Guy Eilon, senior director and general manager, ANZ, Forcepoint, said 2017 was a year of phenomenal technological advancement. “We’ve seen progress in the fields of blockchain, artificial intelligence, big data, and cloud systems – to name a few. But with the growth of these areas has come new challenges, particularly when it comes to cyber security.”
“In a world where malware is continually evolving, critical business data is moving to the cloud, and criminals are exploiting new vectors of attack, how can we let security professionals stay up to date and help them focus on key areas of risk that will present themselves in 2018 and beyond?”
To answer this question, Forcepoint spoke to its Security Labs, Innovation Labs, CTO and CISO teams, generating the security predictions which Eilon claims will have the biggest impact on Australian businesses in 2018.
The Web is moving increasingly to encryption, with search engines, social media and shopping sites all joining financial institutions and other security-conscious organisations in being HTTPS only, to make the Web a safer place for everyone.
Yet, to protect personal data and intellectual property from leakage and malicious use, enterprises are employing SSL/TLS decryption and inspection technologies to maintain visibility of the data moving from machine to machine. In this case, MITM techniques are being used legitimately. MITM is the only effective way to monitor traffic for network data loss protection (DLP) and cloud access security broker (CASB) analysis, so Forcepoint sees MITM becoming increasingly common for legitimate purposes, but this will raise privacy challenges.
Further, Forcepoint predicts malware will take MITM into account, actively ceasing its execution and hiding its presence when realising it is under analysis.
The players aren’t trivial; Forcepoint expects to see nation-states as well as cyber criminals using such sophisticated tactics and techniques, while malware creators and botnet controllers will take advantage of any environments not using SSL/TLS decryption and inspection by having the malware itself use encryption to thwart detection.
Prediction #2: The Internet of Things will experience the “disruption of things”.
With the explosive growth of Internet-connected devices, Forcepoint foresees a new threat in 2018 which is dubbed “the disruption of things”, seeing the wonderful potential of technology to bring about business efficiency being turned into mass business chaos.
While it is already conceivable attackers can exploit insecure home Internet routers, Forcepoint predicts we will be seeing news of network-connected refrigerator trucks having their temperatures raised by malicious persons, spoiling food and disrupting social infrastructure. Or, turning off or disrupting manufacturing processes by interfering with connected manufacturing sensors.
These IoT devices will also be targeted by attackers to build larger and more powerful botnets of things.
MITM will come into play with IoT also; as hardware-based Alexa, Google Assistant and Siri devices become more prevalent, they will become attractive and lucrative targets for their financial data and other insights.
Prediction #3: systems surrounding cryptocurrencies will be increasingly under attack.
“We expect to see an increasing amount of malware targeting user credentials of cryptocurrency exchanges and the websites that allow users to buy, sell and exchange crypto-currencies for other digital currency or traditional currency in the vein of TrickBot in August 2017,” Eilon says.
“We further anticipate cyber criminals will turn their attention to vulnerabilities that exist in various systems which rely on blockchain-based technologies. While the principle of the blockchain makes the insertion of falsified transactions into historical blocks prohibitively difficult, compromising the systems used to make the transactions — for example, the 2016 attack on the DAO which exploited a flaw in the code of the smart contract underlying the organisation — will be an attractive proposition for highly skilled attackers.”
Prediction #4: a data aggregator will be breached in 2018 using a known attack method.
Just as the 2017 Equifax breach occurred through a known, but unpatched, vulnerability, so too Forcepoint expects we will see more of the same in 2018, despite the example of Equifax behind us.
“Credit reporting agencies, online retailers and other large aggregators of data provide cybercriminals with an opportunity to target complete sets of information such as personal data from banks and electronic healthcare records due to their undeniably inherent wealth of value. This data is not something that can be changed or adapted like a password; rather, it is always associated with an individual. 2018 will see cybercriminals take advantage of these systems and undertake successful attacks on these firms,” Eilon says.
The Equifax breach should be a wake-up call for business worldwide. Yet, Forcepoint predicts we will see it again this year, with a data aggregator being breached by one of these attack vectors:
- an exploit of known vulnerabilities;
- accidental compromise via employee error;
- third party compromise leading to first-party breach;
- a ransomware attack;
- social engineering attacks;
- exploits of security misconfiguration; and
- exploits of weak authentication practices.
Prediction #5: 2018 will ignite a broad and polarising privacy debate, within governments, and between ordinary people.
Over the last two years Forcepoint states there has been an erosion of the clean line between personal and public spheres, ongoing geopolitical uncertainty, and foreign and domestic threats all combining to deliver tension between individual rights and security for all. To date privacy has not put up much of a fight – “we predict that will change in 2018”, Eilon says.
“Our prediction is based on what we see as the perfect storm between the following four drivers: legal, technological, societal, and political. The confluence of these factors will cause a tectonic shift in the privacy landscape.
“Legal concerns will lead the pack in terms of visibility in the security community. Australia has passed mandatory data breach notification law which comes into effect in February 2018 and will cover most Australian businesses with an annual turnover of at least $3 million, and government agencies. The law means organisations that determine they have been breached or have lost data will need to report the incident to the Privacy Commissioner and notify affected customers as soon as they become aware of a breach.”
“Another regulation that will have an impact in Australia is GDPR, a European-led regulation which will nevertheless affect global businesses who hold or process the personal data of any European-resident citizen. With regulations set to come into effect on 25 May, 2018, privacy is top of mind for many technologists: compliance is going to drive visibility through 2018 and beyond.”
Eilon also points to the ease in which individuals trade convenience for privacy as they use location-based and ID-tracking services in mobile phones and home assistants, and ongoing terrorist threats as two major factors that will make 2018 an interesting year from a privacy perspective.
“Together, the stars are aligning to make 2018 the kick-off to what we’re going to call ‘The Privacy Wars’ – pitting technologists against the ordinary person on the street and splitting opinion in government, at work, and at home."
Forcepoint’s predictions for 2018 showcase a myriad of challenges for those tasked with protecting people, data and networks, but “there is not a single prediction that does not contain a human element,” Eilon says. “It will be important for cyber security professionals to understand the human-centric root of risk as users have the potential to unintentionally compromise their own systems in one minute and be the source of innovation in the next.”