The high-profile attacks of 2017 saw cyber defense rise to the level of boardroom concern. However, a look back to the past year reveals more than just a slew of headlines, but a number of trends which we can expect in 2018.
Businesses are becoming more cognizant that the threat is often already inside their networks. And as cyber-attacks become more sophisticated and new threat vectors lead to an expanded attack surface, CIOs and CISOs need to arm themselves – both with a knowledge of the threat landscape and with the security tools that can defend their businesses from the inside out.
Based upon my work with organizations across the nation and in every vertical, I anticipate seeing these 5 trends in 2018’s threat landscape:
1. Attacks by nation states and APT threat groups are on the rise
2017 left us with little doubt that nation-state attacks are real.
As we move into 2018, with the midterm elections upon us, we have to presume that we will see nation-state attacks on the rise. In late 2017, the U.S. government issued a rare public warning that sophisticated threat-actors are targeting industrial firms – it is almost a certainty that we will see an uptick in sophisticated campaigns against national critical infrastructure in the next year.
Additionally, Advanced Persistent Threat groups are acting more covertly than ever by leveraging legitimate administrative tools and processes that make subtle and unusual behaviors nearly impossible to identify. Early threat detection powered by machine learning must be integral to organizations’ security initiatives if companies want to stand a fighting chance against these silent and stealthy threats.
2. Insider threat will remain a blind spot for most corporations
Despite nation state attacks and sophisticated hackers, one of the greatest threats to any organization or government has an access card for the building and a password for the network.
Insider threats, whether malicious or accidental, are notoriously difficult to detect. Many organizations still lack the ability to identify when a user deviates from his or her normal ‘pattern of life’, and some of the most sophisticated attacks have started with an insider gone rogue.
3. The use of tools from the NSA and CIA leaks will lead to more sophisticated and machine-speed attacks
An underground economy has been created on the Dark Web to buy, sell, and repurpose new exploits from NSA and CIA leaks. Everyday hackers are now capable of launching sophisticated and large-scale attacks on corporations – from ‘worming style’ attacks like WannaCry and NotPetya, to advanced spear-phishing that mimics victims’ writing style and behavior to trick them into inadvisable actions.
As sophisticated and machine speed attacks become more common with the proliferation of these advanced tools around the cyber-criminal community, it will become an even greater challenge for security teams to keep up. Cyber security will no longer be a challenge that can be addressed by humans alone. The focus will shift from who is behind an attack, to how to use AI to become more resilient to attacks, irrespective of their source or threat vector.
4. Supply chains will continue to be a vulnerability for most organizations
The NotPetya attack of 2017 is an important reminder that our global economy isn’t just connected via the public internet, but is also directly connected by a private network of business-to-business direct connections across the supply chain.
While security teams think hard about defending their business with firewalls and sandboxes from the “outside world” with mixed results, business partners are often seen as trusted, and are protected by contractual clauses rather than significant technical defenses. This reveals a global digital hygiene problem where self-spreading attacks can migrate from business to business at incredible speed. Monitoring the actions and interactions of partners in our businesses isn’t a sign of reduced trust, it is a vital component of herd immunity for the global economy. A shift in mindset will be essential to containing the spread of attacks.
5. Artificial intelligence will become a common feature in the toolkit of cyber-criminals
We’ve already seen early warning signs of attackers using their own forms of AI to launch targeted and advanced campaigns.
Imagine a highly intelligent piece of malware that can autonomously glean insights from victims’ calendar appointments and mimic their email writing styles to trick them into inadvisable actions. Will you download an email attachment if it allegedly contains a map of directions to your next meeting? The future of cyber defense will be machines fighting machines for network control and the battleground will be within corporate networks. Defenders need to be ready to fight back.
Organizations still using the legacy approaches from a year ago to five years ago are consistently outpaced and forced to play catch-up. Attackers adapt and change their methods almost daily, making an approach that uses machine learning to identify never-before-seen threats absolutely critical to staying one step ahead of tomorrow’s attacker.