2018 Cybersecurity Predictions From TrustwaveBrian Hussey, the VP of Cyber Threat Detection and Response at Trustwave’s SpiderLabs, shares these predictions and next steps. 46. New Hybrid Attacks on Financial Institutions: Trustwave’s SpiderLabs research team recently came across a newly evolved form of a hybrid cyberattack on banks, which includes a human “mule” element. The multi-step approach first has the mule open up an account at the targeted bank, then leverages the data obtained to gain unauthorized account access to the network. This attack had already raked in more than $100 million and was only found to be used in eastern Europe and parts of Africa-- however researchers warn that this type of attack will be spreading to North America as it becomes perfected. To stay protected, businesses should ensure they have well-documented and tested incident response plans in place to proactively prepare for an incident, as well as an incident response plan that is ready to be deployed.
45. IoT Devices as Vulnerable Targets in the Workplace: IoT devices are being integrated into the workplace to increase productivity for employees, in term opening up new vulnerabilities for companies. IoT devices come with their own risks, as they can be accessed remotely, or act as an entry point to breach an organization’s network. Recently, Brother printers were found to have a denial of service (DoS) vulnerability, allowing hackers to tie up resources and reduce productivity of organizations using this printer. To ensure IoT devices are not providing hackers with easy access to your businesses’ network, organizations should develop strict access controls and web access restrictions, and promptly make patch updates once manufacturers make them available.
44. Making Cyber an Integral Part of Corporate Culture: Applications, IoT devices, BYOD integration, and third party connections increase a company’s attack surface and are huge factors in security failures for enterprises. This is a result of organizations continuing to utilize legacy policies and procedures that are no longer relevant to their evolved technology ecosystem. In order to combat these challenges, businesses need to make cyber an integral part of corporate culture by taking a top-down approach in ensuring the right protection for their company. Having buy-in from the boardroom and vigilance from users is key to avoiding unnecessary barriers. Another vital step is assessing the risk of an organization’s network by working with internal or external security experts to establish advanced and relevant policies and procedures around the needs of their company like remote workers, BYOD, and employee/vendor security.
43. Leveraging Threat Hunting and Other Proactive Tactics: Organizations of all sizes should ensure their company has a plan in place to proactively identify and respond to threats, also referred to as threat hunting. Threat hunting is a technique used to proactively identify the indicators and causes of sophisticated attacks and impede the exfiltration of sensitive data before it can inflict damage. Taking a proactive approach by integrating threat hunting into a company’s protection plan allows a business to seek out and remediate an attack before it even happens. Other ways businesses can be more proactive is working with a managed security service provider who can help with risk management objectives and data classification.
2018 Cybersecurity Predictions from NetskopeKey predictions from Netskope CEO Sanjay Beri: 42. In 2018, three quarters of companies or apps will be ruled out of compliance with GDPR and at least one major corporation will be fined to the highest extent in 2018 to set an example for others. Three quarters (75.4%) of cloud services were not ready per Netskope’s September cloud report on GDPR compliance readiness. I predict little change by May’s deadline. Most companies are preparing internally by performing more security assessments and recruiting a mix of security professionals with privacy expertise and lawyers, but with the deadline quickly approaching, it’s clear the bulk of businesses are woefully behind and may not be able to avoid these consequences.
41. In the aftermath of numerous AWS S3 bucket misconfigurations, businesses will restructure their security tools to prioritize intuitive platforms that anyone can navigate. In 2018, companies will be far pickier about choosing security tools, relying on “best of breed” products that allow easy integration with their other security tools to create a holistic multi-vendor security suite. In light of the cybersecurity skills gap, business leaders will also choose tools that are easy for non-security experts to understand. Leaders without a formal cybersecurity background are increasingly just as critical to the safety of a company’s data as the Chief Security Officer, and companies will invest in tools that everyone can understand.
40. In 2018, companies will prioritize the cloud to manage security. More than ever, business leaders will search for security solutions that mitigate blind spots across the cloud, including activity conducted across off-network access or on personal devices. Today’s workforce is mobile and distributed; legacy tools can’t see devices that are unattached to an enterprise network (i.e. mobile) so more businesses will turn to independent cloud security companies to more effectively connect the dots. Continue to the next page for predictions from Netwrix and ServiceNow Welcome to predictions from Netwrix & ServiceNow
2018 Cybersecurity Predictions from Netwrix
Netwrix Corporation, provider of a visibility platform for user behavior analysis and risk mitigation in hybrid environments, outlines the top 5 emerging IT security trends likely to affect the way organizations will approach cybersecurity in 2018.
39. Blockchain for IT security. Blockchain technology enables data storage in a decentralized and distributed manner, which eliminates a single point of failure and prevents hackers from compromising large volumes of data. Due to its ability to quickly identify the data that has been manipulated, blockchain may become the core technology for highly regulated industries, like banking and law.
38. Focus on insider threats. Netwrix’s 2017 IT Risks Survey found that most organizations lack visibility into user behavior, which makes them vulnerable to insider threats. The need to keep sensitive information secure and prevent insider breaches will force organizations to make more efforts to establish stricter control over user activity in their IT environments.
37. Continuous Adaptive Risk and Trust Assessment. Since protection against behind-the-perimeter attacks is not sufficient today, Gartner suggests a Continuous Risk and Trust Assessment Approach (CARTA), which sees security as a continuous process that changes all the time and has to be regularly reviewed. Real-time assessment of risk and trust will enable organizations to make better decisions regarding their cybersecurity posture and mitigate the risks associated with aberrant user activities.
36. Growing demand for advanced analytics. Because security software generates massive amounts of data, organizations need advanced analytics to gain a complete picture of what’s going on in their IT environments. The growing adoption of user and entity behavior analytics (UEBA) technology will help companies understand their weak points better and promptly respond to any activities that might pose threat to data integrity.
35. Organization-specific approach to IT security. Organizations will expect vendors to offer more personalized security solutions that address specific pain points depending on a company’s size, IT environment complexity and budget. This will give businesses an opportunity to implement products that better match their needs, and small vendors with a single focus will be able to compete with larger but less flexible software providers.
2018 Cybersecurity Predictions From ServiceNow
Brendan O’Connor, Security CTO at ServiceNow, shared his complete predictions here. Below are abridged versions of those four predictions.34. “Haves” and “Have-nots” emerge: In 2018, we will see security Haves and Have-nots emerge between those that begin to automate this research portion of security response and those that don’t. Companies with the tools and culture to embrace automation, and put technology to work for real business enablement, will perform better than those that don’t. Source: Brendan O’Connor, Security CTO at ServiceNow
33. Security gains a seat in the boardroom: The boardroom needs to take a step toward security, and security operations needs to take two steps toward the boardroom. Bridging the knowledge gap between security leadership and the board provides the framework to ensure effective security by helping all parties assess the risks and decide how to mitigate them. Source: Brendan O’Connor, Security CTO at ServiceNow
32. A breach enters our physical lives: In 2018, we will see a breach impact our physical, personal lives. It might be a medical device or wearable that is hacked and remotely controlled. Perhaps it will be an industrial IoT device or self-driving car that gets compromised. Source: Brendan O’Connor, Security CTO at ServiceNow
31. The EU penalizes a company for a GDPR violation: On May 25, 2018, the General Data Protection Regulation (GDPR) will be put into effect. The EU may choose to make an example out of one of the first companies it penalizes, sending a message that GDPR is to be taken seriously. The first company most likely won’t be a household name, but it will be known to be out of compliance in areas other than GDPR. Source: Brendan O’Connor, Security CTO at ServiceNow Continue to the next page for predictions from CyberSight, Comodo, RiskIQ and more Welcome to predictions from CyberSight, Comodo, RiskIQ and more
2018 Cybersecurity Predictions From CyberSight
Hyder Rabbani, the COO of CyberSight, weighs in with four predictions... items 27 through 30
30. New ransomware business models: Ransomware attacks are likely to increase multi-fold based on the anonymity of ransom payments through cryptocurrency (Bitcoin, Ethereum and others) and the ability to “outsource” development of custom ransomware strains to hackers willing to offer creative, revenue-share ransomware. We'll see more non-technical hackers engaging ransomware developers for free and sharing a portion of the proceeds as payment, thereby requiring no skills or money for someone to launch a malicious attack.
29. Picture this type of ransomware...: Notorious ransomware families such as Locky and Petya will become even more advanced and continue to find new vulnerabilities to exploit. Along those lines, we'll see ransomware taking new forms in 2018; for example, disguised as JPEG or PDF files.
28. Ransomware hits critical disk regions: Ransomware attacks will become more destructive than ever by attacking critical disk regions and forcing reboots that enable the ransomware to circumvent existing security software. As this happens, a new approach to ransomware and a shift in cybersecurity thinking from “post-attack” recovery to “pre-attack” prevention will be necessary.
27. Macs become bigger targets: As Apple Mac ownership increases, the Mac platform will become a target. We predict there will be an emergence of more Mac ransomware strains targeted to Mac owners who believe the fallacy that “Macs don’t get malware or ransomware."
2018 Cybersecurity Predictions From Comodo
26. Will smart cars repeat our security mistakes?: Smart cars need smart roads…which need smart-secure IT/OT infrastructures. Seeing, hearing, reading all the buzz and the impressive investment dollars behind the start of smart cars reminds me of when we thought that personal computers were the answer to take on the monolithic mainframe. That was in the 1970s.
Fast forward to the present, and we now see that they needed an infrastructure -- call it the internet in all its manifestations of protocol adoption, ethernet, websites, cloud data centers, mobile devices, etc. Smart cars serve as just one example. Were these PCs and their connections to the internet infrastructure made secure, at the earliest point of the OSI stack and TCP/IP implementations? No. That started late, and it remains in catch-up mode.
We are at the moment of massive changes coming from robotics, IoT, and yes, even smart cars. They will succeed when they are coupled with smart roads and smart IT/OT infrastructures. That is the prediction. Now to the question. Think we should make them secure…before it’s too late? Source: Carlos Solari, VP of Cybersecurity, Comodo
25. SLL Risks: SSL certificates will be everywhere. Phishing sites will be even more prevalent, and we’ll see more phishing sites with valid SSL, especially with the lowered requirements to obtain free certificates. Source: Fatih Orhan, VP of Threat Labs, Comodo
24. Nearly perfect won't be good enough: Tolerance for 98-99% effective malware solutions will wane, and organizations will demand 100% prevention and protection. Source: Steven A. Menges, VP, Security Journeys, Comodo
2018 Cybersecurity Predictions From RiskIQ
23. Dangerous Ground: The eastern European conflict areas in the Ukraine will continue to be an area of digital disruption like we’ve seen with NotPetya and BadRabbit. Actors might also fall back to physical attack as seen with the attack on Ukraine in 2015 and 2016 after the waves of ransomware and wiper malware. Source: Yonathan Klijnsma, threat researcher, RiskIQ
22. Web crawling meets incident response: As recent attacks have shown, actors will continue to leverage compromised infrastructure as an infection vector to target individuals and organizations of interest. With this avenue of attack increasing, it will become even more important for security operations and incident response groups to be able to investigate correlations between compromised and actor-owned infrastructure, making web crawling capabilities critical to incident response. Source: Steve Ginty, senior product manager, RiskIQ
21. Adversarial Machine Learning emerges: Threat actors will increase their adoption of Adversarial Machine Learning to evade detection by infrequently trained machine learning models. Machine learning models will need to evolve quickly to keep up with these threats by incorporating instance-based approaches. The value of large data lakes will increase as security companies turn to machine learning-based solutions. The most valuable of these datasets will be hand-curated, labeled datasets that can be used to train supervised machine learning models. Source: Adam Hunt, chief data scientist, RiskIQContinue to the next page for predictions from EventTracker, BluVector, Cylance and more Welcome to predictions from EventTracker, BluVector, Cylance and more
20. Machine Learning's next chapter: I think that machine learning in security will continue to grow, and we will see platforms (maybe Splunk or log aggregators or maybe new products that don’t exist now) begin saying ‘give us EVERYTHING you might have about your company, your network, your machines,’ and then the platform will automatically begin surfacing and monitoring for new things that are related, both inside and outside the firewall. Source: Sam Curcuruto, head of Product Marketing, RiskIQ
2018 Cybersecurity Prediction From EventTracker
19. SIEM will shift to MSPs: "With SIEM platforms evolving to encompass machine learning concepts and orchestration capabilities, plus spreading to the furthest ends of the digital enterprise, we must also look at the most appropriate delivery model. By intertwining connectivity, threat, and compliance management, the delivery model that might work best for some organizations would be that the SIEM, or IT security, is delivered from an organization’s preferred ISP or managed IT service provider (MSP). The fully evolved SIEM platform will be able to deliver advanced functionality, wide integration, and lastly, MSP-friendly deliverability. Source: A.N. Ananth, CEO, EventTracker, a Netsurion company
2018 Cybersecurity Predictions From BluVector
18. Extremism debate intensifies: On the heels of the net neutrality debate, we’ll hear a more fundamental discussion about the risk of the Internet as a platform for encouragement of hate/extremism terrorism and the role of government and private companies in countering the extremist narrative through voluntary and “proactive” management of social media. Source: Kris Lovejoy, CEO of BluVector.
17. Cyberattacks pursue social unrest: In addition to nation states, we will see examples of terrorists, extremists, and other hate actors using cyberattacks as the mechanism to enact social unrest and/or financial panic. This will primarily be through continued and sustained use of disinformation as well as destructive attacks focused on critical infrastructure. Source: Kris Lovejoy, CEO of BluVector
16. Ransomware gets nastier: With the success of "Sorebrect" as an attack vector, fileless ransomware attacks will become more prevalent in 2018 Source: Kris Lovejoy, CEO of BluVector.
15. Criminals will evolve faster than ever: Adversaries will start adopting Artificial Intelligence to better enable their attacks faster than cyber defenders, adding more insult to injury. Deterrence in cyberspace will continue to be very elusive and ineffective. It’s a repeat of the classic cat and mouse game. The criminal cats of 2017 will only get fatter in 2018 without better defenses. Source: Kris Lovejoy, CEO of BluVector.
14. Good Enough will fail: Too many professionals share a “good enough” philosophy that they’ve adopted from their consumer mindset that they can simply upgrade and patch to comply with the latest security and compliance best practices or regulations. In 2018, with the upcoming enforcement of the EUGDPR “respond fast” rules, organizations will quickly come to terms, and face fines, with why “good enough” is not “good” anymore. Source: Kris Lovejoy, CEO of BluVector.
2018 Cybersecurity Predictions From Cylance
13. Many more security vendors will testify on Capitol Hill: With major cyberattacks like WannaCry and the breach at Equifax getting the attention of lawmakers, it is only a matter of time before we starting seeing more cybersecurity companies be called to testify before congress. So far, victim organizations have taken the brunt of criticism from politicians and the press, but less attention is being paid to the companies promising to secure the sensitive data in the first place. There will be a moment when security vendors are asked to explain why their products weren’t able to live up to the promises of their marketing departments, which will have a serious impact about how we talk about the capabilities of security solutions. Source: Malcolm Harkins, Chief Security and Trust Officer of Cylance
12. GDPR will be the Y2K of 2018: Companies are publicly touting their GDPR readiness, but behind closed doors, I expect a lot of uncertainty about the ability to comply with these new and incredibly strict guidelines. While GDPR won’t result in the same public hysteria as Y2K, IT practitioners who were around at the turn of the century will feel a bit of déjà vu. In particular, many companies in the US are waiting to see how GDPR plays out stateside, and I expect in the first few years after its enactment, the EU will look to make an example of a multinational who fails to check all the boxes. Source: Malcolm Harkins, Chief Security and Trust Officer of Cylance
11. The conversation about critical infrastructure will shift towards social media: Social media was originally a fun a way to communicate and stay up to date with friends, family and the latest viral video. Along the way, as we started to also follow various influencers and use Facebook, Twitter & others as curators for our news consumption, social media became inextricably linked with how we experience and perceive our democracy. The definition of critical infrastructure, previously limited to big ticket items like power grids and sea ports, will similarly expand to include said social networks. While a downed social network will not prevent society from functioning, these websites have been proven to have the ability to influence elections and shape public opinion generally, making their security essential to preserving our democracy. Source: Malcolm Harkins, Chief Security and Trust Officer of CylanceContinue to next page for more predictions from Cylance, Infogressive, BeyondTrust, Kaspersky Lab, Palo Alto Networks and more. Welcome to the final page of our predictions list.
10. Standardized hacking techniques will make attribution even harder: In 2018, more threat actors will adopt plain-vanilla tool sets, designed to remove any tell-tale signs of their attacks. For example, we will see backdoors sport fewer features and become more modular, creating smaller system footprints and making attribution more difficult across the board. And, as accurate attribution becomes more challenging, the door is opened for even more ambitious cyberattacks and influence campaigns from both nation-states and cybercriminals alike. Source: Kevin Livelli, Director of Threat Intelligence of Cylance
9. Nuclear Malware: Destructive malware will hit the U.S. in a big way. Either some large company or a particular vertical will have a malware event that destroys hard drives similar to the 2012 attack against 30,000 workstations at a Saudi oil company. Source: Justin Kallhoff, CEO, Infogressive
8. Ransomware Outsourcing Accelerates: Ransomware attacks are likely to increase multi-fold in 2018. Notorious ransomware families like Locky and Petya are getting more advanced and finding new vulnerabilities to exploit, while ransomware itself is taking on new forms (e.g. disguised as JPEG and PDF attachments) and is becoming more destructive than ever by attacking critical disk regions and forcing reboots that enable the ransomware to circumvent existing security software. At the same time, ransomware payments have become more anonymized through cryptocurrency, and hackers now have the ability to “outsource” the development of custom ransomware strains to hackers willing to offer creative, revenue-share ransomware. As these changes continue to develop, we'll see a shift in cybersecurity thinking from “post-attack” recovery to “pre-attack” prevention." Source: Hyder Rabbani, COO, CyberSight
7. Cloud Security Concerns Die: 2018 will be the year organizations finally realize the cloud is actually more secure than storing critical apps on-premises. Amazon, for instance, has hundreds of employees working on a single service in its cloud with the goal of maintaining that service’s security. In general, the cloud is more secure when considering the investments companies like Microsoft, Amazon and Google have made in order to deliver the type of service their customers need. 2018 will be the year that IT leaders will stop asking if the cloud is safer than on-prem, the question will become obsolete as cloud security permeates the enterprise. Source: Kaseya
6. Many enterprises will scramble to become GDPR compliant at the Final Hour, while some states adopt their own GDPR-like regulations. Starting on May 25, 2018, The General Data Protection Regulation (GDPR) will be the global law of the land for the European Union. Source: Alfresco.
5. The United States will launch a cyber attack against an enemy: Bombshell! Following announcements by current President Donald Trump to “Wait and See” how the U.S. would handle foreign enemies, the U.S. will launch a coordinated cyber attack on Iran and North Korea rather than sending in physical troops. This “act of war” will be launched preemptively as the first public internet attack from a first world nation, and will cause the near total destruction of internet resources in these countries. Source: BeyondTrust, which specializes in integrated privileged access management.
4. More supply chain attacks. Kaspersky Lab’s Global Research and Analysis Team tracks over 100 APT (advanced persistent threat) groups and operations. Some of these are incredibly sophisticated and possess wide arsenals that include zero-day exploits, fileless attack tools, and combine traditional hacking attacks with handovers to more sophisticated teams that handle the exfiltration part. We have often seen cases in which advanced threat actors have attempted to breach a certain target over a long period of time and kept failing at it. This was either due to the fact that the target was using strong internet security suites, had educated their employees not to fall victim to social engineering, or consciously followed the Australian DSD TOP35 mitigation strategies for APT attacks. In general, an actor that is considered both advanced and persistent won’t give up that easily, they’ll continue poking the defenses until they find a way in. When everything else fails, they are likely to take a step back and re-evaluate the situation. During such a re-evaluation, threat actors can decide a supply chain attack can be more effective than trying to break into their target directly. Even a target whose networks employ the world’s best defenses is likely using software from a third-party. The third party might be an easier target and can be leveraged to attack the better protected original target enterprise. Source: Kaspersky Lab.
3. Malware invades hardware at increasing rates: 2017 saw an increased amount of malware attacking the firmware and memory of hardware devices like disk controllers, fingerprint sensors, and computer cameras. As most malware detection products can’t identify malware on hardware, expect hackers to increasingly turn to this type of attack during 2018. Source: Lastline, a provider of breach protection products.
2. The cloud will accelerate channel partner migration to next-generation security innovators. Source: Palo Alto Networks Channel Chief Ron Myers
1. IoT safety and security viewed through a single lens: As we look at the IoT, especially at OT-type environments and manufacturing plants, where there are industrial-type systems that are all connected, we’re starting to see how the operational world and the traditional IT world will come together. We will see continued merging of traditional safety (e.g. safety of employees) and IT security. And the more connected devices we see, the more prevalent this integration will become. Source: Thales eSecurity Chief Strategist for Cloud and IoT Security John Grimm.
Your Predictions: If your company has cybersecurity and MSSP predictions to share, please email me ([email protected]) for consideration.