2015 was another fascinating year for cybersecurity. From the OPM to Anthem, Ashley Madison and countless other data breaches, there was no shortage of stories capturing national attention. So what does 2016 have in store? Here’s my forecast:
Cyber Attacks Getting Increasingly Physical
Traditionally, cyber-attacks have targeted companies to steal information. Today, people are using more connected devices, home surveillance, wearable, home appliances and automobiles. Companies are also bringing control systems online to improve communication and increase productivity. Therefore, hackers are now increasingly targeting these devices for opportunities for monetary gain. For the past year, we have seen ransomware used as an extortion tool against individuals. We have also seen attacks on control systems in manufacturing and utilities that disrupt service and operation. We will see cybercrimes that are committed by a combination of online hacking with offline activities.
More High-Impact Vulnerabilities from Open-Source Software
Heartbleed (of OpenSSL) and Shellshock (of Bash) vulnerabilities have hit us hard in recent years: the reason being that these open source packages have found ways into a wide range of devices, applications and services. Developers, especially ones building the latest web applications, increasingly rely on open-source technologies for application development and operations. It is very common in today’s application architecture to depend on dozens of open-source tools or libraries. However, the bugs and vulnerabilities of these tools and libraries are sometimes not well studied and understood. If OpenSSL and Bash, which been in existence for a long time, still have vulnerabilities, what can be said about more recent ones such as Hadoop, OpenStack and Docker? As the popularity of open-source projects grow, security researchers and hackers will be attracted to the projects and more vulnerabilities will be discovered. The impact of newfound vulnerabilities will be directly proportional to the popularity of the open-source project.
More Focus on Post Breach and Incident Response
With the continuous stream of breaches at large companies made public over the year, people realize that it is very difficult to guarantee that a company’s infrastructure is never compromised. Because of new technologies such as BYOx and cloud services, IT does not always have full control over some phases of the cyber kill chain. Post breach detection and incident response is a crucial part of a layered defense architecture. A good post breach detection and incident response implementation can catch bad guys sooner and reduce the damage a breach causes. Latest advancements in security analytics combines up-to-date threat intelligence information and context-sensitive data from local network traffic to identify traces of an intruder or malicious insider.
More Focus on Data Security
A great majority of the security breaches we have seen publicized involves the leak of sensitive data. As hacking is moving more towards monetary focus, this is arguably the most common goal of a successful hack. With technological developments such as mobile computing and cloud, companies have found it increasingly harder to secure their data from unauthorized access. At the same time, they not only need to secure how data is accessed, but also how data is used. Different users may be allowed access only to different views of the same data. This would mean identifying assets, more fine-grained application/API level control, better monitoring, auditing, and securing the storing and transmission of data.
Cloud Security Technology Advances
Security has always been one of the top concerns in moving applications to the cloud. And for a long time, limited security capabilities were provided because of the vastly different and rapidly changing underlying infrastructure. As SDN and network virtualization become more mainstream, it enables the deployment of security technology through virtual network boundary and service chaining. We will see companies offering new ways of doing more comprehensive security as cloud technology evolves. This advancement of cloud security will ultimately drive more business to the cloud.