With cybersecurity breaches dominating 2015’s headlines on a regular basis, it is clear that today’s organisations simply cannot defend against every threat. Savvy cybercriminals are continuing to find attack entry methods that bypass or defeat traditional security defences, so threats remain undetected until damage has been done. It’s astonishing that hacker penetrations go undetected in networks an average of a whopping 205 days. This is the time gap between when preventing the cyberattack failed and the clean up work started.
The state of the enterprise
Recent high profile cyberattacks on businesses, such as the data breaches of TalkTalk, Vtech and Wetherspoons’ networks, showed that the trend of significant delays between first infiltration to discovery to public acknowledgement is a growing challenge.
But there’s absolutely no reason for an attack to still result in a meaningful loss of data. In 2016, what organisations need are tools that address this gap by identifying the activities of the attacker inside a network before a data breach occurs, with a focus on how to quickly intervene, minimise the time they are exposed and reduce the impact of cyberthreats.
With attention on cybersecurity at an all time high, what is certain is that the threat landscape will continue to evolve and businesses need to finally acknowledge that defence is desirable but detection is a must. From an enterprise standpoint, here’s what the cybersecurity landscape will look like over the next year:
1. The shortage of security researchers and incident-response talent will get worse.
The dire need for security researchers and incident response personnel is growing faster than the available talent pool. This will prompt organisations to rely on the automation of manual, time-consuming security tasks. It’s the only practical short-term way to free-up the thinning ranks of security teams to focus on critical and strategic security work.
2. Organisations will realise that algorithms – not Big Data – are the key to detecting and mitigating cyberattacks.
To combat cyber attacks that evade perimeter security, enterprises are collecting petabytes of flow and log data in the hope of detecting attacks. These systems turn into unwieldy analysis projects that typically detect an attack only after the damage is done, wasting valuable time and money. Threat detection algorithms will play a significant role in making Big Data more useful and actionable.
3. Cyberattackers will increasingly use mobile devices to get inside enterprise networks.
Stagefright vulnerabilities on Android were just a preview of things to come. And threat researchers recently claimed a $1 million bounty for remotely jailbreaking iOS. They’ve both been the target of malicious ad networks and Trojan apps. Users of these infected mobile devices – whether personally-owned or company-issued – can easily walk through the front door and connect to enterprise networks, exposing critical assets to cyberattackers.
4. SSL decryption will become increasingly difficult.
Attackers increasingly target and compromise certificate authorities as part of sophisticated man-in-the-middle attacks. This leads more applications to enforce strict certificate pinning, and consequently make the inspection of SSL encrypted traffic far more difficult for traditional security products.
5. Ransomware will focus more on holding enterprise assets hostage and less on individuals.
Ransomware will take on a new, larger role by concentrating attacks on enterprises, holding critical assets hostage in return for even bigger money. Attackers love ransomware because it offers a more direct path to cash and is more profitable by eliminating the complex network of criminal fencing operations.
6. Although attacks against large enterprises will continue, cybercriminals will shift gears and target mid-tier enterprises.
Cybercriminals will turn their attention to mid-tier enterprises that typically have weak security infrastructures. They’re juicy targets because they rely heavily on just network perimeter and prevention security, which today’s sophisticated attackers easily evade.
The state of the nation
The evolving threat isn’t limited to enterprises. Cybersecurity is fast moving out of the boardroom and entering government offices as cyberwarfare increasingly becomes a reality year on year. At an international level, we’ll see over the next year:
1. Nation states continue to launch targeted cyber attacks.
Despite non-binding handshake agreements, nation states will continue to mount stealthy targeted attacks against foreign adversaries. Economic sanctions may become reality as the theft of personally identifiable information, intellectual property and classified data lingers as a contentious foreign and domestic policy issue.
2. Governments not materially improving their security posture.
As a consequence, there will be more data breaches and more embarrassing public acknowledgements. Everyone will agree something must be done, but efforts to step up cybersecurity will move at a snail’s pace, enabling attackers to spy, spread and steal undetected for many months.
3. The European Union forced to back-off privacy protection rules and consider mandatory breach reporting.
The old security paradigm is that someone’s data traffic must be inspected to determine the presence of a cyber threat or attack, resulting in the potential for privacy violations. However, new innovations in data science, machine learning and behavioural analysis will enable protection while preserving privacy.
4. Terrorism fears lead to weakened online security and privacy protections.
In the ongoing fight against terrorist attacks, governments will gain more power to gather privacy-compromising information and, in the process, will add backdoors that weaken online security for all.
The New Year presents an opportunity for enterprises and governments to turn over a new leaf when it comes to their cybersecurity plans and policies, and not to repeat the mistakes of 2015. The combination of education and a shift in mindset towards prioritising detection over defence will ensure that we all stay protected from the looming threats of 2016.
Gerard Bauer, VP EMEA, Vectra Networks