2017 was once again a turbulent period for the cyber security sector. Data breaches affecting the health-care sector and over half the population of the United States, the co-opting of hundreds of thousands of Internet of Things (IoT) devices in massive Distributed Denial of Service (DDoS) attacks, and the emergence of ransomware as an enduring threat and money-spinner for cyber-criminal networks were just some of the developments seen over the past twelve months.
As the holiday season approaches and the year draws to a close, it’s time to put the spotlight on the Top Cyber Security Trends and the issues and threats likely to feature prominently in the information security landscape for 2018.
Top 10 Cyber Security Trends for 2018
1. Fileless Malware Attacks
Cyber-attackers acting on behalf of government agencies and nation-states were the initial source of so-called “fileless” malware attacks – which are also referred to as memory-based or “living-off-the-land” attacks.
As the name suggests, the malicious code involved resides in the memory of the victim’s system, rather than on its storage drives. Malware code is injected into a running process (using the likes of Windows Management Instrumentation (WMI) or PowerShell) and used to conduct an exploit.
Since most security software is unable to detect the malicious use of PowerShell or WMI – and because there’s no tell-tale file signature for traditional anti-virus programs to detect – it’s a technique that’s now gaining popularity with mainstream hackers. And with a wealth of free tools available for creating PowerShell payloads, expect to see a surge in this kind of activity through the coming year.
2. Supply Chain Attacks
Successful assaults in 2017 on the supply chains of software developers and IT administrators CCleaner, Kingslayer, CloudHopper, ShadowPad, and the accounting software vendor M.E.Doc highlighted an attack strategy that’s also likely to continue to pay dividends in 2018: Infiltrating one organization, which serves as a stepping stone toward compromising multiple organizations which are connected to it through a partnership ecosystem.
The use of automated attack mechanisms enables such assaults to be massively scaled up, and supply chains themselves are particularly vulnerable – especially at the early stages of product development when vendors don’t anticipate an attack on software that’s yet to be released.
3. The Need for New and Diversifying Skills
The existing skills shortage in the information security sector is set to continue through the coming year. The current 0% unemployment rate points to the need for new and diversifying skill sets, as areas such as data classes, data governance, and data analysis pose changing demands on cyber-security.
Adaptive skills and an increasing dependence on artificial security intelligence are predicted for the next phase of cyber-security, and the development of new methods and techniques in data science and analytics.
4. Shifting Strategies for Cloud Security
With the growing maturity of the cloud ecosystem, comes its development into a more desirable target for cyber-criminals, and the increased risk of incidents where shared cloud services become unstable and unsecured due to the increased demands placed on them by the companies using their resources.
In this changing environment, security professionals will need to draw up new and appropriate criteria defining which entities may be trusted. And organizations will need to develop improved security guidelines and risk models for their use of private, public, and hybrid clouds.
5. Zero Trust Security
2018 is also expected to see increasing numbers of organizations adopting “zero trust” security models, as cyber-attacks increase in sophistication, extent, and frequency.
The zero trust model for 2018 and beyond will, however, expand its remit beyond simply denying network and resource access to all save those with the requisite clearances and privileges. More rigorous authentication measures are expected to be put in place, requiring users to verify their identities based on multiple layers of credentials utilizing security codes, biometrics, and behavioral traits.
6. Deception Technologies for IoT and OT
As recent hacks of multiple devices bearing smart sensors or embedded chips have indicated, most manufacturers still aren’t including security as a priority element of the design process. Ergonomic limitations such as the minuscule size and light weight of embedded chips also make it difficult to implement features such as on-board encryption chips.
Rather than trying to deter attacks on these systems, 2018 will likely see a change of tack, with the use of deception technologies to “bait” these targets with false information and credentials which security professionals may then trace back to the perpetrators who act upon them.
With Operational Technology (OT) expanding the reach of IoT (Internet of Things) devices to heavy industries and the technology of infrastructure provision, deception technologies are likely to play a significant role in maintaining security in OT environments, across the Supervisory Control And Data Acquisition (SCADA) network architecture, and in the wider infrastructure of the IoT as a whole.
7. Detection, Response, and Prediction
Though attack prevention has long been an ideal for information security practitioners, the simple truth of the matter is that it’s impossible to guard against every threat – and that most organizations have been or will become the victims of a successful cyber-assault, at some time.
In light of this, industry analysts predict a shift away from emphasizing prevention, and toward policies and methodologies more in keeping with threat detection, incident response, remediation, and the anticipation of risks and possible assaults.
The CARTA (Continuous Risk and Trust Assessment) framework proposed by Gartner, Inc., in 2017 is expected to be more widely adopted in 2018, as organizations look to new ways of mitigating their cyber risks. The methodology is based on a continuous cycle of periodic reviews, with the real-time assessment of risk and trust in the IT environment. This enables organizations to make better decisions regarding their security posture.
In the field of threat prediction, predictive analytics and machine learning tools are expected to play a major part – in an information security environment in which Artificial Intelligence and its related technologies are due to play an increasing role, generally.
8. New Roles for AI
The progression from simple machine learning algorithms to deep learning is expected to fuel a quantum leap in the evolution of Artificial Intelligence (AI) and behavioral analytics. Machines based on this technology should be able to conduct highly granular analysis of user activities online and on corporate networks – to the point where historical analysis of a user’s behavior may enable systems to determine whether the person currently accessing a network under that username is actually the authorized individual concerned.
This has the potential to greatly improve the threat detection capabilities of information security products and to provide organizations with an additional defensive layer beyond their standard authentication protocols.
9. Blockchain as Security Enabler
The decentralized information and transaction handling of the open source and distributed ledger of the blockchain has the potential to act as a barrier to data tampering or mass data hacking. This is because all members of a blockchain network would immediately be able to see that the ledger had been illicitly altered in some way.
In its cyber security trends and predictions for 2018, Forrester Research predicts that the “blockchain will become a foundational technology for: 1) certificate issuance and authentication; 2) IDV; 3) malware and ransomware protection via binary reputation checks; and 4) document authenticity and integrity verification.”
Applications of blockchain security are likely to be sought out by the finance, government, health and legal sectors, in securing the protection of sensitive information. And 2018 is expected to witness the emergence of a new breed of startup companies offering blockchain-related security solutions.
10. Insider Threat Hunting and Privacy Complications
A 2017 IT Risks Survey of over 600 Information Technology Professionals suggests that 66% of organizations believe their own employees to be the biggest threat to system availability and security. Indeed, the recent high-profile breaches at Equifax and Anthem have demonstrated that employees and contractors can be just as big a security risk as outsiders. This is echoed by statistics from Egress Software Technologies which reveal that some 24% of employees in the UK admit to intentionally sharing confidential business information with their organization’s own competitors, or with new and previous employers.
Because of statistics like these, many organizations will escalate their policies of monitoring employees and their activities, as a means of safeguarding against malicious insiders, human error, or attackers using compromised credentials.
However, these moves also have privacy implications. And in a legislative climate where stringent new regulatory regimes such as the U.S. NIST Special Publication 800-171 (which comes into effect from December 31, 2017) and the EU’s General Data Protection Regulation (GDPR, effective from May 2018) impose strict conditions on the reporting of security incidents and the handling of private data (such as employee personal records), enterprises and institutions will need to take great care in crafting their strategies for employee monitoring – or risk legal action and/or heavy fines for non-compliance.
Share this Post