Businesses and consumers alike have been affected by the almost daily threats of data breaches and the impact of these have on a continuous basis. Will such threats enable identity fraud, send a business under or even give adversaries further power to conduct ever more dangerous attacks? Michael Sutton, CISO at Zscaler, has crafted his top five predictions for the year ahead and what this will mean for the threat landscape.
He discusses:
• Nation states ‘offensive offense’ – It’s likely 2017 will see the US and other nations step into a cyber mudslinging contest
• AI will be used for good and evil – Another platform that holds mass quantities of data will be susceptible to savvy criminals in 2017
• Ransomware gets physical – Encrypting data will be replaced with extortion via disabling physical systems
• Data breaches 3.0 – The next wave as criminals seek to alter, not exfiltrate data with corporate espionage in mind
• Cyber insurance disruption – Risk scoring algorithms will need to go far deeper with internal corporate security systems to calculate the likelihood of a breach
“Offensive Offense – Increasingly, motivations for offensive nation state sponsored attacks have gone into a new realm and have been driven primarily as an effort to undermine the credibility of another government or in some cases influence public sentiment.”
“Rise of the Machine (Learning) – Machine learning and artificial intelligence (AI) are the current buzz words du jour in the security industry. Machine learning will revolutionise security because humans simply can’t scale in the same way that but machines do and we’re willing to invest in perfecting the neural networks that drive them.”
“Ransomware gets Physical – Most ransomware to date remains relatively unsophisticated, relying primarily on social engineering as the infection mechanism. Attackers don’t need to pull 0day tricks out of their bag to infect PCs, when signature based defenses are easily evaded and humans remain gullible. What is changing, is the targets that the attackers are going after.”
“Data Breaches 3.0 – First we had the era of the financial data breach with the likes of Target, Home Depot, Michael’s and Neiman Marcus all suffering massive thefts of debit/credit card data across 2013 and 2014. Healthcare then bore the brunt of the attacks announced in 2015 with Anthem, Premera and Carefirst all acknowledging that millions of records had been stolen. In 2017 we can expect a third data breach phase, with attackers seeking to alter, not exfiltrate data.”
“Disruption in cyber insurance – The insurance industry is one that’s ripe for disruption. With data breaches becoming the norm, cyber insurance has also become a must have item for large enterprises. Insurance companies are desperate to get in on the game, but they have a big challenge – how do they calculate the likelihood of a breach? Life insurance is easy – plenty of people have lived and died and we have solid data on it.”