[BreachExchange] Security management outlook: Five trends to watch

Mon Jan 23 18:56:48 EST 2017

https://www.helpnetsecurity.com/2017/01/23/security-management-outlook-five-
trends-watch/

Cybersecurity can’t sit still. As we look ahead to what this year has in
store for the security management landscape, organizations globally should
be paying attention to five key trends.

1. Cybercrime recognized as a dark industry

Over the last several years, cybercrime has evolved from separate efforts
of threat actors to a full-blown industry. While security professionals
have observed this gradual “corporatization” of cybercrime, 2017 will be
the year non-security folks begin to recognize this fact as well.

Reports of ransomware unleashed on hospitals have brought cybersecurity
discussions into people’s living rooms. Free rides on the San Francisco
Muni transit system in the U.S. are an indirect result of another
ransomware attack. Botnets able to launch massive DDoS attacks are why
users couldn’t access Twitter, Spotify, Netflix and other apps and services
common to everyday life.

These events are the result of the new era of cybercrime, one which has
been driven by the development of the deep web, outstanding and innovative
achievements of criminal groups and advanced TTPs developed by nation-state
actors. The biggest driver, though, is the validation of business models
that have made cybercriminals very, very wealthy.

Criminal “companies” now operate together, employing similar tactics as
legitimate industries: selling packaged tools and platforms to their
customers; providing malware-as-a-service; demonstrating innovation,
usability and professional excellence; and offering outsourced capabilities
with training and technical support.

For any legitimate businesses still thinking cybercrime doesn’t have
industrial strength behind it, they will likely find themselves the next
target.

2. Enterprise demand for threat intelligence skyrockets

Those organizations that are paying attention to the warnings signs of
cybercrime recognize the need for real-world threat intelligence.

To keep pace with cybercriminals, cyberdefenders must understand which
vulnerabilities are being exploited in the wild, which have been packaged
in exploit kits and which are being used to target their industry. This
requires examining available exploit kits, malware and other threat actor
tactics used in the real world, as well as internal incidents and incidents
in similar organizations.

By combining external imminent threat intelligence with context of the
network, security controls and business, organizations will be dramatically
more effective at reducing the risk of a damaging cyberattack.

3. Intelligent vulnerability management targets cyberattackers’ weak spot

Kaspersky’s report on ransomware from 2014 to 2016 identified 62 new
ransomware families with roughly 45K new ransomware variants. Despite this,
the amount of vulnerability exploits used by threat actors is much lower:
Verizon’s 2016 Data Breach Incident Report shows only 900 vulnerabilities
were exploited in 2016.

This leaves a much smaller stack of potential client-side threats to
address proactively. With knowledge of the tools in the cybercriminal’s
toolkit, organizations will be able to take vulnerability management
programs to the next level.

Combining real-world threat intelligence, CVSS-based scoring and security
factors of the network and business will provide the needed context to
accurately prioritize vulnerabilities and focus remediation.

4. The great security vendor crunch

In the crowded cybersecurity market, mergers and acquisitions of vendors
and service providers are sure to take place. But in 2017, cybersecurity
M&A will be driven by the customer’s need to consolidate more than ever
before.

The growing cybersecurity skills shortage is forcing customers’ hands in
two ways. The first is to consolidate the tools they use under centralized
management, increasing the automated integration between solutions. The
second is to decrease reliance on niche talent to operate a patchwork of
point solutions from various vendors. These market drivers will likely
produce several point solution mergers and buyouts as the demand for
integrated platforms rises.

5. The Race to GDPR compliance and increasing global regulations

If you’re a company based outside the European Union, you may have heard of
the EU’s impending General Data Protection Regulation (GDPR) going into
effect in 2018. If not, you’d better get informed and do so quickly. If
you’re a company in the EU, you are likely already panicking. GDPR doesn’t
care much where your headquarters are – if you have business operations in
the EU or handle EU citizen data, it applies to you.

These aren’t your grandma’s cybersecurity regulations. Current penalties in
the EU stand at around €750K. Under GDPR, fines will reach as high as €20M
or four percent of turnover. Other tough regulations have gone into effect
in recent months and are on the horizon. New York State is implementing
March 1 new cyber regulations for the financial sector, which could
potentially open executives up to criminal liability for non-compliance.

2017 will be the year organizations are forced to overcome the compliance
burden without sacrificing security. This will mean an automation boom –
from network modeling to gain visibility over systems processing personal
data to change tracking to risk assessments and, of course, to reporting
for audit purposes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170123/1e357e9e/attachment.html>