The first half of 2017 has not exactly been a ride in the park for cybersecurity professionals.
Some of the highlight events so far this year have been the Shadow Brokers regularly dumping NSA hacking tools for public consumption, cybercriminals then using these shiny new toys to run amok producing WannaCry and NotPetya and most recently HBO being threatened with having its hottest show unveiled early unless a $6 million ransom is paid.
So will the last few months of 2017 see a continued level of activity or will things calm down as the bad guys take off for the holidays? SC Media asked some of the top executives in the field for what they see as the biggest threats and problems that will be faced in the next few months. This will be a living list with more threats being added as they appear.
1. Malware with worm capabilities
Jerome Segura – Lead malware intelligence analyst at Malwarebytes
Wannacry shocked the world by its rapid spread and this wouldn’t have been possible without its worm component. It reminded us of how quickly malware can propagate with devastating effects. Sadly, other malware authors have realized it also and are starting to add worm capabilities to their malware, such as recently with the Trickbot banking trojan.
2. Release of more Shadow Brokers tools
Jeff Schilling – Chief Security Officer at Armor
EternalBlue and DoublePulsar, the critical component of the WannaCry worm are potentially just the tip of the iceberg of what may be coming from the Shadow Brokers. These sophisticated tools, in the hands of a less than a sophisticated adversary, had massive global impact. Expect more to come.
3. Getting back to basics (patching, endpoint, hygiene)
Matt Pascucci – Cybersecurity Practice Manager at CCSI
This is the biggest issue of the year and the malware has shown just how easy it is to comprise systems.
4. The vulnerability of mobile carriers
Elad Yoran – Executive Chairman of KoolSpan
“Undoubtedly one of the more important security challenges facing us today is the growing realization that the carrier networks that transport the world’s voice and data communications are systemically vulnerable to interception and monitoring. Hackers, terrorist organizations, foreign governments and others take advantage of these internetworking protocols and exploit them on a regular basis from anywhere around the world.
5. Stop overwhelming clients with alerts!
Ben Herzberg, head of application security research at Imperva
Security controls generate a lot of alerts that can easily overwhelm an organization. In large organizations such as banks, it is common to have over 100,000 security alerts per day. As you can imagine, this requires a battalion of security engineers and analysts to sort through.
6. Adapting the firewall to face new threats
Jody Brazil, co-founder and chief product strategist, FireMon
“The evolution of the firewall is not complete. Networking technology is changing rapidly and the firewall will have to adapt. Cloud, SDN and containers threaten the traditional role of the firewall. The traditional network segmentation is being replaced with very flat networks – which removes a lot of network complexity, but introduces a significant challenge to the firewall.
7. Monitoring Cloud Configuration and Security
Tim Erlin, Vice President, product management and strategy at Tripwire
Organizations continue to adopt cloud technologies at a rapid rate, but information security isn’t keeping up. There have been discovered misconfigurations leading to data leaks, but for every one of these found, there are likely many more that aren’t published. With a rapid rate of technological change, huge variation of skills, and fast paced adoption, it’s clear that monitoring cloud assets and infrastructure will continue to be a challenge.
8. High Impact Attacks
Limor Kessem – executive security advisor at IBM Security
Thinking about the biggest challenges for the remainder of the year, the one that stands out the most to me is “impact.” No one can deny the destructive effect of attacks we encountered this year so far, from Shamoon v2, to WannaCry, and NotPetya, the world witnessed the power of malicious code at its highest impact to date. For the rest of year, organizations cannot ignore the overall increasing risk of highly advanced leaked code which has been used widely against organizations of all types and sizes and spreads quickly without discrimination. These attacks have shown us that it’s not just simply an organizations customer data, trade secrets, or finances that are at stake – entire operations have been shut down with devastating effects on business, employees and end users.
9. The Insider Threat
Itsik Mantin – head of data security research at Imperva
Similar to previous years, many of the breaches seen in the last year were not the result of hackers penetrating the organization and stealing data from it, but employees and third-parties that have access to sensitive data for the sake of their work, that in some cases steal the data, where in other cases leak it by sending it accidentally to unauthorized recipients. The challenge with data breaches involving insiders and third-parties is double. Not only do the attackers have much more inside info than an external attacker, but since no malware is involved and no penetration happens through the organization perimeter, many of the common security mechanisms, like firewalls and anti-viruses, become blind to these attacks happening.
10. Operationalizing GDPR
Chris Olson – CEO of The Media Trust
The EU’s pending data protection regulation ushers in a world of change for enterprise security teams. Beyond identifying and documenting data elements and data collection activity, IT and security professionals will join forces with privacy, risk and compliance officers to operationalize data governance policies. Implementation of compliance mechanisms to ensure data protection policies–including data unknowingly collected by third parties from everyday website operations–are actively monitored and enforced will be a key focus leading up to May 2018.