Cybersecurity is a rapidly evolving landscape and this new year will be no different. Attackers will come up with new ways to infiltrate corporate networks and businesses, security vendors will be tasked with staying ahead of them, and governments will talk a lot, yet do very little. Here are some of the ways we see the industry changing shape over the course of 2016:
Sandboxing will lose its luster and join the ranks of anti-virus signatures.
Anti-malware sandboxing has generated high-flying IPOs and grown to over $1 billion in annual spend. But in 2016, it’ll plummet back to Earth, as organizations realize that malware evades sandboxes as easily as anti-virus signatures.
Terrorism fears will lead to weakened online security and privacy protections.
In the ongoing fight against terrorist attacks, governments will gain more power to gather privacy-compromising information and, in the process, will require backdoors that weaken online security for all.
The shortage of security researchers and incident-response talent will get worse.
The dire need for security researchers and incident response personnel is growing faster than the available talent pool. This will prompt organizations to rely on the automation of manual, time-consuming security tasks. It’s the only practical short-term way to free-up the thinning ranks of security teams to focus on critical and strategic security work.
Organizations will realize that algorithms – not Big Data – are the key to detecting and mitigating cyber attacks.
To combat cyber attacks that evade perimeter security, enterprises are collecting petabytes of flow and log data in hopes of detecting attacks. These systems turn into unwieldy analysis projects that typically detect an attack only after the damage is done, wasting valuable time and money.Threat detection algorithms will play a significant role in making Big Data more useful and actionable.
The European Union will be forced to back-off privacy protection rules and consider mandatory breach reporting.
The old security paradigm is that someone’s data traffic must be inspected to determine the presence of a cyber threat or attack, resulting in the potential for privacy violations. However, new innovations in data science, machine learning and behavioral analysis will enable protection while preserving privacy.
Cyber attackers will increasingly use mobile devices to get inside enterprise networks.
Stagefright vulnerabilities on Android were just a preview of things to come. And threat researchers recently claimed a $1 million bounty for remotely jailbreaking iOS. They’ve both been the target of malicious ad networks and Trojan apps. Users of these infected mobile devices – whether personally-owned or company-issued – can easily walk through the front door and connect to enterprise networks, exposing critical assets to cyber attackers.
SSL decryption will become increasingly difficult.
Attackers increasingly target and compromise certificate authorities as part of sophisticated man-in-the-middle attacks. This leads more applications to enforce strict certificate pinning, and consequently make the inspection of SSL encrypted traffic far more difficult for traditional security products.
Ransomware will focus more on holding enterprise assets hostage and less on individuals.
Ransomware will take on a new, larger role by concentrating attacks on enterprises, holding critical asset hostage in return for even bigger money. Attackers love ransomware because it offers a more direct path to cash and is more profitable by eliminating the complex network of criminal fencing operations.
Nation states will continue to launch targeted cyber attacks.
Despite non-binding handshake agreements, nation states will continue to mount stealthy targeted attacks against foreign adversaries. Economic sanctions may become reality as the theft of personally identifiable information, intellectual property and classified data lingers as a contentious foreign and domestic policy issue.
Although attacks against large enterprises will continue, cybercriminals will shift gears and target mid-tier enterprises.
Cybercriminals will turn their attention to mid-tier enterprises that typically have weak security infrastructures and limited security staff to maintain them. They’re juicy targets because they rely heavily on network perimeter and prevention security, which today’s sophisticated attackers easily evade.
Governments will not materially improve their security posture.
As a consequence, there will be more data breaches and more embarrassing public acknowledgements. Everyone will agree something must be done, but efforts to step up cybersecurity will move at a snail’s pace, enabling attackers to spy, spread and steal undetected for many months.
Hitesh Sheth is the president and CEO of Vectra. Previously, he held the position of chief operating officer at Aruba Networks. Hitesh joined Aruba from Juniper Networks, where he was EVP/GM for its switching business and before that, SVP for the Service Layer Technologies group, which included security. Prior to Juniper, he held a number of senior management positions in the switching organization at Cisco, including running its metro Ethernet business. Before Cisco, he held executive and engineering management positions at Liberate Technologies and Oracle Corporation. He started his career as a Unix programmer at the Santa Cruz Operation. Hitesh holds a BA degree in Computer Science from the University of Texas at Austin.