The state of cybersecurity: What 2016 will bring

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.itproportal.com/2015/12/14/the-state-of-cybersecurity-what-2016-will-bring/


With cybersecurity breaches dominating 2015’s headlines on a regular basis,
it is clear that today’s organisations simply cannot defend against every
threat. Savvy cybercriminals are continuing to find attack entry methods
that bypass or defeat traditional security defences, so threats remain
undetected until damage has been done. It’s astonishing that hacker
penetrations go undetected in networks an average of a whopping 205 days.
This is the time gap between when preventing the cyberattack failed and the
clean up work started.

The state of the enterprise

Recent high profile cyberattacks on businesses, such as the data breaches
of TalkTalk, Vtech and Wetherspoons’ networks, showed that the trend of
significant delays between first infiltration to discovery to public
acknowledgement is a growing challenge.

But there’s absolutely no reason for an attack to still result in a
meaningful loss of data. In 2016, what organisations need are tools that
address this gap by identifying the activities of the attacker inside a
network before a data breach occurs, with a focus on how to quickly
intervene, minimise the time they are exposed and reduce the impact of
cyberthreats.

With attention on cybersecurity at an all time high, what is certain is
that the threat landscape will continue to evolve and businesses need to
finally acknowledge that defence is desirable but detection is a must. From
an enterprise standpoint, here’s what the cybersecurity landscape will look
like over the next year:

1. The shortage of security researchers and incident-response talent will
get worse.

The dire need for security researchers and incident response personnel is
growing faster than the available talent pool. This will prompt
organisations to rely on the automation of manual, time-consuming security
tasks. It’s the only practical short-term way to free-up the thinning ranks
of security teams to focus on critical and strategic security work.

2. Organisations will realise that algorithms – not Big Data – are the key
to detecting and mitigating cyberattacks.

To combat cyber attacks that evade perimeter security, enterprises are
collecting petabytes of flow and log data in the hope of detecting attacks.
These systems turn into unwieldy analysis projects that typically detect an
attack only after the damage is done, wasting valuable time and money.
Threat detection algorithms will play a significant role in making Big Data
more useful and actionable.

3. Cyberattackers will increasingly use mobile devices to get inside
enterprise networks.

Stagefright vulnerabilities on Android were just a preview of things to
come. And threat researchers recently claimed a $1 million bounty for
remotely jailbreaking iOS. They’ve both been the target of malicious ad
networks and Trojan apps. Users of these infected mobile devices – whether
personally-owned or company-issued – can easily walk through the front door
and connect to enterprise networks, exposing critical assets to
cyberattackers.

4. SSL decryption will become increasingly difficult.

Attackers increasingly target and compromise certificate authorities as
part of sophisticated man-in-the-middle attacks. This leads more
applications to enforce strict certificate pinning, and consequently make
the inspection of SSL encrypted traffic far more difficult for traditional
security products.

5. Ransomware will focus more on holding enterprise assets hostage and less
on individuals.

Ransomware will take on a new, larger role by concentrating attacks on
enterprises, holding critical assets hostage in return for even bigger
money. Attackers love ransomware because it offers a more direct path to
cash and is more profitable by eliminating the complex network of criminal
fencing operations.

6. Although attacks against large enterprises will continue, cybercriminals
will shift gears and target mid-tier enterprises.

Cybercriminals will turn their attention to mid-tier enterprises that
typically have weak security infrastructures. They’re juicy targets because
they rely heavily on just network perimeter and prevention security, which
today’s sophisticated attackers easily evade.

The state of the nation

The evolving threat isn’t limited to enterprises. Cybersecurity is fast
moving out of the boardroom and entering government offices as cyberwarfare
increasingly becomes a reality year on year. At an international level,
we’ll see over the next year:

1. Nation states continue to launch targeted cyber attacks.

Despite non-binding handshake agreements, nation states will continue to
mount stealthy targeted attacks against foreign adversaries. Economic
sanctions may become reality as the theft of personally identifiable
information, intellectual property and classified data lingers as a
contentious foreign and domestic policy issue.

2. Governments not materially improving their security posture.

As a consequence, there will be more data breaches and more embarrassing
public acknowledgements. Everyone will agree something must be done, but
efforts to step up cybersecurity will move at a snail’s pace, enabling
attackers to spy, spread and steal undetected for many months.

3. The European Union forced to back-off privacy protection rules and
consider mandatory breach reporting.

The old security paradigm is that someone’s data traffic must be inspected
to determine the presence of a cyber threat or attack, resulting in the
potential for privacy violations. However, new innovations in data science,
machine learning and behavioural analysis will enable protection while
preserving privacy.

4. Terrorism fears lead to weakened online security and privacy protections.

In the ongoing fight against terrorist attacks, governments will gain more
power to gather privacy-compromising information and, in the process, will
add backdoors that weaken online security for all.

The New Year presents an opportunity for enterprises and governments to
turn over a new leaf when it comes to their cybersecurity plans and
policies, and not to repeat the mistakes of 2015. The combination of
education and a shift in mindset towards prioritising detection over
defence will ensure that we all stay protected from the looming threats of
2016.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!