Five Security Tips for 2016 That Could Save Your Job
Pretty much everyone expects the pace of cyberattacks seen over the past two years to continue in 2016, but there are some differences in next year’s security predictions. For one thing, we're hearing the term “prediction” used more in place of “prevention.”
The reason: Nearly everyone agrees now that cyber incidents are inevitable for … nearly everyone. That means that CIOs and CISOs need to have a response plan in place. Failure to do so will likely cost someone their job should a significant incident occur. That’s already happening to some degree in the healthcare industry.
But beyond the “when not if” shift in security attitudes, what else should organizations expect in 2016? We put that question to Amit Yoran, the president at RSA, the information security arm of EMC. He prefaced his predictions by reviewing the major trends of 2015.
“This year marked a strategic shift from a maniacal focus on prevention, toward greater balance on monitoring, detection, and response capabilities,” Yoran observes. “It’s become cliché? to say that breaches are inevitable and that faster detection and more accurate incident scoping are the way forward.”
In addition, “2015 saw continued acceleration of threat evolution,” Yoran says. “What was considered an ‘advanced’ threat in years past has become a commodity today, with sophisticated malware and exploits available for the price of a movie ticket.”
As troublesome as these observations seem, the most impactful evolution goes almost entirely unreported and misunderstood, Yoran believes.
“The threats that matter most -- today’s pervasive threat actors -- are now conducting attack campaigns comprised of multiple exploit methods and multiple backdoors to assure persistence. Incomplete incident scoping has become a critical and consistent mistake made by security teams,” Yoran stresses.
This year was also notably characterized by security vendors claiming to be able to prevent advanced threat breaches when the reality is, they can’t, Yoran says.
“It was characterized by organizations recognizing the need to monitor and defend their digital environments differently, but continuing to center their security programs on the same technologies and approaches they have been using – hoping for a different outcome, but not acting differently,” Yoran says.
As to what’s in store for 2016, Yoran offered the following predictions on what organizations need to be ready for:
Strategic Data Manipulation and Disruption
“Organizations will begin to realize that not only is their data being accessed inappropriately, but that it is being tampered with,” Yoran says. “Data drives decision making for people and computer systems. When that data is unknowingly manipulated, those decisions will be made based on false data. Consider the potentially devastating consequences of misrepresented data on the mixing of compounds, control systems, and manufacturing processes.”
Increasing Attacks on Application Service Providers
“As organizations become more comfortable with the ‘as-a-service’ model, many of their most sensitive applications and data reside in the Cloud,” Yoran notes. “The aggregation of this valuable data from many companies creates an incredibly lucrative target for cybercriminals and cyber espionage. A deeper appreciation of third party risk is needed.”
Hacktivism and the Attack Surface
“Per my earlier comment, as cyber-attack tools and services become increasingly commoditized; the cost of attacking an organization is dropping dramatically, enabling more attacks that do not have financial gain as the primary focus,” Yoran explains. “Sophisticated hacktivist collectives like Anonymous have been joined by relatively unsophisticated cyber vigilantes. Organizations need to realize that financial gain is no longer the only or even the biggest driver of some of their adversaries. Security operations and risk managers should evolve their understanding not only of the threat, but also of what, why, where, and how they are being targeted.”
ICS (Industrial Control Systems) pushed to the Breaking Point
“Intrusions into systems that control operations in the chemical, electrical, water, and transport sectors have increased 17-fold over the last three years,” Yoran warns. “The advent of connected and automated sensors aggressively exacerbates these issues. The growth in the use of cyber technology for terrorism, hacktivists and other actors, combined with the weakness of ICS security generally, combined with the potential impact of bringing down a power facility or water treatment plant (hello, California), makes the critical breach of an ICS in 2016 extremely concerning and increasingly likely.”
Shake-out of the Security Industry
“Our industry has been awash in venture capital and as a result, foolish investments have been made in strategies and technologies that are little more than snake oil,” Yoran concludes. “As organizations’ security programs continue to mature, they are learning that claims of being able to prevent advanced threat breaches are nothing more than fantasy. Expect to see a shake-out in the security industry as organizations maturing understanding of advanced threats increasingly drives their security investment decisions.”