2018 Security Predictions (Part 1)
More hacks from everywhere: ransomware, state-sponsored, cloud, AI, works, IoT, fake news, data, PII, microservices, and unikernals.
Join the DZone community and get the full member experience.Join For Free
Given how fast technology is changing, we thought it would be interesting to ask IT executives to share their thoughts on the biggest surprises in 2017 and their predictions for 2018.
Here's the first of six articles sharing what they told us about their predictions for security moving forward. We'll cover additional predictions for 2018 in five future articles.
Ransomware attack trends will bifurcate based on motives. Ransomware as a disruptive or destructive attack will increase. Cyber warcraft is the new oil — in essence, total control of corporate networks or industrial plants have become as valuable as energy resources and motivate nation states as such. However, ransomware purely for financial gain will decrease due to fewer victims paying.
North Korea will continue to flex its cyber muscles. North Korea will continue to use cyber-attacks to gain access to much-needed hard currency. North Korea showed the world its cyber skills when hackers successfully stole $81 million from New York Federal Reserve in 2016 and when hackers launched the WannaCry outreach in May 2017. The army of hackers is 6,000 strong, demonstrating that the country poses a devastating threat to any targets it chooses. Further, North Korea’s lack of electronic infrastructure makes it less susceptible to retaliatory cyber attacks than most nations. Even more concerning, the lines between nation-state cyberwarfare and cybercrime will become increasingly blurred.
Exfiltration of data from cloud-based storage will accelerate. We will see an uptake in the exfiltration of sensitive data at the cross-section of IaaS and PaaS. And organizations will often have no idea that their data has been stolen. Virtual forms of traditional security products will be powerless to contain this threat.
The way the good guys and bad guys use AI will shift. Cybersecurity is an arms race and the weaker party will resort to asymmetric means to achieve its goals. Just as organizations are adopting machine learning and AI to improve their cybersecurity posture, so are the threat actors. Attackers are using machine learning to speed up the process of finding vulnerabilities in commercial products, with the end result being that attackers will use ever more new exploits without signaling that AI was involved in their creation. AI will also increase the number of qualified cybersecurity professionals as it lowers the barriers to entry into the profession and allows less trained individuals to still be effective on the front lines of the cybersecurity battle. In addition, AI will allow existing cybersecurity professionals to move up-market by leveraging AI to find more complex attack scenarios before they do significant damage.
The return of the worm. Worms will rear their ugly heads again as a popular method of fast propagation of malicious payloads. Worms can bypass the need to get past firewall and phishing controls, easily accessing the soft underbelly of the enterprise network. In the wake of worm attacks like WannaCry and copycats, enterprises will continue to struggle to get out in front of a worm progression moving at machine speed.
In 2018, expect more of what we’ve gotten used to match with more aggressive defensive tools and techniques. IoT and IIoT attacks will likely surge after a year out of the limelight. And, the European Union GDPR goes into effect in May 2018, so look for confusion and disruption as the new requirements for data/system protection, breach notice, and penalties kick in.
Fake news will cause chaos. We have all heard about it but sometimes struggle to grasp the extent of it. With almost all news shared on social media being fake, it is left up to the person reading it to determine whether the information is true to believe makes the world a very unpredictable place moving forward. With no indicators on the source or truth of the news on social media many countries, democracies, and nation states will struggle with transparency and could become politically unstable. It only takes one fake news from a trustworthy source to devalue the entire news feed forcing us to question what is real. Fake news is a form of a cyberattack and will only grow significantly.
Security in our data remains one of the biggest areas of concern whether in current use of protection measures or through the use of distributed ledgers. Both enterprise and consumer platforms will rapidly move to implement new ways of keeping our information safe and useful. Our platform uses a combination of measures to accomplish the movement of data and the ability to use that data in managing devices, without compromise.
Our exposed PII will come back to bite us: Our Identity is no longer ours. Personally Identifiable Information (PII) is no longer valid - since so much of it has been exposed in breaches over recent years. Everyone needs to acknowledge that they have been breached and are vulnerable and that attackers have more of our personal information than ever before. As a result, we will start to see new types of attacks that leverage the rich amount of PII that is publicly available. Given the huge pool of PII data collected it could be weaponized to cause massive attacks on major entities (e.g. government, financials, healthcare system, etc.), and the rich data they have on individual users could create uniquely sophisticated phishing/social engineering attacks that are undetectable and indistinguishable from the real thing, life-taker-over will be a possibility.
The industry will realize security needs to be comprehensive and that requires a cultural shift: Corporations are just coming to terms with the fact that security starts at the top and responsibility extends across the entire organization. Breaches are not due to one or a handful of individuals or even a specific set of policies and you can’t point to a scapegoat or a single change of events as the root cause. These days, everyone in the organization plays a role in security. In security, there is no such thing as a bad apple - it’s a bad barrel. Organizations must realize that security must be a component of corporate culture, and in order to make that a priority, it must come from the top down.
AI security vendors will need to shift from technology to results: Vendors touting AI will finally realize that customers want to see results and not just flashy marketing. Companies selling AI-powered products will need to find a way to start showing results in a quantifiable way, and not simply pitch their solution, and those that do this will be leaders in the industry.
There will be an increasing desire to quantify risk: We are starting to see the shift from qualitative risk measurements to quantitative. IT teams are under more scrutiny and therefore need to show the return or effectiveness of their activities to answer questions about how security dollars being spent and their impact on the overall security of the organization. This is especially true as we move from a reactive model to a proactive model for security.
Some security “best practices” will show up in the dead pool: New deployment models like cloud and containers will cause organizations to give up on patch management as a security control – replacing updated VMs or containers is much easier than patching in place. Those same dynamic and distributed deployment models make choke point firewalls or those that rely on traffic steering to lose favor to rising micro-segmentation controls that provide security enforcement as dynamic as the environments they support.
On shadow IT: Every business wants to be more competitive, and the growing acceptance of shadow IT helps. Enterprise reliance on shadow IT will explode in 2018, and so will cyberattacks on these resources. Organizations will need to develop comprehensive policies and strategies for their shadow IT, or the consequences will be stark.
On state-sponsored cyberattacks: Put simply, cyber is the new battleground for cross-state conflict. There are a few reasons that this situation has evolved to the point that seeing attacks on U.S. infrastructure will happen in the near future - growing dependence on technology, growing challenges in protecting technology, and the attractiveness of cyber warfare. These issues have existed for years, but they're independently hitting critical mass while at the same time converging into a "perfect storm" situation.
Shift towards microservices. There has been a significant shift towards micro-services in the technology space, which has increased in popularity in the last couple of years and is increasingly becoming the starting point for any newly designed application. Organizations are now starting to invest more widely in this framework. In 2018, we are likely to see a greater desire among organizations for more secure micro-services. With this comes lots of questions from security groups about where the trust is, how do we do cryptography, how do we protect information, etc.
Greater interest in unikernels. In 2018, we will see greater interest in unikernels, which are very similar to Docker containers and other related concepts. The difference is that instead of maintaining an operating system with a kernel, in the unikernal, the application stack will have everything it needs already incorporated and nothing else is immutable. Interest in unikernals has increased due to reduced threat vectors around running an application.
The evolution of cloud. Cloud continues to evolve more and more as cloud providers are turning to the protection and security capabilities that both enterprises and buyers need. More control is still required whether its cryptography, keys or identity and continued investment in enterprises is a growing trend to make the cloud more like their world. We can expect that users on-prem will still be able to have a seamless experience with things that are spun out to the cloud but remain harmonized. There is a collective appetite for greater enterprising of the cloud.
GDPR. There is a growing scramble around GDPR as organizations look to address technical aspects of the demands of the legislation. Questions will need to be answered on what data exists, how it can be handled, how scale can be added to all applications, which transformation initiatives can help with this, etc. In 2018, both the technical and process harmonization will have to happen.
It’s not out of the question for us to see an increased volume of sophisticated attacks finding their way into cloud environments as organizations scramble to meet the demands of the regulation.
Resurrection of technologies. In 2018, we are likely to see the resurrection of technologies like PKI, which have been solely serviced for a long time with the same architecture and concepts. There is interest in the market in new ways to do PKI – rigid lines do not exist anymore and clearer lines of separation are needed to forge barriers of trust.
Encryption by default remains a trend, particularly data encryption for stored and utilized data.
Key management will remain a big challenge with the significant desire and requirement for enterprises and for large cloud providers.
The full deployment of a private Blockchain consortium is looking more likely, representing a move beyond proof of concept and towards things actually being transacted as opposed to just a novelty.
We are also likely to see value creation move closer to devices in the IoT and then aggregate back to a central repository.
Opinions expressed by DZone contributors are their own.