“Algorithms are the key to detecting and mitigating cyber attacks”
Gerard Bauer, VP EMEA, Vectra Networks shares his security predictions for 2016.
1. The shortage of security researchers and incident-response talent will get worse.
The dire need for security researchers and incident response personnel is growing faster than the available talent pool. This will prompt organisations to rely on the automation of manual, time-consuming security tasks. It’s the only practical short-term way to free-up the thinning ranks of security teams to focus on critical and strategic security work.
2. Organisations will realise that algorithms – not Big Data – are the key to detecting and mitigating cyber attacks.
To combat cyber attacks that evade perimeter security, enterprises are collecting petabytes of flow and log data in hopes of detecting attacks. These systems turn into unwieldy analysis projects that typically detect an attack only after the damage is done, wasting valuable time and money. Threat detection algorithms will play a significant role in making Big Data more useful and actionable.
3. Cyber attackers will increasingly use mobile devices to get inside enterprise networks.
Stagefright vulnerabilities on Android were just a preview of things to come. And threat researchers recently claimed a $1 million bounty for remotely jailbreaking iOS. They’ve both been the target of malicious ad networks and Trojan apps. Users of these infected mobile devices – whether personally-owned or company-issued – can easily walk through the front door and connect to enterprise networks, exposing critical assets to cyber attackers.
4. SSL decryption will become increasingly difficult.
Attackers increasingly target and compromise certificate authorities as part of sophisticated man-in-the-middle attacks. This leads more applications to enforce strict certificate pinning, and consequently make the inspection of SSL encrypted traffic far more difficult for traditional security products.
5. Ransomware will focus more on holding enterprise assets hostage and less on individuals.
Ransomware will take on a new, larger role by concentrating attacks on enterprises, holding critical asset hostage in return for even bigger money. Attackers love ransomware because it offers a more direct path to cash and is more profitable by eliminating the complex network of criminal fencing operations.
6. Although attacks against large enterprises will continue, cybercriminals will shift gears and target mid-tier enterprises.
Cybercriminals will turn their attention to mid-tier enterprises that typically have weak security infrastructures. They’re juicy targets because they rely heavily on just network perimeter and prevention security, which today’s sophisticated attackers easily evade.
7. Nation states continue to launch targeted cyber attacks.
Despite non-binding handshake agreements, nation states will continue to mount stealthy targeted attacks against foreign adversaries. Economic sanctions may become reality as the theft of personally identifiable information, intellectual property and classified data lingers as a contentious foreign and domestic policy issue.
8. Governments not materially improving their security posture.
As a consequence, there will be more data breaches and more embarrassing public acknowledgements. Everyone will agree something must be done, but efforts to step up cybersecurity will move at a snail’s pace, enabling attackers to spy, spread and steal undetected for many months.
9. The European Union forced to back-off privacy protection rules and consider mandatory breach reporting.
The old security paradigm is that someone’s data traffic must be inspected to determine the presence of a cyber threat or attack, resulting in the potential for privacy violations. However, new innovations in data science, machine learning and behavioural analysis will enable protection while preserving privacy.
10. Terrorism fears lead to weakened online security and privacy protections.
In the ongoing fight against terrorist attacks, governments will gain more power to gather privacy-compromising information and, in the process, will add backdoors that weaken online security for all.