[BreachExchange] Ten cyber security trends for organizations to consider

Audrey McNeil audrey at riskbasedsecurity.com
Thu Jan 4 18:57:24 EST 2018


1. Everyone will be waiting for 25th May
This is the day that the General Data Protection Regulation (GDPR) comes
into force. Most firms have taken time to understand what GDPR may mean for
them, and in many cases have reviewed (or even partially disposed of) their
holdings of personal data. It is far harder to predict quite how sanctions
under GDPR will be applied by the various regulators. We can expect a few
high profile examples to be made early on, but perhaps not the tsunami some
expect. Nevertheless, privacy rights are on the agenda, and we can expect
zero regulatory tolerance for the long delays in notification of major
breaches seen recently.

2. Criminals will hunt out the weak points
Organized crime groups are on the hunt for new ways to monetise stolen
information and access to systems, and in a post Bank of Bangladesh world
they will be increasingly creative in how they do this. We can expect more
attempts to initiate fraudulent payment transactions (often with a social
engineering elements), as well as ongoing interest in our core financial
infrastructure including payment and trading platform gateways. Growing
demands are being placed on fraud control and anti-money laundering systems
to catch these transactions, while customers demand instantaneous financial
transfers. If these controls fail, expect to see a $100 million pay-out
from a cyber attack.

3. Governments will continue to block and tackle cybercrime
As criminals industrialise cyber attacks using the crime as a service model
to rent attack tools and ransomware, governments are increasingly looking
for ways to disrupt the infrastructure used by criminals. Closer links with
telcos and service providers are being built along with the operational
processes needed to block sites hosting malware, detect and counter
phishing attacks. Trusted DNS services and Domain-based Message
Authentication, Reporting and Conformance (DMARC) will be rolled out at
scale across the community. These measures linked to improved intelligence
sharing will start to make a difference.

4. A new model of cyber security will emerge
As firms invest more in cloud computing, a new model for cyber security is
emerging. Increasingly, firms can look to cloud providers to embed good IT
security, but firms still own the problem of setting their requirements and
determining just who can access what. The shift towards DevOps and agile
development build on these more flexible infrastructures, but also demand
new ways of embedding security into the development lifecycle and an
equally agile test regime. Security can no longer engage at the end of
development cycles and, if it does, it risks being seen as a blocker rather
than an enabler.

5. Automation of controls and compliance will be the order of the day
Firms are coming under pressure to contain their burgeoning cyber security
budgets. Manpower-intensive compliance processes are beginning to give way
to continuous testing and controls monitoring, helping firms build a more
accurate picture of their IT estate – helping the CIO as well as the CISO.
The growing demand for supply chain security and third party assurance will
also lead to a burgeoning industry of testing firms offering risk scoring
and testing services for those third parties.

6. Digital channels will demand customer centric security
Digital channels are becoming more and more sophisticated, demanding new
consumer identity and access management approaches, dynamic transaction
risk scoring and fraud controls, and an emphasis on usable non-intrusive
security measures which don’t impact the consumer’s experience. Open
Banking and the arrival of Payment Services Directive 2 will drive richer
interactions between a new ecosystem of payment service providers and the
banks who handle our money. A new world of open API is on the horizon, but
concerns over criminal exploitation of these rich interfaces abound.

7. The Internet of insecure things continues
Criminal groups continue to exploit insecure ‘Internet of things’ devices
as sources of attack traffic for denial of service attacks, leading to more
and more extortion attacks but also an increasingly sophisticated response
from the international community involving telcos, content delivery
networks and distributed denial of service (DDoS) mitigation firms.
Unfortunately, this response won’t be consistent globally, and many nations
may find themselves vulnerable to these attacks which will cause major
disruption in 2018.

8. The Shadow of State activity lengthens
As countries invest to develop their cyber espionage and offensive
capabilities, we will see more signs of their activities. Disclosures of
high end techniques used by nations will continue, fuelling the
opportunistic re-purposing of these vulnerabilities by less sophisticated
States and organized crime groups. Expect more evidence of industrial
control system attack tools being tested as States explore the potential of
this new form of warfare.

9. Balkanisation continues and paranoia grows
States continue to intervene to protect their national security interests
in cyberspace, risking an increasingly complex framework of international
regulation and controls around the supply chain for critical infrastructure
firms. While there will be some moves to align regulation across the global
financial sector around the G7 fundamental elements of cyber security, this
will take time and effort to achieve.

10. Resilience and speed matters
Regulators are focussing on resilience – the ability of an organization to
anticipate, absorb and adapt to disruptive events – whether cyber attack,
technology failure, physical events or collapse of a key supplier.
Exercises and playbooks are in fashion as firms try to build the muscle
memory they need to respond to a cyber attack quickly and confidently,
while cyber insurance is finding its place not just as a means of cost
reimbursement but as a channel for access to specialist support in a crisis.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180104/dac220ed/attachment.html>

More information about the BreachExchange mailing list