Cybercriminals are becoming more sophisticated and collaborative with every coming year. As with previous years, 2017 saw no shortage of cyberattacks. In an ongoing index of predictions, projections for 2018, we spoke to industry experts to find out what happens next.
How will the treat landscape look like over the next 12 months?
Scott Manson, Cybersecurity Lead – Middle East and Africa, Cisco:
A majority of threats are well known today. Our threat intelligence data says 90% of attacks can already be identified across our networks and are known threats or variants of these threats (i.e. not zero-day attacks resulting from previously unknown gaps in software and applications). Unfortunately, companies are not helping themselves to be ready for the known, let alone the unknown and the main reason for this lack of readiness is the volume of cyberattacks. Threats will continue to be made easy for anyone to launch an attack on an organisation. The format will continue to be: search for weak spots and exploit the workforce, supply chain, and IT systems.
Finally, the endpoint and mobile devices and un-supervised WI-FI networks will be the attackers sweet spot. Threat actors are targeting mobile devices in greater numbers with cybercriminals inserting malware into legitimate applications. App stores are being used to distribute mobile apps loaded with malware including wildly popular apps such as Pokémon GO. But the challenges extend beyond apps. WI-FI spots that aren’t under the control of a company’s network administrators will continue to pose risks to enterprise data.
Amir Kanaan, General Manager, Kaspersky Lab Middle East:
The threat landscape is constantly changing and advancing. With the massive wave of digitisation sweeping the world, cybercriminals have found new and more sophisticated ways of breach. There is a variety of trends we have observed –ones that affect consumers and ones that are specifically targeted to organisations. For example, 2017 saw the rise of ransomware and the sheer panic caused by it in critical industries, such as healthcare. We believe ransomware will continue to loom over 2018 as well. Another trend that we witnessed and expect to continue through the next year is mobile banking threats, which are among the top 10 malicious financial programs.
Advanced Persistent Threats target businesses each year and we expect the trend to continue, but with a slight modification. We expect to see a decreased emphasis on ‘persistence’, with a greater focus on memory-resident or file-less malware, reducing the traces left on an infected system and thereby circumventing detection. We predict an increase in the repurposing of off-the-shelf malware by cybercriminals who make use of already created attack vectors.
We also see diversification in attack targets by industries. Attacks on financial services organisations, such as banks, investment funds, and both stock and currency exchanges, including those handling cryptocurrencies have become more commonplace. Industrial cybersecurity is also being targeted increasingly, which should be of a greater focus in the Middle East in order to safeguard its oil and gas and energy facilities.
James Lyne, Head of Research and Development, SANS Institute:
It isn’t just technology, but cyber security professionals that will be in high demand in 2018 and the coming years. While the security market is predicted to be worth $101 billion by 2020 according to IDC, a shortfall of 1.5 million security professionals is expected within the same timeframe by Frost & Sullivan and (ISC)..
Organisations need to act now to develop the necessary skill sets within their in-house IT teams. This means investing in trainings and certifications, so they can harden not just the technology but also people and processes which are fundamental pillars of cybersecurity.
What technologies will be in high demand?
Brandon Bekker, Managing Director, Mimecast MEA:
As attacks become more sophisticated, targeted threats will continue to wreak havoc and effective protection will become increasingly important. Advanced security will become a no-brainer for any organisation who doesn’t want to lose money, data or reputation after falling victim to an effective cyber-attack.
A major game changer will be the effect of artificial intelligence on cybersecurity. It’s likely that we will see a rise in the use of AI or machine learning to introduce attacks that can morph more quickly. While this is a frightening thought, AI will also play a crucial role in managing threats. Threats are evolving rapidly and are too varied for the industry to handle them manually. For example, spear-phishing and impersonation attacks will become ever more insidious and we will need smarter algorithms to cope with them. Artificial intelligence and data science are not miracle cures, but are an increasingly important weapon in the arsenal of cybersecurity.
We will need to focus on AI and invest more in machine learning, in order to cope with the increasingly severe problem of defending against malware.
Tabrez Surve, Regional Director, F5 Networks:
Mobile technology powers and influences the way we live, work and play in profound ways. 5G is set to change the game yet again.
Businesses should be planning for roll-out now, both from both a technical and process perspective. Factors to consider include how they will support 5G, how it will affect their customer’s experience using their service or product, and working with new kinds of partners. For example, a healthcare company could now find themselves working directly with an IoT vendor.
Fundamentally, organisations need networks that can scale to handle massive traffic increases. With millions of new devices entering the space, security concerns will also need to be addressed from day one and, crucially, not result limited accessibility. The best way forward is to work with a service provider and deploy Network Functions Virtualisation (NFV) and cloud-based technology as soon and as intelligently as possible.
Jose Varghese, EVP and Head of CyberActive Services at Paladion:
It takes about 100 days to detect an active advanced threat actor in your environment. As companies try to reduce this delay – via collecting even more data about their networks, users and applications to increase their visibility and deploy more intelligent systems to sift through this enormous data quickly and effectively- big data analytics and machine learning systems will take up centre stage. The current security technologies and tools will still play a role in identifying and thwarting the more opportunistic and less complex attacks , while newer technologies will guard us against the more serious and skilled adversary.
Will ransomware spin out of control?
Roland Daccache, Senior Regional Sales Engineer, MENA, Fidelis Cybersecurity:
Ransomware’s most obvious purpose is generating money, however there have been recent indications and clues that ransomware is at the forefront of other much more malignant activities, such as theft of intellectual property, trade secrets, etc.
It is likely that we will witness more ransomware attacks against the healthcare, transport, retail and critical infrastructure sectors, as they are still more vulnerable than financial institutions, with more legacy systems in place.
Rick Holland, VP Strategy, Digital Shadows:
There has been a steady increase in ransomware use over the past few years, with several new variants on the scene or modified versions of older variants such as Locky being circulated. With the rise of ransomware-as-a-service (Raas) offerings the barriers to entry for this type of malware is lower than ever.
One reason ransomware appears so ubiquitous these days is the experience of WannaCry and NotPetya, which affected a wide number of industries and geographies due to their self-propagating capabilities. The interconnectivity of modern systems and the ubiquity of applications means that enterprises could find themselves the victims of attacks not specifically targeting their organisations. WannaCry and NotPeyta are a sign of things to come, and you can expect attackers will improve their future campaigns.
While similar attacks are likely, basic security principles can help prevent ransomware attacks spinning out of control. Both NotPetya and the earlier WannaCry exploited basic and known security vulnerabilities, so segmenting networks and applying basic patching cycles will go a long way to mitigating threats such as this.