2018 Security Predictions (Part 2)
2018 Security Predictions (Part 2)
In the coming year, experts predict that the GDPR will bring more public attention to the number of data breaches that are actually taking place.
Join the DZone community and get the full member experience.Join For Free
Given how fast technology is changing, we thought it would be interesting to ask IT executives to share their thoughts on the biggest surprises in 2017 and their predictions for 2018.
Here's the second of six articles (you can see Part 1 here) sharing what they told us about their predictions for security moving forward. We'll cover additional predictions for 2018 in future articles.
Machine Learning and AI will continue proving their worth in the security space. The shock and awe have faded, and now we are really seeing effective applications of these technologies that go beyond marketing buzzwords. Another area that will see more support from vendors is shared threat intelligence. This has always been a challenge, maybe more so in the private sector than the public sector, and security vendors are weaponizing threat intel, either from within their customer pool or across vendors, to better equip customers to address potential threats. Both of these areas will help push us more towards frictionless security workflows that enable a more risk-based approach to safeguarding digital assets. OneLogin is embracing this not only as part of our product offerings but also for our own security programs.
More attacks and more advanced. Attacks will be professionalized, especially in cases where the potential gains are higher. When new methods of cybercrime are shown to be successful, they will be immediately replicated by masses of imitators. This is one of the primary reasons for which the number of advanced attacks will increase significantly in 2018.
Malwareless hacking attacks: the number of malware-less attacks and attacks that abuse non-malicious tools will increase.
Compromised applications: we have seen this in the NotPetya attack, where versions of the accounting software M.E.Doc were compromised. Another case of special note is CCleaner, modified by unknown attackers in what appears to be an attack targeting specific victims of large technology companies. We’ll see this technique become more popular during 2018.
2018, the Year of Attacks on Companies. This year we had Sabre and Equifax, yet 2018 might still be considered the “the year of attacks on companies,” why? It’s simple: GDPR. This doesn’t necessarily mean that in 2018, companies will come under attack more than in other years. Rather, for the first time ever, the public will be made aware of each and every data breach, including those that, pre-GDPR, may otherwise be hidden from public knowledge.
Ransomware attacks will continue to be prevalent in 2018, since the potential return on their investment is very high, while the risk remains low.
In 2018, we will see more breaches at organizations that do not have an integrated, top-down approach to cybersecurity. After seeing the heads of Yahoo and Equifax in front of Congress, I suspect that CXOs and boards of directors will put extra focus on cybersecurity impacts, leading indicators, and best practices. An emphasis will be placed on cybersecurity education, and the dangers of common, less effective approaches to cybersecurity will become apparent. These same roles will also need to focus on institutionalizing and monitoring these best practices, as seasoned cybersecurity talent is scarce.
Unfortunately, I fear that there will continue to be substantial security breaches and issues in 2018, especially as more IoT devices flood the market. This will result in more regulatory discussions, which I hope actually help increase resiliency. AI/ML will be the buzzwords du jour at the major security conferences, but only a few vendors will actually be able to back-up their claims.
Denial of Availability
Ransomware has evolved multiple times in 2017 with the popularized “WannaCry” variant. Ransomware in 2018 will continue to evolve due to its continued profitability by malicious actors.
However, being impacted by Dynamic Denial of Service (DDoS) attacks in the form of the Mirai-Dyn attack was something we didn’t expect. While botnets aren’t new, the size of this botnet was able to significantly degrade services or create outages for webservices. Newer botnets like Reaper could be just as impactful or more for organizations that heavily rely on SAAS and cloud services.
- Continue to back up your shared information stores to prevent a loss of critical information. Additionally, periodically test your backups to ensure you can restore them if needed.
- As a protective control, make sure critical security patches are installed.
- Heuristic endpoint protection controls should be used as a reactive control.
- Use DDoS protection technologies and web-page load balancers to help maintain your availability during targeted attacks. This can help hold the tide while you contact your ISP to block the attacks further up the path.
- Test your incident response plans to help prepare all of your operational teams quickly address incidents that affect your availability.
Wire fraud is expected to continue because of the large payoff for a malicious actor if they are successful. Malicious actors spend a lot of time silently searching for potential attack vectors they can use. These attack vectors are unique to every organization but many of them do start will a hurried fraudulent email from your CEO asking you to send out a wire transfer.
The Equifax breach may potentially open up more tax fraud cases due to the large amount of Personally Identifiable Information (PII) that was breached. Tax Return Fraud is hard to detect until after you try to submit your own tax returns and receive a letter from the IRS indicating the problem.
- Periodic Security Awareness Training for all users along with enhanced targeted training for financial approvers.
- Baseline email monitoring for financial approvers to monitor for abnormal wire transfer requests.
- Use SWIFT or FEDLine two-factor authentication controls to ensure wire transfers cannot be fraudulently performed.
While the Equifax breach was a significant breach, it will not be the last breach we see. Organizations are not purposefully negligent or have a desire to disrespect the sensitive information they use to run their business. The problem is that there are so many points in an organization where hidden gaps can exist. Two common examples that we see today are poor application code or design and misconfigured cloud environments. During the post-breach retrospective events, the gaps are often not complicated and point back to basic technical controls.
- Integrate application security practices into your DevOps processes.
- Perform continuous vulnerability scanning to help identify gaps in your patching and configuration programs.
- Leverage PenTests to simulate how a malicious actor could get into your network along with what sensitive data they are able to find.
- Use cloud technologies like CloudChecker to help identify configuration issues with your cloud environments.
Rise of Virtual Fake Personas
Identity theft will likely continue to rise as more of our PII and Personal Health Information (PHI) is breached. Sadly, the new reality that many people face is that they’re now desensitized by all the breaches, which because we cannot regain our privacy, might mean they might become careless about protecting it even further.
Internet of Things (IoT) devices are beginning to saturate corporate organizations as well as see continued adoption from consumers. These devices seek to automate and simplify our lives; however, they are often neglected when it comes to administratively maintaining them. While a vendor may recommend applying new firmware updates, they are not applied unless the device starts misbehaving and someone applies the update to troubleshoot the issue.
The last type of threat is the prevalence of fake or phantom social media accounts that are used to push a political or organizational agenda. These types of “marketing” campaigns are expansive and there are currently no systems to separate real user opinions from paid responders. While Reddit is the most common example, this type of behavior is also seen in Amazon product reviews as well. Amazon has updated its policies to combat this but the fight for the authenticity of online reputation and opinion is long from over.
- Freeze your credit and use free credit monitoring.
- Track IoT devices in your asset inventory and regularly check each IoT for firmware updates.
Opinions expressed by DZone contributors are their own.