The Year Ahead
Audrey McNeil
audrey at riskbasedsecurity.com
Mon Dec 11 19:24:43 EST 2017
https://www.alienvault.com/blogs/security-essentials/six-
cybersecurity-predictions-for-the-year-ahead
It’s that time of the year again – the time for us to start gazing into
crystal balls, pulling out the ouija board, and taking a DeLorean up to 88
miles per hour, all in an attempt to predict what the coming year will
bring to information security.
After extensive thought on the topic, I’ve come up with six predictions for
2018. Let’s take a deep dive into each.
1. Lack of in-house expertise will cause ongoing cloud security woes
Are clouds secure? Are they not? Are we going to move workloads to the
cloud? Are we not? Over the last few years, these questions have been
repeated over and over within many organizations. However, as more
companies have made the move to the cloud, vetted providers, and developed
their cloud strategy, confusion has lessened – but security woes have not.
In the year ahead, we’ll continue to see a distinct lack of in-house cloud
expertise resulting in security troubles for many organizations. While
cloud providers offer adequately secure platforms, users still have a
responsibility to ensure they are doing their part toward securing their
data in the cloud (think the shared security model). This includes
monitoring for security threats within the cloud environment, and equally
ensuring cloud environments are properly configured. But, many IT and
security professionals aren’t aware of their role in cloud security, or are
aware but don’t know the best way to execute on their responsibilities.
There have been countless cases in 2017 whereby enterprises have left
private information publicly exposed, which has resulted in huge breaches.
While most resulted from a failure to properly secure Amazon Web Services
(AWS) buckets, this is not the only cloud vulnerability. For example, many
people also found that their information was shared publicly via
Microsoft’s docs.com service.
Education and awareness around cloud security and the shared security model
can go a long way in minimizing risk and keeping company data safe –
regardless of whether it’s on-premises or in the cloud.
2. Ransomware will remain one of the most popular attack methods
Ransomware has dominated many news cycles throughout 2017. And,
unfortunately, we won’t see this attack vector slow down anytime soon.
With lower execution costs, high returns and minimal risk of discovery
(compared to other forms of malware), ransomware has quickly become a
preferred method of attack for cybercriminals. And it’s now easier than
ever for virtually anyone – even individuals with minimal security
knowledge – to extort money from companies and individuals through
do-it-yourself ransomware toolkits or via the services of a
Ransomware-as-a-Service (RaaS) provider. Cybercriminals always aim to take
the path of least resistance while achieving maximum ROI, and RaaS lets
them do just that.
While security controls continue to improve and definitely help companies
defend against ransomware, the threat vector is becoming increasingly
sophisticated and exacerbated by the growth of the “Internet of Things
(IoT).” The proliferation of IoT devices has vastly expanded the network of
potential targets for cybercriminals – making the “ransomware of IoT” the
security world’s new nightmare.
3. The debate around insecure IoT devices will heat up
Speaking of IoT, it’s made my predictions list three years in a row. How
can this be, you ask? Because IoT is such a broad and all-encompassing
term, the goal posts keep moving.
This year, we saw the devastation caused by Mirai and similar malware,
which recruited many insecure IoT devices into a botnet to launch huge DDoS
attacks. And the problem of insecure IoT devices will only worsen in 2018,
as more and more manufacturers connect products to the internet. While some
may be relatively harmless, such as a salt shaker that tracks your daily
salt intake, others, such as smartwatches designed to protect children,
could have more severe consequences if left vulnerable to attack.
IoT devices lack security by design, and they also don’t offer the option
to upgrade or apply patches. Additionally, many vendors choose convenience
(e.g., using default credentials in their appliances) over implementing
proper security measures, which is a flagrant violation of best practices
in product development.
Many vendors simply aren’t willing to put in the extra effort to ensure
security unless it’s required. Perhaps 2018 will be the year we see
governments around the world take an active role in IoT security and put
pressure on these manufacturers to do the right thing for consumers.
4. Prioritizing threat detection
Despite years of increasing cybersecurity spend on prevention, challenges
remain largely unchanged. If anything, it feels as if breaches occur more
frequently, and impact a greater number of users and companies.
We’ve already seen signs that many U.K. companies are decreasing their 2018
cybersecurity budgets. This may be attributed to Brexit and the economy, or
maybe it’s a sign that companies believe that more spend doesn’t equate to
better security. Rather, it’s about finding the best place to invest for
maximum return.
As a result, we’ll likely see more attention towards building threat
detection capabilities in order to discover when an attack is underway, or
has occurred in a relatively short timeframe.
5. Companies will scramble to comply with the General Data Privacy
Regulation (GDPR)
Though GDPR has been a hot topic in the news, and at this year’s security
conferences and events, many businesses are still either unaware of what it
is, or lack an understanding of how the regulation will affect them. There
is also a profound misperception that GDPR only impacts European companies.
In reality, GDPR applies to all organizations that control or process data
within the EU as well as those that control or process data related to EU
residents. This means that, while GDPR is rooted in the EU, organizations
in the U.S. that handle data from EU residents are very much impacted as
well.
GDPR is primarily intended to strengthen security and privacy protections
around individual data, which it enforces by subjecting organizations to
stricter requirements, adding new requirements – such as breach
notification – and increasing fines on organizations that fail to comply.
As GDPR comes into force in May 2018, we’ll see many organizations – both
in Europe and the U.S. – scramble to put the necessary processes and
technology in place to ensure compliance.
6. Cybersecurity technology politics will prompt greater corporate
transparency
Cybersecurity, in some way or another, has often been politicized (e.g.,
hacker activists or nation-state adversaries). Technology companies are
finding themselves increasingly in the crosshairs of governments – from
providing access to users or products, like Apple, to being accused of
colluding with foreign intelligence agencies, like Kaspersky.
Technology companies like Kaspersky will want to avoid being used as a
political pawn. In recent years, companies like Google and Facebook have
been repeatedly asked by various governments to provide access to customer
accounts. Similarly many messenger services that provide end- to-end
encryption have been asked to provide backdoors.
It is unlikely that technology companies will provide carte blanche access
to its customers data; it is likely that we’ll see great attempts at
transparency through source code and assurance reviews to help mitigate any
accusations of foreign influence or collusion.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20171211/a9cdc635/attachment.html>
More information about the BreachExchange
mailing list