Executive Viewpoint 2017 Predictions: Verint Systems – Same Threats, Bigger Impact
Same threats, but on steroids, was the rule of thumb for 2016, and I fully expect this trend to extend into 2017 and beyond. We didn’t see many new attack methods – except for IoT, but the old ones have grown bigger, and stronger and have affected more people than we could have imagined.
Ransomware, megadata breaches, identity theft, were the same-old, same-old, while the promise of IoT threats is starting to come to fruition.
Ransomware increased more than five times as compared to the same period in 2014-2015.
Companies must set up their back-up infrastructures in such a way as to reduce vulnerability or decide how much they are willing to pay to get their information back and protect it from being sold on the dark web.
Meanwhile, megadata breaches are getting more common. Yahoo and DropBox, LinkedIn, MySpace and Tumblr were victims of mega attacks. More than 500 million accounts have been exposed and the information is now for sale.
The profitability of that information is leading to identity theft becoming the second most reported type of fraud. Identity theft has increased by more than 30% since 2015.
Now that IoT is finally coming into its own, threats are an unfortunate part of this reality. We saw IoT-vulnerability driven cyber attacks against major websites like Amazon, Netflix and Twitter.
IoT is only as strong as its weakest link, and as the volume of devices increase – especially those controlling entry – cyberattacks are changing from privacy issues to ones that may affect our physical safety as well.
In 2017, CISOs must ensure that cybersecurity becomes a strategic and integral part of the greater organization as a response to more aggressive, ingenious, highly targeted cyberattacks. Those attacks will use multiple vectors, including web, email, and malicious files, dynamically adapting to exploit zero day and other network vulnerabilities. The future of cyber attacks will be carefully planned, methodical, and patient.
Most major organizations will realize that they have suffered data breaches, have been under attack, and possibly have been infected for weeks and months, or even years.
The malware carrying out these attacks will initially investigate network weaknesses, disabling network security measures and infecting other points and devices. The malware will use fewer command and control servers to reduce its potential detection footprint; instead, it will wait for the right time to extract data from the network.
CISOs don’t want to hear about the latest and greatest point solutions and how well they work, they already know that their traditional antivirus and the supposedly next-generation firewalls are just not enough. Known signatures, black-and-white listing, and recognizing pattern-based techniques are not stopping the latest threats. This will demand a shift from prevention to advanced detection and response solutions. They want the big picture, not fragmented information that is simply aggregated together. They want actionable intelligence to clearly demonstrate ROI. ROI in the case of cyber means that the solutions can identify threats efficiently, without burdening the already strained security teams.
To gain this ROI, CISOs will have to switch their solutions to those that protect against these advanced attacks, seeking out technologies that monitor the entire threat life cycle – from initial malware delivery to call backs and data exfiltration – something that gathers all the information across attack vectors and gives them complete situational awareness of the digital environment.
The “new” threat protection will come from technologies inspired by the immune system – threats will automatically be detected and mitigated, with human intervention required only in serious cases, alleviating chronic alert fatigue.
Orchestration and automation will constitute the heart of the new threat protection, detection, investigation, and mitigation solutions. Thousands of sensors will be embedded within the corporate network, feeding data into solutions that will determine the real threats, using machine learning and anomaly detection to filter out the false positives.
The “interoperability” between artificial and human intelligence will allow CISOs to fight the cyber attacks that don’t follow the “rules,” creating a more efficient system that stops the threats in their tracks, before they can do real damage or get what they came for.