10 Security Predictions For 2018
New Year, New Threats
The cybersecurity industry enters 2018 still reeling from the WannaCry ransomware attacks and the Equifax data breach that impacted more than 143 million people.
As vendors and solution providers gear up to address emerging threats, they will also need to help customers contend with the European Union's onerous General Data Protection Regulation (GDPR) requirements once they take effect in May.
With end users contending with both increased risk and increased compliance requirements, many will elevate security to a boardroom-level discussion with the hiring of a Chief Security Officer or Chief Information Security Officer. Others will turn ongoing security monitoring and management over to a managed security service provider (MSSP) to capitalize on their tools and expertise.
Here are 10 security trends the channel should watch for in 2018.
Customers Won't Wake Up To The Threat of GDPR Until It's Too Late
More than three-quarters of cloud services were not ready for the European Union's GDPR regulations, according to a September report from Netskope. Trend Micro found that 57 percent of C-level executives shun the responsibility of complying with GDPR, which some unaware of what constitutes personally identifiable information and even unbothered by potential monetary penalties.
The legislation seems poorly understood, which will lead to many organizations waiting until the first prosecution is underway before they react, said BeyondTrust security experts. Many US companies are waiting to see how GDPR plays out stateside, and the EU will look to make an example of a multinational that is out of compliance, said Malcolm Harkins, Cylance's chief security and trust officer.
Businesses need to review their data security strategy, classify the nature of data, and distinguish EU data from data associated with the rest of the world. Trend Micro recommends that enterprises and industries handling sensitive data have a dedicated data protection officer (DPO) that can spearhead data processing and monitoring.
Another Data Aggregator Will Be Breached For Their Bag Of Riches
Data aggregators like Equifax are the crown jewel for cybercriminals since personal bank data and electronic health care records are always associated with an individual and cannot be changed or adapted, said Forcepoint Global CTO Nicholas Fischbach.
At most risk are hosted business applications that contain information on a sales force, prospects and customers, or those that manage global marketing campaigns, Fischbach said.
Large data aggregators will come under increasing pressure to more fully disclose the types of personal data they have amassed, explain when and how that information is used, shared or sold, and begin to offer certain controls on distribution and use, according to Fischbach.
By looking for and spotting uncommon consumption patterns or the misuse of account credentials on a database, Fischbach said malicious behaviors could be identified.
Cybersecurity Vendors Will Start Getting Called To Testify Before Congress
With major cyberattacks like WannaCry and the Equifax breach getting the attention of lawmakers, it is only a matter of time before more cybersecurity vendors are called to testify before Congress, said Harkins of Cylance.
Victim organizations have thus far taken the brunt of the criticism from politicians and the press, but Harkins said less attention is being paid to the companies promising to secure the sensitive data in the first place.
Security vendors will eventually be asked under oath why their products were not able to live up to the promises of their marketing departments, which Harkins said will change how suppliers talk about their capabilities.
End Customers Will Increasingly Turn To Managed Security Service Providers (MSSPs) For Help
Managed security service providers (MSSPs) will receive greater interest from organizations that recognize the level of effort and in-house expertise required for a successful security operations center is beyond their means, said Larry Lein, chief product officer at Resolve Systems.
Clients, though, have become savvier and are beginning to demand that MSSP share metrics on response/remediation time for specific incident types, according to Lein. MSSPs with the right personnel and tools that can demonstrate the ability to meet core enterprise requirements will attract the most interest, Lein said.
MSSPs should be relied upon to handle around-the-clock monitoring, evaluation, and response to all security alerts, said Netsurion CEO Kevin Watson. They can evaluate the universe of threats end users face, triage, and escalate resources to deal with critical threats on an ongoing basis, Watson said.
Security Will Play A Larger Role In the Boardroom, And CSOs And CISOs Become More Pervasive
Businesses will increasingly add a chief security officer (CSO) or chief information security officer (CISO) to their executive suite as a sign that they are taking security seriously, said Ankur Laroia, strategic solutions leader at Alfresco.
CISOs will see increasing investment and budget to purchase tools due to the array of recent high-profile incidents, said Lein of Resolve Systems. But with those added funds comes the onus to demonstrate measurable results, so CISOs will turn to analytics, reporting and attack simulations to demonstrate success, according to Lein.
CISOs need to help executives and board members understand ROI, cost-benefit analysis, and security program tradeoffs by articulating business risk versus business value, said Brendan O'Connor, security CTO at ServiceNow.
Demonstrating the value of security as it relates to regulatory compliance, potential lost revenue, customer relationships, legal liability, intellectual property and brand protection is vital, O'Connor said.
IoT Devices Will Become An Increasingly Lucrative Threat Vector For Attackers
Automated bots can now get into IoT devices, crack a factory-set password businesses never bothered to change, then travel through the network, infecting and even permanently destroying other devices and applications, said Patrick Joggerst, CMO and EVP of business development at Ribbon Communications.
IoT devices and networks should be scanned for viruses and malware and have their firmware and operating systems checked, with security products aiming to protect even sensors, said Fatih Orhan, Comodo's vice president of Threat Labs.
IoT devices with shorter lifespans like cars or phones are built by firms with software talent that push secure devices out of the gate. By contrast, companies that produce longer-term devices like light switches do not have the IT experience and often hack something together, said Renaud Deraison, Co-Founder and CTO of Tenable. As a result, IoT devices to get great security on one side and horrible security on the other.
Automation And Machine Learning Will Be Used To Free Up Time For Security Personnel
Businesses' comfort with security automation will increase as a higher volume of automated attacks will make it impossible for security operations centers to keep up via manual processes alone, said Larry Lein, chief product officer at Resolve Systems. Products that help hesitant organizations embrace automation will capture increasing market share, according to Lein.
Leveraging automation to do much of the heavy lifting will free up the cyber teams to focus on the high-risk threats identified and plan effectively for improvements in defenses, according to BeyondTrust.
Companies with the tools and culture to embrace automation to better determine which systems to patch and when will perform better than those that don't, said O'Connor of ServiceNow.
Machine learning in security will continue to grow, with log aggregators and other platforms automatically monitoring for new things that are related both inside and firewall the firewall, said Sam Curcuruto, RiskIQ's head of product marketing.
Businesses Will Find Artificial Intelligence And Machine Learning Used Against Them
Adversaries will start adopting artificial intelligence to speed up their rate of attack in an attempt to overwhelm cyber defenders, said Kris Lovejoy, CEO of BluVector.
Threat actors will increase their adoption of adversarial machine learning to evade detection by infrequently trained machine learning models, said Adam Hunt, RiskIQ's chief data scientist.
While researchers are looking into the possibilities of machine learning in monitoring traffic and identifying possible zero-day exploits, it's not far-fetched to imagine that cybercriminals will use the same capabilities to get ahead of finding the zero-days themselves, according to Trend Micro.
Researchers have already demonstrated that machine learning models have blind spots that adversaries can probe for exploitation, Trend Micro said.
Partners Will Turn To Predictive Technology To Combat Well-Disguised Ransomware
More threat actors are adopting plain-vanilla toolsets designed to remove any tell-tale signs of their attacks, said Cylance director of threat intelligence Kevin Livelli. As accurate attribution becomes more challenging, Livelli said the door is opened for more ambitious and influence campaigns from both nation-states and cybercriminals.
As a result, vendors have increasingly turned to techniques like predictive security and deep learning technology for early detection and prevention, said Kendra Krause, Sophos's vice president of global channels.
Partners are relying on vendors that can offer their customers a more proactive defense that's one step ahead of the cybercriminals, said Gregg Henebry, Cybereason's vice president of channels.
Businesses Will Turn To Privileged Account Management To Redefine The Perimeter
With people are more people working outside the office, companies are increasingly turning to software that secures the conversations and collaborations regardless of where they are taking place, said Patrick Joggerst, CMO and EVP of business development at Ribbon Communications.
This new software-defined perimeter uses network automation to manage and monitor conversations because doing so manually would be an impossible task, according to Joggerst.
End users will also invest more in privileged account management to address vulnerabilities being created by contractors, sub-contractors and partners that could unintentionally bring down the entire network, Joggerst said.
More security vendors will add identity context to their product lines as organizations invest in technologies to minimize breach impact, said the BeyondTrust security experts.