With 2018 fast approaching, here we are at the end of a tumultuous year in the world of cybersecurity. Attacks have been launched on infrastructure and democracy, mainstream media attention has been snatched and billions of sets of data have been plundered.
Ransomware has played a major role in the 2017 devastation, a classic form of attack that has gained new formidability on the back of the rising value and prominence of bitcoin. WannaCry and NotPetya stand as the year’s most notorious examples.
In May the shockwaves of WannaCry reverberated around the world and left major organisations forced to pull the plug to halt the vicious onslaught. But perhaps the deepest wound was dealt in the UK as the National Health Service became riddled with the attack and was reduced to pen and paper.
While the effects of WannaCry were still fresh in our minds, NotPetya reared its head and posed a more sophisticated threat to the world. Major organisations were hit by the attack, thought to have possibly been designed for disruptive attacks on Ukranian infrastructure. Giants like the shipping company, Maersk, felt the impact of the infamous strain.
In recapping 2017, ransomware must be mentioned, but it is not the entire story. The importance of data protection has been recognised, with GDPR set to go live in May 2018, but major mistakes and oversights have continued to pose critical risks regardless.
2017 has also been a year of revelations; it was revealed that the famous Yahoo data breach of 2013 had in fact impacted all three billion accounts. The matter of disclosure is highlighted by this case, with GDPR set to enforce strict rules regarding the timely announcement of all data breaches.
Data breaches have been familiar news in 2017, but sometimes an attack is not required for data to be exposed. A prime example of this came this year when a researcher stumbled across 198 million sets of personal data relating to US voters, with the information was publically accessible and held on a Deep Root Analytics database on an Amazon S3 server. A configuration mistake led to this immense cybersecurity risk, keeping the spotlight firmly trained on the problem of human fallibility in security.
The tone of the cybersecurity conversation has changed in 2017, at the beginning of the year clamouring preachers across the security industry heralded cyber damnation, a marathon of ambulance chasers controlled the central message, but it appears that many are now changing in favour of a more positive tune.
Although fear-mongering has gone out of fashion to some extent, it does not mean we are out of the wilderness, rather it means that security professionals are considering taking the fight to the hackers with technology. The buzz around the defensive potential of automation technology is reaching a fever pitch, with leading voices in organisations like CA Technologies considering that it could be the key to getting a handle on the situation.
Automation is likely to be a central trope in 2018, but there will surely be a battle of innovation in regard to AI. Malicious threat actors are cunning and capable, professionals are aware that the hackers are going to leverage these cutting edge technologies too. While this battle rages, the world will have to adjust to both GDPR and PSD2, requiring significant enhancements to security capabilities and practices across the board. Meanwhile organisations globally will continue to set out on the perilous digital transformation journey, continuing to chase innovation.
With ambitions undiminished by the dense, dark threat landscape, there is an emerging principle called DevSecOps, an enterprise approach that places security at the heart of everything. Taking this approach, enterprises intend to forge ahead in their endeavours while taking security into account at every turn.
The dawn of DevSecOps
Derek Weeks, VP and DevOps Advocate, Sonatype, said: “In 2018, CISOs will therefore come to view DevSecOps as one of their top three investment priorities. Businesses are now recognising that security is too important to be an afterthought, and so truly mitigate risks in the New Year, security will be designed in from the beginning, and software continuously monitored throughout its lifecycle.”
Derek Weeks, VP and DevOps advocate, said: “In 2018, we expect to see the first $10 million penalty imposed for violating GDPR. The new regulation set to take effect in May 2018 will drive a fundamental shift in how businesses approach security. With GDPR’s Article 25 stipulating that security must be designed into software from the beginning, it can no longer be contemplated retrospectively once applications are already in the market.
“As a result, CIOs will invest more in tools, processes, and training that integrate security practices into the design and build phases of their software development to avoid damaging breaches and minimise the risk of fines,” Weeks said.
Zachary Bosin, director of solution marketing at Veritas Technologies, said: “Despite the impending deadline (May 25, 2018), only 31 percent of companies surveyed by Veritas worldwide believe they are GDPR compliant. Penalties for non-compliance are steep and this regulation will impact every and any company that deals with EU citizens.”
The AI arms race
Steve Grobman, Chief Technology Officer for McAfee, LLC, said: “The evolution of ransomware in 2017 should remind us of how aggressively a threat can reinvent itself as attackers dramatically innovate and adjust to the successful efforts of defenders.”
“We must recognise that although technologies such as machine learning, deep learning, and artificial intelligence will be cornerstones of tomorrow’s cyber defences, our adversaries are working just as furiously to implement and innovate around them. As is so often the case in cybersecurity, human intelligence amplified by technology will be the winning factor in the ‘arms race’ between attackers and defenders.”
Haiyan Song, SVP of Security Markets, Splunk, said: “With this expansion of ML and AI for cybersecurity defenders, it should not be forgotten that actors on the attacker side have the same access to these technology advancements, and are collaborating and sharing to innovate faster. They can leverage ML and AI to speed up discovery of vulnerabilities, improve precision of attacks, morph the route and path to breach and avoid detection through counter-ML measures.”
Data breaches will get worse
Zachary Bosin, director of solution marketing at Veritas Technologies, said: “According to the Identity Theft Resource Center, 2016 saw 1,093 data breaches last year, a 40 percent increase from 2015. 2017 almost hit that mark by July. This makes it all the more critical for companies to have a simple, holistic way to regularly protect and backup workloads in the cloud, in complex environments and on premises – and in fact, protect their entire infrastructure – one that is agile, smarter and more scalable, especially as ransomware reaches deeper and farther than ever before into old and new workloads.”
Mega DDoS attacks
Travis Farral, Director of Security Strategy at Anomali, said: The return of mega DDoS attacks via IoT powered botnets is likely in 2018. These have been pretty silent compared to last year’s attack against Dyn that took down many commonly used services but could come back in a more nefarious way.”
“The next wave could potentially affect large swathes of Internet services either by design or as collateral damage from another entity being hit due to the sheer size of the attack. The wide attack surface of IoT devices makes them particularly attractive for botnets and this will only get bigger with the amount of home automation products sold over Christmas,” said Farral.
Mark Barrenechea, CEO of OpenText, said: “Firewalls and other traditional security measures do not cut it anymore. As the battlefield moves into cyberspace, new tools will be needed to address the changing nature of conflict. AI, quantum computing, and quantum cryptography are particularly promising countermeasures against cyberattacks. AI (in the form of machine learning) is being used to monitor networks and any associated devices for anomalies and report deviations in real time.”
“Quantum computing can sift through 150,000+ daily threats in an organisation’s network to identify which events are the riskiest. And quantum cryptography can ensure secure communications. These emerging technologies are redefining cybersecurity as we know it. Moving forward, they will be our best line of defense against sophisticated cyberattacks,” Barrenechea said.