Top 10 Cybersecurity Predictions for 2016 and Beyond
Matthew RosenquistCybersecurity Strategist,Intel CorpMarch 2016
More of everything will massively increase the number of potential targets.
The growing cyberattack surface
The ease and cost of developing connected things is dropping fast, leading to an explosion of new products, many without adequate security protection.
New Device Types
Chain Reactions Drive Cybersecurity Evolution…
10 Evolving Challenges in Cybersecurity
1. Government’s roles expand
2. Advances in nation-state cyber-offense affects everyone
3. Life safety and cybersecurity intersect in products
4. Rise in digital theft and fraud
5. Realistic impacts of cybersecurity emerge
6. Security expectations increase
7. Attackers evolve, adapt, & accelerate
8. Trust and Integrity are targeted and undermined
9. Security technologies improve but remain outpaced and outmaneuvered
10. Lack of security talent hinders the industry
Cybersecurity is Rapidly Evolving
Public demands their governments be more actively involved in preventing and responding to cyber threats, major hacking events, fraud, and digital crimes, yet not infringe upon individual’s privacy.
Government’s Roles Expand1.
Government’s Roles Expand
Result:
1. More regulations, to raise security standards
2. Better policing and collaboration
3. More laws for prosecution actions
4. Friction around technology privacy and government access
Nation-State Cyber-Offense Affects Everyone
Broad adoption by many nations of cyber-offense capabilities.
Governments incorporate cyber into their defense apparatus with clear objectives and deployable systems.
2.
i29 countries
Have formal cyberwarfare units
i63 countries
Use cyber tools for surveillance
i$19 billion
US 2017 proposed budget for cybersecurity
Nation-State Cyber-Offense Affects Everyone
Result:
1. Trickle-down effect gives advanced technology to criminals and attackers
2. Reverse engineered code is reused by other threats
3. Attackers don’t need to invest in developing high-end exploits, instead they harvest what governments create
Life Safety and Cybersecurity Intersect in Products
Industrial and consumer products are being connected to the internet and to each other
Vehicles, appliances, power stations, medical devices, and billions of other devices are gathering data and exerting a level of control in our lives
Risk of catastrophic impacts as our reliance and trust increase
3.
Life Safety and Cybersecurity Intersect in Products
Result:
1. A slow wake-up call for the transportation, healthcare, and industrial sectors as risks emerge
2. As IoT devices explode in number and function, so will the potential misuse
3. Remote devices, cameras, and drones become more concerning to safety and privacy. Expect more regulations
Attacks on automobiles will increase sharply in 2016 due to the rapid increase in connected automobile hardware built without foundational security principles.
Transportation
Top 10 Healthcare breaches of
2015, affected almost 35% of
the US population
Healthcare
Critical infrastructure systems not designed with outside access in mind will become vulnerable to low-incident, but high-impact events as they become connected to the Internet.
Critical infrastructure
Rise in Digital Theft and Fraud
More opportunities to steal, extort, and commit fraud. Greed principle prevails
Attackers are organized, share methods and tools
Threats not limited by geography
Financial, social, and geopolitically motivated
4.
i~$450 billion
Cyber-crime impact globally
i200% increase In cyber-crime in the last 5 years
i32% reported
Organizations reporting cyber-crime
Rise in Digital Theft and FraudResult:
1. More ways to successfully commit financial fraud and theft
2. Number of attacks increase, externals and internals, from across the globe
3. Higher cost incidents, millions-billion dollar attacks
4. Rising: Ransomware, CEO Fraud, transaction tampering
5. Continuing: DDOS & data breach extortion, Tax, Credit & banking fraud, skimmers, ATMs
Industry currently fails to measure the systemic impact and long term costs
New interest to understand the overall costs:
Security products/services spending, staffing, audit/compliance, and insurance
Incident response and recovery costs
Secure product development, innovation and sales friction, related opportunity costs
Realistic Impacts of Cybersecurity Emerge5.
Result:
1. Understanding impacts will begin to shift the industry perspectives
2. Evolving from tactical treatment of recurring symptoms to strategic interdiction of the systemic condition
Realistic Impacts of Cybersecurity Emerge
i
$3 trillion Aggregate innovation impact of cyber-
risks by 2020
-McKinsey & World Economic Forum
i
$90 trillion Potential net economic benefit drained from global GDP, worst case thru 2030
-Zurich & Atlantic Council
6. Cybersecurity Expectations Increase
Market demands more connectivity, devices, applications, and services
Enterprise perspectives shift to accept the reputation and market risks
Consumers expect security “their way”: Safety with access anywhere to anything
Cybersecurity Expectations Increase
Result:
1. Expectations rise, but resources and capabilities will not keep pace, causing friction and opportunities for attackers
2. Strategic insights are needed to manage risks and seize opportunities
3. Leadership will be key to find the ‘optimal’ balance of security
7.
Attackers are nimble, opportunistic, cooperative, skilled and relentless
Their motivation, resiliency, and creativity drives great adaptability
Acceleration in their methods, tools, and targets (technology, people, processes)
Attackers Evolve, Adapt, and Accelerate
Result:
1. Dark markets and services grow to enable
2. New data breach targets emerge
3. New uses for personal, health, biometric, and login data is explored by attackers
4. Research follows quickly into new areas of technology
5. Ransomware and “CEO email” tactics rise
6. Integrity attacks spear-headed by pros for huge gains – will drive new security solutions
Attackers Evolve, Adapt, and Accelerate
Cybercriminals, competitors, vigilante justice seekers, and nation-states will increasingly target cloud services platforms to exploit companies and steal confidential data.
Cloud services
Attacks on all types of hardware and firmware will continue. The market for hardware attack tools will expand. VMs will be successfully attacked through system firmware rootkits.
Hardware
Equation Group – HDD and SSD firmware reprogramming malware
First commercial UEFI Rootkit
8. Trust and Integrity are Targeted
Attackers leverage trust mechanisms for their goals: Digital certs, Identity and, Encryption implementation
Integrity attacks continue to escalate, altering data instead of stealing it. This begins a whole new game.
Trust and Integrity are Targeted
Result:
1. Digital certs misuse allows access and malicious sites/software to proliferate
2. Vulnerabilities in devices, encryption, and code force changes in product design
3. Integrity attacks emerge as a devastating new strategy, targeting financial, communications, and authentication transactions
A significant new attack vector will be stealthy, selective compromises to the integrity of systems and data. In 2016, we will witness an integrity attack in the financial sector in which millions of dollars will be stolen by cyber thieves.
Integrity
9. Security Technologies Improve but Remain Outpaced and Outmaneuvered
Execs get serious on managing cyber risks
Holistic and strategic views take hold
Cloud gets more secure
Malware detection and forensics improves
Hardware is the new trust foundation
Incident Response capabilities and services achieves professional standing
Security Technologies Improve but Remain Outpaced and Outmaneuvered
Result:
Near-term cyber protection capabilities
Availability/Denial of Service
Confidentiality/Data Breach
Integrity/Trust of Transactions
iEXCELLENT
iGOOD
iLACKING
The security industry will develop effective weapons to protect, detect, and correct many attacks, but the arms race will continue.
The security industry fights back
Security industry to-do list:Behavioral analytics
to detect irregular activities
Threat intelligence, sharedto deliver faster and better protection
Cloud-integrated securityto improve visibility and control
Automated detection and correctionto protect more devices with fewer security professionals
Threat intelligence sharing among enterprises and security vendors will grow rapidly.
Sharing threat intelligence
Legislative steps will make it possible to share threat intelligence with government.
We will see an acceleration in the development of best practices for sharing emerging threat information.
Threat intelligence cooperatives between industry vendors will expand. STIX/TAXII will be the standard by which they share information.
Metrics for success will emerge, allowing enterprises, security vendors, and governments to quantify protection improvement.
10. Lack of Talent Hinders the Industry
Lack of qualified talent will greatly restrict the growth and effectiveness of security
Academia is working to satiate demand, but it will take time.
i1.5-2 million
Unfilled positions by 2017
i12x growth
Compared to the overall job market
i70% understaffed Organizations report
lack of staff
Lack of Talent Hinders the Industry
Result:
1. Salaries continue to rise until demand is met
2. Headhunting and retention of top talent is ruthlessly competitive
3. Leadership and technical roles in greatest demand
4. Outsourcing to MSSP’s and security consulting firms increases
ConclusionAs always, cybersecurity represents risks and opportunities
Much of what was seen in 2015 will continue, but new vectors will emerge to supplant legacy tactics
The fundamentals remain but the details and specifics remain chaotic and unpredictable
New threat vectors will emerge as advanced technology is integrated
Leaders with insights to the future have the best opportunity to align resources and be prepared