2018 Security Predictions (Part 3)
More threat vectors, more hacks, and more ransomware increase demand for more sophisticated malware detection and analysis.
Join the DZone community and get the full member experience.Join For Free
Given how fast technology is changing, we thought it would be interesting to ask IT executives to share their thoughts on the biggest surprises in 2017 and their predictions for 2018.
Here's the third article sharing what they told us about their predictions for security moving forward. We'll cover additional predictions for 2018 in future articles.
Security will shift left and development will claim it was all their idea. The portmanteau of DevOps continues to be “portmanteau’d” with DevSecOps. Of course, security has always been in operations and tasked with enforcement in dev, so the idea of calling it out is little more than marketing air cover. Nevertheless, the continued enforcement of security in development will increase and become more prevalent as development realizes the security team is serious…this time.
With cloud adoption continuing, security teams must enforce compliance at all levels. Previously, dev and test were wide open and allowed for no supervision for deployments. This was to enable speed. Security was only enforcing in production or “prod-minus-one” environments. Now with DevOps, that system breaks down. DevOps teaches us to have the same deployment mechanism for all endpoints. That means operations deploy the way development does…it also means development has the same scrutiny and standards as production.
Once that requirement is made clear to development, the dev team will immediately begin to look for ways to automate that security enforcement, but in a development way. In turn, those tools and processes will be then adopted by operations. And the circle of life in DevOps will continue.
Europe will be adopting GDPR, but in doing so this affects companies worldwide who conduct business in Europe and collect data from European citizens. The impact will represent a seismic shift in the mentality and attitude towards data handling procedures, which have been all too blasé and lax in many parts of the world. The cost of full compliance will be huge, and I expect many SMEs will be underprepared at the cutoff date of 25th May 2018.
It will be very interesting to see how the courts enforce penalties for breach of regulation as the severity (or lack thereof) of the fines issued will determine how seriously companies view GDPR and how much resources they allocate towards compliance.
Ransomware is going to be platform agnostic and can lock people out of any device or system. The financial payment for ransomware is going to evolve significantly so that it will be as easy as clicking once to pay the ransomware. It will target time-sensitive systems and events, so watch out if you are taking part in the World Cup next year as cyber-crime will always be looking for major events to trick and take advantage of people wanting to get access to their favorite sport or concerts. RansomScare will also be the next threat which will become a life and death situation unless a ransom is paid.
In 2018, enterprises will need to embrace a continuously adaptive approach to information security because in an increasingly digital business world, binary decisions – black or white, allow or block – do not work. Enterprises have to think about how to enable transactions when all the information is not available or there is a known level of risk. Making adaptive decisions based on identity, behavior, and risk will enable more effective threat prevention.
The CISO will be reborn and rebranded: Since its initial inception, a CISO’s true role has been a topic of hot debate. Are they organizational influencers and C-suite members or just sacrificial lambs in the event of a security breach? Recent trends show that fewer CISOs are reporting directly to the CIO, and are instead acting more independently and strategically within their organization. A key driver of this could be that cybersecurity is now on the boardroom agenda in its own right, instead of falling under “general IT issues.” As a result, many CISOs are now spearheading security messaging instead of CIOs or CTOs, who previously handled such communications.
Boards will add new seats to the table: As the role of security continues to gain prominence at the C-level, expect to see more boards invest heavily in recruiting the services of technical experts and consultants, both as voting members and as advisors to lead board subcommittees. The subject of security risk will also become an increasingly hot potato during all potential acquisition and divestiture discussions, with poor security practices likely to cost organizations dearly. As part of this, security teams will also come under greater scrutiny than in the past, with any investments made coming with significant pressure to produce tangible results.
Security programs will increasingly be used to drive sales: With the importance of robust data protection being felt by nearly every organization around the world, robust internal security programs are starting to emerge from the corporate shadows to become sales tools in their own rights. Not only can effective communication about strong security policy help attract new clients and customers, but it can also become key in retaining existing ones. Wise security leaders are realizing the importance of correctly marketing security to prospects and are using specialized communications staff to support the sales team in this matter.
“Shock and awe” security reporting will come to an end: For a long time, the security industry has been guilty of using shock and awe tactics to try and hammer home the importance of network and data protection. However, this dramatic style of reporting is now starting to give way to a more level-headed, factual approach. Headline numbers like spam counts are increasingly being replaced with more useful and pertinent information, such as levels of risk and ways to remedy any identifiable gaps. This greater focus on results-based measures and the level of effort required, particularly around detection and response, will help move the security conversation forward in a constructive way, rather than scare boards into increasing security budgets by using shock tactics.
Incident response will overtake and drive traditional Disaster Recovery programs: A robust Disaster Recovery (DR) strategy has long been seen as the cornerstone of a good security practice. Some larger organizations even have entire departments dedicated to effective DR. As a result of a recent shift, however, many DR activities have been absorbed by a larger process known as Cyber Incident Response (CIR). As cyberattacks become more sophisticated in nature and more frequent in regularity, CIR provides a more comprehensive overview of potential risk, impact, and loss in the event of an attack. While effective DR remains critical to recovery, the completeness of visibility, along with the applied value of analytics and speed/repeatability of response will be the new measures of security success.
New Biometric technologies will create new attack surfaces: There will be widespread adoption of machine-learning based facial recognition tools as many companies follow in the footsteps of technology giants such as Apple. This will open up a new threat landscape for weaponized hacking techniques that specifically aim to bypass this new generation of biometric authentication.
New threads of ransomware: There are two logical steps for this evolution, following on from 2016’s ransomware and 2017’s ransom worm epidemics. First, we’ll see ransomware that specifically targets and encrypts structured database records. Then, we’ll see a movement toward holding services and servers to ransom, as opposed to just data.
Understaffing will create security blind spots: There are more than 13,000 job openings for incident responders and security analysts in the US alone. With alert fatigue and a lack of capable staff, we will see more large security incidents occur simply because the affected company will not have the resources to deal with security incidents as they arise, whether security staff can detect them or not.
Cyberinsurance Requisites--Can Faulty Protection Be a Pre-Existing Condition?
Looking back at the impact of previous breaches and the massive commercial impact that they have had, the adoption of cyberinsurance will rise in 2018, but so too will cyberinsurers’ demands that businesses demonstrate a whole new level of data privacy and security preparedness if they are to qualify for insurance. The more commonplace breaches become, the higher the bar will grow to obtain approved insurance, which may play itself out in the form of providing vendor assessments, incident response plans, implemented policies and employee training, and data processing audit trails.
Biometrics, or When an Eye Ball Scan is Stolen
In 2018, we’ll see less emphasis on traditional passwords and more on ways to achieve security via 2-factor authentication techniques involving biometric solutions like voice recognition, facial scans, and fingerprints. For security vendors, the storage and record-keeping stakes are higher to protect biometric data because contrary to a credit card number that can be discontinued, you can’t replace a person’s facial structure with a new one once a facial scan is compromised.
“Know Thy Data” Will Reign--To Mitigate Risk and Increase Reward
With the GDPR taking effect amid an increase in global regulatory scrutiny from data breaches and new national laws, 2018 will be the year where companies understand their own data better than ever. Externally imposed imperatives to inventory and map a company’s data flows from all jurisdictions and sources--whether customer, employee, website/mobile, data partner-purchased, or passed to a company for processing--will result in companies better categorizing, monetizing, and making decisions on their data.
Cyber capabilities will have an increasingly significant impact on international relations and political conflicts in 2018 and beyond. In the past few years, we have seen an increase in nation-state cyber-attacks – or at least an increase in the detection of such attacks – ranging in intent from disruption, to espionage, and attempts to control the narrative and sway public opinion on various topics.
As such attacks increase in number, sophistication, and impact, the demands upon cybersecurity professionals and incident response teams increase proportionately, while the noise from false-positive alerts increases disproportionately. As a result, it’s likely we will see increased demand for sophisticated malware detection and analysis products.
Opinions expressed by DZone contributors are their own.