Security Market Segment LS
Wednesday, 10 January 2018 23:22

Forcepoint's predictions for the five big security issues in 2018

By

With tremendous technological advances comes, unfortunately, those seeking to exploit others and the continual battle for business, government and individual to keep ahead. Cyber security software company Forcepoint spoke to iTWire about its security predictions for 2018.

Guy Eilon, senior director and general manager, ANZ, Forcepoint, said 2017 was a year of phenomenal technological advancement. “We’ve seen progress in the fields of blockchain, artificial intelligence, big data, and cloud systems – to name a few. But with the growth of these areas has come new challenges, particularly when it comes to cyber security.”

“In a world where malware is continually evolving, critical business data is moving to the cloud, and criminals are exploiting new vectors of attack, how can we let security professionals stay up to date and help them focus on key areas of risk that will present themselves in 2018 and beyond?”

To answer this question, Forcepoint spoke to its Security Labs, Innovation Labs, CTO and CISO teams, generating the security predictions which Eilon claims will have the biggest impact on Australian businesses in 2018.

Forcepoint prediction #1: An increasing amount of malware will become man-in-the-middle aware.

The Web is moving increasingly to encryption, with search engines, social media and shopping sites all joining financial institutions and other security-conscious organisations in being HTTPS only, to make the Web a safer place for everyone.

Yet, to protect personal data and intellectual property from leakage and malicious use, enterprises are employing SSL/TLS decryption and inspection technologies to maintain visibility of the data moving from machine to machine. In this case, MITM techniques are being used legitimately. MITM is the only effective way to monitor traffic for network data loss protection (DLP) and cloud access security broker (CASB) analysis, so Forcepoint sees MITM becoming increasingly common for legitimate purposes, but this will raise privacy challenges.

Further, Forcepoint predicts malware will take MITM into account, actively ceasing its execution and hiding its presence when realising it is under analysis.

The players aren’t trivial; Forcepoint expects to see nation-states as well as cyber criminals using such sophisticated tactics and techniques, while malware creators and botnet controllers will take advantage of any environments not using SSL/TLS decryption and inspection by having the malware itself use encryption to thwart detection.

Prediction #2: The Internet of Things will experience the “disruption of things”.

With the explosive growth of Internet-connected devices, Forcepoint foresees a new threat in 2018 which is dubbed “the disruption of things”, seeing the wonderful potential of technology to bring about business efficiency being turned into mass business chaos.

While it is already conceivable attackers can exploit insecure home Internet routers, Forcepoint predicts we will be seeing news of network-connected refrigerator trucks having their temperatures raised by malicious persons, spoiling food and disrupting social infrastructure. Or, turning off or disrupting manufacturing processes by interfering with connected manufacturing sensors.

These IoT devices will also be targeted by attackers to build larger and more powerful botnets of things.

MITM will come into play with IoT also; as hardware-based Alexa, Google Assistant and Siri devices become more prevalent, they will become attractive and lucrative targets for their financial data and other insights.

Prediction #3: systems surrounding cryptocurrencies will be increasingly under attack.

“We expect to see an increasing amount of malware targeting user credentials of cryptocurrency exchanges and the websites that allow users to buy, sell and exchange crypto-currencies for other digital currency or traditional currency in the vein of TrickBot in August 2017,” Eilon says.

“We further anticipate cyber criminals will turn their attention to vulnerabilities that exist in various systems which rely on blockchain-based technologies. While the principle of the blockchain makes the insertion of falsified transactions into historical blocks prohibitively difficult, compromising the systems used to make the transactions — for example, the 2016 attack on the DAO which exploited a flaw in the code of the smart contract underlying the organisation — will be an attractive proposition for highly skilled attackers.”

Prediction #4: a data aggregator will be breached in 2018 using a known attack method.

Just as the 2017 Equifax breach occurred through a known, but unpatched, vulnerability, so too Forcepoint expects we will see more of the same in 2018, despite the example of Equifax behind us.

“Credit reporting agencies, online retailers and other large aggregators of data provide cybercriminals with an opportunity to target complete sets of information such as personal data from banks and electronic healthcare records due to their undeniably inherent wealth of value. This data is not something that can be changed or adapted like a password; rather, it is always associated with an individual. 2018 will see cybercriminals take advantage of these systems and undertake successful attacks on these firms,” Eilon says.

The Equifax breach should be a wake-up call for business worldwide. Yet, Forcepoint predicts we will see it again this year, with a data aggregator being breached by one of these attack vectors:

  • an exploit of known vulnerabilities;
  • accidental compromise via employee error;
  • third party compromise leading to first-party breach;
  • a ransomware attack;
  • social engineering attacks;
  • exploits of security misconfiguration; and
  • exploits of weak authentication practices.

Prediction #5: 2018 will ignite a broad and polarising privacy debate, within governments, and between ordinary people.

Over the last two years Forcepoint states there has been an erosion of the clean line between personal and public spheres, ongoing geopolitical uncertainty, and foreign and domestic threats all combining to deliver tension between individual rights and security for all. To date privacy has not put up much of a fight – “we predict that will change in 2018”, Eilon says.

“Our prediction is based on what we see as the perfect storm between the following four drivers: legal, technological, societal, and political. The confluence of these factors will cause a tectonic shift in the privacy landscape.

“Legal concerns will lead the pack in terms of visibility in the security community. Australia has passed mandatory data breach notification law which comes into effect in February 2018 and will cover most Australian businesses with an annual turnover of at least $3 million, and government agencies. The law means organisations that determine they have been breached or have lost data will need to report the incident to the Privacy Commissioner and notify affected customers as soon as they become aware of a breach.”

“Another regulation that will have an impact in Australia is GDPR, a European-led regulation which will nevertheless affect global businesses who hold or process the personal data of any European-resident citizen.  With regulations set to come into effect on 25 May, 2018, privacy is top of mind for many technologists: compliance is going to drive visibility through 2018 and beyond.”

Eilon also points to the ease in which individuals trade convenience for privacy as they use location-based and ID-tracking services in mobile phones and home assistants, and ongoing terrorist threats as two major factors that will make 2018 an interesting year from a privacy perspective.

“Together, the stars are aligning to make 2018 the kick-off to what we’re going to call ‘The Privacy Wars’ – pitting technologists against the ordinary person on the street and splitting opinion in government, at work, and at home."

Forcepoint’s predictions for 2018 showcase a myriad of challenges for those tasked with protecting people, data and networks, but “there is not a single prediction that does not contain a human element,” Eilon says. “It will be important for cyber security professionals to understand the human-centric root of risk as users have the potential to unintentionally compromise their own systems in one minute and be the source of innovation in the next.”

GuyEilon

Read 4596 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here

ENABLING MICROSOFT TEAMS IN THE CONTACT CENTRE

If you're looking at enabling Microsoft Teams for your contact centre, you should bookmark this webinar.

Marketing budgets are now focused on Webinars combined with Lead Generation.

Our panellists from Whangarei District Council (NZ) and Maurice Blackburn Lawyers (Aus) were closely involved in recent projects to enable Microsoft Teams for their own contact centres.

They have kindly agreed to join Enghouse and Microsoft to talk about some of the things they would recommend as most critical for IT and CX professionals planning a Teams Contact Centre migration.

Date: 11 May 2022
Time: 12pm AEST | 2pm NZST | 10am SGT

We look forward to having you join us. Please click the button below to register.

REGISTER HERE!

SONICWALL 2022 CYBER THREAT REPORT

The past year has seen a meteoric rise in ransomware incidents worldwide.

Over the past 12 months, SonicWall Capture Labs threat researchers have diligently tracked the meteoric rise in cyberattacks, as well as trends and activity across all threat vectors, including:

Ransomware
Cryptojacking
Encrypted threats
IoT malware
Zero-day attacks and more

These exclusive findings are now available via the 2022 SonicWall Cyber Threat Report, which ensures SMBs, government agencies, enterprises and other organizations have the actionable threat intelligence needed to combat the rising tide of cybercrime.

Click the button below to get the report.

GET REPORT!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
David M Williams

David has been computing since 1984 where he instantly gravitated to the family Commodore 64. He completed a Bachelor of Computer Science degree from 1990 to 1992, commencing full-time employment as a systems analyst at the end of that year. David subsequently worked as a UNIX Systems Manager, Asia-Pacific technical specialist for an international software company, Business Analyst, IT Manager, and other roles. David has been the Chief Information Officer for national public companies since 2007, delivering IT knowledge and business acumen, seeking to transform the industries within which he works. David is also involved in the user group community, the Australian Computer Society technical advisory boards, and education.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments