Cyber attacks have become something far greater than an embarrassing nuisance. As businesses are increasingly reliant on digital platforms for almost every aspect of their operations, an attack can cause everything from direct financial loss and brand damage, to destroyed consumer trust, supply chain disruption, contract and SLA breaches, and regulatory fines.
But just what will be 2018’s hottest cyber-security themes?
Anton Jacobsz, MD of Networks Unlimited, offers these top five predictions:
Web application firewalls
As an increasing number of enterprise applications are created, updated and delivered from the cloud, the need for a dedicated Web Application Firewall (WAF) continues to rise.
Organisations are realising that with today’s sophisticated threats, stock-standard network firewalls alone are just not enough. Tomorrow’s complex and uncertain cyber-threats need multi-layered defences – and one’s WAF is a crucial layer.
In fact, Frost & Sullivan[1] believes the WAF market will continue growing at almost 14 percent compounded annually, reaching over $1,1-billion by 2021.
WAFs provides an excellent counterweight for CIOs that are looking to empower developers with all the tools to experiment, iterate and release new applications with a ‘continuous delivery’ mindset. Now, developers can build applications and embrace new tools freely, knowing that the application landscape is securely protected from any threats.
Using AI to identify cyber threats
In 2018 we’ll need to start gearing up for an exponential, limitless future, powered by new technologies.
While this will bring unlimited opportunities, it will also bring unlimited threat: Each day, organisations could potentially be exposed to millions of different cyber-crime attempts.
Forward-looking companies are already turning to Artificial Intelligence (AI) to scan the threat horizon for emerging risks, and quickly mitigate any impact. With AI, as new threats are encountered and analysed, and the machine is able to continually learn, buttressing the organisation’s defences as it goes throughout it tasks.
AI bleeds into the realm of predictive analytics – where it could even become possible to start pre-empting attacks, before they happen.
The vision for AI in security is that talented human agents can finally relieve themselves of the mundane tasks of dealing with threats and incidents, and focus on more challenging or strategic cyber-defence issues.
Combating weaponised devices in DDoS attacks
Distributed Denial of Service (DDoS) attacks are certainly on the rise, seeing a 68 percent compound annual increase in attacks since 2011. They’re also growing in complexity: becoming multi-vector threats that combine volumetric approaches, with TCP state exhaustion tactics, and application layer attacks.
But the most worrying DDoS trend – especially considering with our growing love-affair with the Internet of Things (IoT) – is that billions of connected devices and sensors could be hacked and ”weaponised’ (enlisted in giant drone armies that launch DDoS assaults).
As we bring more devices onto our networks, we can only hope that manufacturers – making everything from smart fridges, to IP surveillance cameras, to connected cars – apply the right security considerations. But for organisations to remain safe from these zombie armies, the smart play is to use dedicated DDoS attack detection and mitigation tools.
Digital ‘neighbourhood watch’ to beat phishing attacks
There’s old adage that human vulnerabilities are the weakest link in the cyber security value chain. And over the past couple of decades, employees have fallen victim to a variety of social engineering tactics – most notably the arena of phishing (and its cousins vishing, smishing, spear-phishing, and whaling).
In 2018 we’ll see a far greater focus on empowering employees with the tools to become actively involved in the fight against social engineering. Think of it like a Neighbourhood Watch programme for the digital era.
With recent research pointing to nine in 10 successful cyber-attacks originating from phishing, it’s important to create active lines of defence, by empowering staff with:
* Awareness training to become more vigilant against targeted cyber attacks.
* Tools to easily report suspicious e-mails to the internal security teams.
* Systems for incident responders to immediately analyse, prioritise, and act on suspect e-mails.
Big leaps forward in encryption
The cloud revolution has certainly made us more aware of the data that traverses our networks and data centres; and an increasing amount of sensitive data is now at risk of interception.
In every industry, encryption standards and best practices are racing to catch up with systemic risks in various ecosystems. Europe’s new General Data Protection Regulations come into force in 2018, and refer in depth to encryption of data. In the payments space, we’ll see the introduction of PCI DSS version 3.2 – to help us better secure financial transactions in the modern digital era of near-field communications, contactless, smartcards and payment apps.
So we can expect CIOs and CSOs to spend more time pouring over the benefits of tactics like tokenisation, dynamic data masking and advanced key management. Encryption remains a fast-paced and dynamic sub-set of the broader cyber defence arena, so look for disruptive technologies like the blockchain and biometrics to start playing a central role in data encryption.
2018 is likely to be another exciting year for technology innovation, but another terrifying year for security professionals. By addressing the entire breadth of potential threats with the very best technology, organisations will be able to sleep more peacefully in 2018.
As always, forewarned is forearmed, and when we consider the trends that we’re inheriting from this year, in 2018 you’d better be well-armed.