Cybersecurity is a rapidly evolving landscape and 2017 will be no different. Attackers will leverage artificial intelligence and find new ways to infiltrate corporate networks and businesses using adaptive attacks. Encrypted traffic will increasingly blind legacy security technologies, while ransomware gets smarter, and more targeted. Also watch for geo-political changesthat act as a catalyst forincreased cyber attacks involving nation states.
Here are some of the cybersecurity changes we expect to see next year.
Cyber attacks on the U.S. will increase during the next presidential administrationThe incoming U.S. administration has already stated it will take a more aggressive posture on cybersecurity. As a result, U.S. businesses and the government should expect an increase in the number and severity of cyber attacks led by select nation states and organized political and criminal entities.
Ransomware will get an IQRansomware attacks target the data files of organizations. Because they provide the fastest way fora cybercriminalto monetize an attack through untraceable Bitcoin, ransomware threats will grow more intelligent by targeting high-value digital assets, including surveillance cameras, phone systems, security systems and other business IoT devices. New forms of ransomware will be a big headache for security response teams and the business driver of growth in cybercriminal income as it automatically and rapidly extorts money from enterprises. Find out more about ransomware security.
There will be more collaboration between industry professionals and law enforcementWith more than 67% of data breaches reported by outside agencies and the upsurge in ransomware attacks, collaboration between private industry and law enforcement agencies – both domestic and international – will increase as they attempt to shut down and bring ransomwareperpetrators to justice.
Data center attacks will go bottoms upBad actors will focus on the soft underbelly of data centers and cloud deployments by gaining control of firewalls, servers and switches that make up the physical infrastructure. According to the website Shadow Server, there are still more than 816,000 Cisco firewalls connected to the Internet that are vulnerable to Equation Group exploits and sub-OS rootkits exposed by the Shadow Brokers hacking group. Attackers heard this wake-up call aboutthe vast number of vulnerabilities and will exploit them. Find out more about securing your data center.
Shadow IT will take a bite out of security operations effectivenessIT can’t protect what it doesn’t know about. Business units and department heads have been deploying technology independent of the IT department for years and it has become a key weakness for attackers to exploit. The risk of attacks on shadow IT resources will force security leaders to adopt an internal-network-centric threat hunting approach to gain visibility, insight and timely response to security incidents across all their enterprise endpoints, infrastructure and services.
Critical firewall vulnerabilities will continue to be ignoredThe firewall is the most trusted device in a data center. The Shadow Brokers’ treasure trove of exploits stolen from the Equation Group and made publicly available has reignited the efforts of advanced adversaries and nation states. They now have easily accessible tools that enable them to eavesdrop on encrypted communications thatevade firewalls. According to the Shadow Server website, there are still more than 816,000 Cisco firewalls connected to the Internet that are vulnerable, undermining the inherent trust placed in firewalls. Read more about exploiting firewalls.
IoT will become a bigger security vulnerability than phishingBy 2020, Gartner forecasts there will be over 7 billion business IoT devices and that more than 25 percent of identified attacks in enterprises will involve IoT, although IoT will account for less than 10 percent of IT security budgets. Remaining noticeably susceptible to compromise, the ever-growing number of IoT devices provide an easily exploitable path to high-value data and resources that cyber attackers will continue to seize upon in the coming year. And as IoT attacks grow in sophistication, the damage will extend well beyond DDoS botnet swarms and will likely usher in the first examples of IoT ransomware. Read more about IoT security.
Security response will see more automation (well some of it)Human beings alone, no matter how skilled, won’t have the bandwidth to handle the tsunami of security data, cacophony of alerts, and plethora of security tools. With hyper growth in the attack surface and threat landscape – and constrained by limited security analyst resources and capabilities – enterprises will augment their teams with artificial intelligence to automate the detection of threats and response to security incidents. Security analysts will remain in the loop and continue to bring unique insight and capabilities. Think Robocop, not Skynet. Read more about security integration and automation.
Decrypting SSL for threat detection will becomemore difficultAttackers increasingly target and compromise certificate authorities as part of sophisticated man-in-the-middle attacks. This leads more applications to enforce strict certificate pinning, and consequently make the inspection of SSL encrypted traffic far more difficult for traditional security products. Read more about the impact of encryption on DPI-based security systems.
Artificial intelligence will be the fourth industrial revolutionThe use of artificial intelligence in cybersecurity is still in its infancy, similar to when the Internet was in its infancy. New information security technologies will employ first-generation AI technology to address many of the security and confidentiality issues that have plagued businesses over the last 40 years. Read more about artificial intelligence and security.
Artificial intelligence will reverse the asymmetric war on cybercrimeOver the next several years, artificial intelligence will help address the global shortage of qualified security professionals as networks become more sophisticated, generate more data, and are exposed to increasingly advanced threats. Artificial intelligence will enable the cybersecurity automation needed to reverse the asymmetric war on cybercrime.
We will see the first AI-on-AI cyberwarJust as artificial intelligence is a boon to the defender, so too is it to the attacker. Defense contractors and governments around the world are already using AI to sift through great lakes of network data and intelligence, and hunt for exploitable weaknesses. Just as fast as armies introduced tanks to warfare, tank-on-tank warfare became a necessity. The next 12 months will see the start of AI-on-AI cyberwarfare.
Hitesh Sheth is the president and CEO of Vectra. Previously, he held the position of chief operating officer at Aruba Networks. Hitesh joined Aruba from Juniper Networks, where he was EVP/GM for its switching business and before that, SVP for the Service Layer Technologies group, which included security. Prior to Juniper, he held a number of senior management positions in the switching organization at Cisco, including running its metro Ethernet business. Before Cisco, he held executive and engineering management positions at Liberate Technologies and Oracle Corporation. He started his career as a Unix programmer at the Santa Cruz Operation. Hitesh holds a BA degree in Computer Science from the University of Texas at Austin.