2018 Security Predictions (Part 5)
2018 Security Predictions (Part 5)
In this edition of our predictions series, experts discuss more-and-more sophisticated ransomware attacks and 'Hyperwars' with AI-based obfuscation.
Join the DZone community and get the full member experience.Join For Free
Given how fast technology is changing, we thought it would be interesting to ask IT executives to share their thoughts on the biggest surprises in 2017 and their predictions for 2018.
Here's the fifth article sharing what they told us about their predictions for security moving forward.
In 2018, the developer-security movement will focus on changes in the infrastructure, security operations, underline development tools, etc., which will narrow down the option to mistakenly damage application security and will allow better application security without changing the development process or slowing down TTM. We should not expect the developer to be a security expert, nor should we slow down the development process to allow review and inspection. Instead, tools are and will be developed to allow the developer to keep rapid development without violating application security.
Many more security vendors will testify on Capitol Hill: With major cyberattacks like WannaCry and the breach at Equifax getting the attention of lawmakers, it is only a matter of time before we start seeing more cybersecurity companies be called to testify before Congress. So far, victim organizations have taken the brunt of criticism from politicians and the press, but less attention is being paid to the companies promising to secure the sensitive data in the first place. There will be a moment when security vendors are asked to explain why their products weren’t able to live up to the promises of their marketing departments, which will have a serious impact on how we talk about the capabilities of security solutions.
GDPR will be the Y2K of 2018: Companies are publicly touting their GDPR readiness, but behind closed doors, I expect a lot of uncertainty about the ability to comply with these new and incredibly strict guidelines. While GDPR won’t result in the same public hysteria as Y2K, IT practitioners who were around at the turn of the century will feel a bit of déjà vu. In particular, many companies in the US are waiting to see how the GDPR plays out stateside, and I expect in the first few years after its enactment, the EU will look to make an example of a multinational who fails to check all the boxes.
The conversation about critical infrastructure will shift towards social media: Social media was originally a fun a way to communicate and stay up to date with friends, family, and the latest viral videos. Along the way, as we started to also follow various influencers and use Facebook, Twitter, and others as curators for our news consumption, social media became inextricably linked with how we experience and perceive our democracy. The definition of critical infrastructure, previously limited to big-ticket items like power grids and seaports, will similarly expand to include said social networks. While a downed social network will not prevent society from functioning, these websites have been proven to have the ability to influence elections and shape public opinion generally, making their security essential to preserving our democracy.
Standardized hacking techniques will make attribution even harder: In 2018, more threat actors will adopt plain-vanilla tool sets, designed to remove any tell-tale signs of their attacks. For example, we will see backdoors sport fewer features and become more modular, creating smaller system footprints and making attribution more difficult across the board. And, as accurate attribution becomes more challenging, the door is opened for even more ambitious cyberattacks and influence campaigns from both nation-states and cybercriminals alike.
In 2018 expect new AI-based obfuscation tools to be released. Intelligence analysts are calling the battle of artificial cyber-intelligence a “Hyperwar."
Perhaps the deadliest avenue for black hat AI, or machine learning, is in probing vulnerabilities. Imagine AI tools “Fuzzing” applications or automating the finding of security weaknesses. Nefarious tools along these lines will be released in 2018 and escalate cyberwarfare into a “Hyperwar.” In 2018 expect new AI-based obfuscation tools to be released. Intelligence analysts are calling the battle of artificial cyber-intelligence a “Hyperwar.”
Ransomware attacks are likely to increase multi-fold in 2018. Notorious ransomware families like Locky and Petya are getting more advanced and finding new vulnerabilities to exploit, while ransomware itself is taking on new forms (e.g. disguised as JPEG and PDF attachments) and is becoming more destructive than ever by attacking critical disk regions and forcing reboots that enable the ransomware to circumvent existing security software. At the same time, ransomware payments have become more anonymized through cryptocurrency, and hackers now have the ability to “outsource” the development of custom ransomware strains to hackers willing to offer creative, revenue-share ransomware. As these changes continue to develop, we'll see a shift in cybersecurity thinking from “post-attack” recovery to “pre-attack” prevention.
I think we’re going to continue to see more insider attacks occur in 2018, caused by careless, rather than malicious, insiders. In addition, organizations will likely experience the first successful “ransom-app” attack - instead of ransoming data, someone will create malware that exploits a weakness within a commercial application that they will then hold for ransom. It’s not just about kidnapping an organization’s data for payment anymore, but rather, it’s about taking control of an organization’s applications and getting it to pay a hefty amount of money to regain control of them.
In 2018, Blockchain can be expected to hit the mainstream. The promise of Blockchain, or, specifically, distributed ledger technology, has captured the attention of business and IT leaders across multiple industries. Now is the time to move from hype to reality. Below are some thoughts on what to expect in 2018 and beyond:
- Cryptocurrencies and ICOs will continue to make inroads in traditional finance flows as well as pre-IPO value creation.
- We will see more enterprises beginning to graduate out of their Proof of Concepts and Shadow Blockchain to begin applying their learnings more widely in their business processes, along with launching new business models.
- The big challenge for companies remains scalability (this is where the Mainframe comes in). Currently, the goal is to hit >1,000 transactions per second with permissioned Blockchain, but most implementations are not even close (5-10 transactions per second). Customers will be looking for scalability, performance, security (as data becomes more transparent), and governance – the Mainframe is primed for this.
- DevSecOps is now mainstream for traditional systems but the same principles and practices need to be applied across multiple parties in a participating Blockchain - newer complexities on identity, data transfer, and governance will emerge.
- Blockchain technology will further cement itself as the key ingredient in creating an Enterprise Digital Trust platform and thus encounter “Enterprise Hardening” challenges around Data Security, Governance, Scalability, and Performance. Those companies who address the barriers head on and pace set for the rest of the industry will emerge as winners. Confidence is coming with big banks proving the technology out.
Harry Picarriello, Chief Marketing Officer, GigaTrust
Malicious software will continue to pose threats to organizations, not only because the number of malware programs is increasing, but also due to the continuously changing threat landscape. Attackers will target users by deceiving them into visiting infected web pages, and through cyber espionage, ransomware, and malicious attachments in email.
The summer of 2017 seemed like rock bottom with the deluge of ransomware attacks, yet it is likely only the beginning. 2018-2020 will undoubtedly bring a dramatic escalation. I don’t think we’ve seen anything yet in terms of how rapidly new threat vectors are uncovered and exploited. It is imperative that all organizations start bringing in IT resilience-minded employees and giving them a seat at the table, and that shareholders roundly reject those management teams who fail to put a priority on the safety of their customer data. The “bad guys” out there are aggressive and passionate when it comes to adding new techniques and tools to their arsenal. Why would any business not protect its brand, its intellectual property, and, most importantly, its customer data with the same level of intensity? It's unfortunate that it may take a dramatic escalation in attacks, that I predict is coming, for so many leadership teams to finally wake to the reality that attacks are inevitable. Perhaps then we will see real, tangible, sizeable investments in people, technology, and process that fundamentally shifts their posture from laid-back and passive to one of true IT resilience.
Growing organizational dependence on cloud service providers (CSPs) and the continuing proliferation of major security breaches will create an immense pressure on CSPs to demonstrate they can be trusted to look after sensitive data. Expect a frenzy of activity as CSPs scramble to achieve the required certifications to demonstrate they are able to handle data securely.
Opinions expressed by DZone contributors are their own.