2018 Security Predictions (Part 4)
2018 Security Predictions (Part 4)
The cybersecurity landscape is ever-changing, offering more opportunities for criminals to make money (a.k.a. bitcoin) and organizations to develop new defenses.
Join the DZone community and get the full member experience.Join For Free
Protect your applications against today's increasingly sophisticated threat landscape.
Given how fast technology is changing, we thought it would be interesting to ask IT executives to share their thoughts on the biggest surprises in 2017 and their predictions for 2018.
Here's the fourth article sharing what they told us about their predictions for security moving forward. We'll cover additional predictions for 2018 in future articles.
The fact that NSA-developed hacking tools have been stolen and are now in the hands of the digital underworld, everyone is on edge and waiting to see what the next big breach will be. Meanwhile, the explosion in the number of internet-connected devices – consumer products, IoT Edge devices, and the like – presents an enormous and vulnerable attack surface, and most of these devices are very hackable. In terms of cloud computing, we see CIOs and CTOs shedding some of the general distrust of platforms like AWS, Azure, and Google Cloud. These C-level execs are embracing the shared-responsibility model when it comes to securing data and computer assets in the cloud. That said, many companies that offer data and web services to their customers still have contractual agreements in place that prohibit storage of sensitive data in the cloud. It will take months or even years for these changes to take place.
Machine Learning-Based Security
Machine Learning and AI will continue proving their worth in the security space. The shock and awe has faded, and now we are really seeing effective applications of these technologies that go beyond marketing buzzwords. Another area that will see more support from vendors is shared threat intelligence. This has always been a challenge, maybe more so in the private sector than the public sector, and security vendors are weaponizing threat intel, either from within their customer pool or across vendors, to better equip customers to address potential threats. Both areas will help push us more towards frictionless security workflows that enable a more risk-based approach to safeguarding digital assets. OneLogin is embracing this not only as part of our product offerings but also for our own security programs.
Companies will also realize that, even though they are shifting to cloud applications for many functions as part of a broader Digital Transformation effort, there are some applications that simply cannot be moved to the cloud. Perhaps it’s because the person who set them up has long since left the company. Or perhaps it’s because the applications need to be a particular location due to data residency or network latency issues.
Whatever the reason, companies need to be able to extend the benefits of the cloud to these earthbound apps. We call this Digital Transposition since it shifts or transposes the benefits of the cloud to on-prem apps. We believe it should be part of every company’s Digital Transformation strategy.
Companies are going to look for ways to manage on-premise applications as easily as they can manage cloud applications. This includes a central, cloud-managed point of control for identity and access management that pushes access policies down to on-prem apps, and allows end users to view on-prem apps and cloud apps in a unified Single Sign-On portal.
Companies will demand that Identity and Access Management vendors open up their services to API-driven access. This will enable companies to use their IAM systems for custom-built applications used by their customers.
Think of an online retailer: they want to share the same customer identity across their customer-facing app, their CRM system (say, Salesforce), and their customer support application (say, Zendesk), so they can have a unified view of the customer. Doing this requires API-driven access to connect each of these apps to their identity store. So, we’ll see customers look for companies that provide API access to all their functionality, and vendors will lead with an API whenever building new functionality.
As demonstrated by the events in 2017, hackers are now aware that 1) healthcare organizations are willing to pay cybercriminals and 2) healthcare providers are aware that service disruption can be just as damaging (if not more) than losing PHIs and EMRs. In 2018, organizations should expect hackers to target healthcare organizations to disrupt service and hold hostage their ability to provide care. The simplest way for hackers to accomplish this is to use ransomware locking down all connected medical devices rather than encrypting PHIs. The delay in security implementation due to the confusion of knowing which security solutions can actually protect connected medical devices is another window of opportunity hackers will leverage.
The rise of automation and orchestration
More organizations will turn to automation and orchestration technologies to bring together data from various "sensors" and create actionable intelligence. This will provide a way to augment lines of communication and gain the most from their investments in Cyber Security. Security vendors will be putting more focus into to building integrations that will aid this kind of automation.
People will continue to be the weakest link
Social engineering will continue to be the go-to strategy for cybercriminals. People are the easiest way into an organization, they can be easily duped into providing credentials or executing malicious code, often subconsciously. There needs to be a two-pronged approach to counter this: 1) invest in security foundations to mitigate these types of attack executing; 2) Provide security awareness training.
Ransomware will continue to plague organizations with ‘old’ attacks "refreshed" and reused.
The threat of ransomware will continue into 2018. This year we’ve seen ransomware wreak havoc across the globe with both WannaCry and NotPetya hitting the headlines. Threats of this type and on this scale will, I’m sure, be a common feature of the next 12 months.
To GDPR or not to GDPR
The European Court of Human Rights ruled that companies must inform employees in advance if their work email accounts are going to be monitored. This monitoring must not infringe upon workers' privacy. GDPR also applies to employee privacy and data handling and includes large fines for noncompliance. Many organizations will be scrambling to understand the legislation and establish how to comply. Rather than taking a tick box approach to this, it's the ideal opportunity to put a real focus on reviewing end-to-end security systems.
Cybersecurity, essentially, is a constantly changing structure of Information Technology and Information Systems and the respective security risk(s) to an organization by the emergence of new vulnerabilities and threats. New systems, devices, and gadgets are being developed and introduced at rates that defy quality controls, and, for these reasons, the cybersecurity landscape is ever growing.
The newest and highest impacting development is the emergence of smartphones. The smartphone is essentially a hand-held computer with a telephone as only one application. They have the ability to house and access Personally Identifiable Information/Non-Public Information (PII/NPI) information, Health Trackers that house information that would be considered Personal Health Information (PHI), and access to personal bank accounts and credit cards which is Payment Card Information (PCI). In many cases, these devices also have VPN clients that allow access to a person’s workplace network. That is a lot of information in the palm of your hand.
Now if we examine the security of the device, it is not nearly what we find in the medical database, the bank and credit card suppliers, or corporate networks. Personal devices are lost, stolen and hacked to pillage all of the above data. In my opinion, I see a current trend to focus on portable hand-held smart devices in regard to their vulnerability and threats that will impact them.
DevOps is still maturing and while many organizations are shifting to DevOps, 2018 will see the largest adoption of DevOps yet. The DevOps movement will continue to grow and increase its scope to cover additional aspects of the product’s lifecycle. This includes the practice of bringing security into the development lifecycle through DevSecOps. Successful DevSecOps adoption will allow organizations to overcome slow processes and long cycles of security tests with inaccurate findings. To achieve this, security vendors need to work harder to adapt secure practices in DevOps environments to improve the security of applications, starting at the source.
Paying ransom or giving your device to the dark side is on the horizon for 2018. Criminals crave all the processing power they can get to mine Bitcoin and perform DDoS attacks. What better way to do it than by ransoming cycles from consumer devices? Additionally, phishing scams will adapt and become more prevalent on mobile devices, hiding in fraudulent personal text messages, device alerts, and apps. Motivated hackers know that email is not the only route to inciting an unsuspecting user to give up personal information, sensitive data, and financial information.
Security horizon for 2018: another credit reporting agency or someone with a similar scale that covers the majority of US adults will have a security breach. And it will add fuel to the fire to replace social security numbers with a new form of digital identity. All talk in 2018. Baby steps on making it happen in 2019.
Opinions expressed by DZone contributors are their own.