Top 10 Cybersecurity Predictions for 2016 and Beyond

Matthew RosenquistCybersecurity Strategist,Intel CorpMarch 2016

More of everything will massively increase the number of potential targets.

The growing cyberattack surface

The ease and cost of developing connected things is dropping fast, leading to an explosion of new products, many without adequate security protection.

New Device Types

Chain Reactions Drive Cybersecurity Evolution…

10 Evolving Challenges in Cybersecurity

1. Government’s roles expand

2. Advances in nation-state cyber-offense affects everyone

3. Life safety and cybersecurity intersect in products

4. Rise in digital theft and fraud

5. Realistic impacts of cybersecurity emerge

6. Security expectations increase

7. Attackers evolve, adapt, & accelerate

8. Trust and Integrity are targeted and undermined

9. Security technologies improve but remain outpaced and outmaneuvered

10. Lack of security talent hinders the industry

Cybersecurity is Rapidly Evolving

Public demands their governments be more actively involved in preventing and responding to cyber threats, major hacking events, fraud, and digital crimes, yet not infringe upon individual’s privacy.

Government’s Roles Expand1.

Government’s Roles Expand

Result:

1. More regulations, to raise security standards

2. Better policing and collaboration

3. More laws for prosecution actions

4. Friction around technology privacy and government access

Nation-State Cyber-Offense Affects Everyone

Broad adoption by many nations of cyber-offense capabilities.

Governments incorporate cyber into their defense apparatus with clear objectives and deployable systems.

2.

i29 countries

Have formal cyberwarfare units

i63 countries

Use cyber tools for surveillance

i$19 billion

US 2017 proposed budget for cybersecurity

Nation-State Cyber-Offense Affects Everyone

Result:

1. Trickle-down effect gives advanced technology to criminals and attackers

2. Reverse engineered code is reused by other threats

3. Attackers don’t need to invest in developing high-end exploits, instead they harvest what governments create

Life Safety and Cybersecurity Intersect in Products

Industrial and consumer products are being connected to the internet and to each other

Vehicles, appliances, power stations, medical devices, and billions of other devices are gathering data and exerting a level of control in our lives

Risk of catastrophic impacts as our reliance and trust increase

3.

Life Safety and Cybersecurity Intersect in Products

Result:

1. A slow wake-up call for the transportation, healthcare, and industrial sectors as risks emerge

2. As IoT devices explode in number and function, so will the potential misuse

3. Remote devices, cameras, and drones become more concerning to safety and privacy. Expect more regulations

Attacks on automobiles will increase sharply in 2016 due to the rapid increase in connected automobile hardware built without foundational security principles.

Transportation

Top 10 Healthcare breaches of

2015, affected almost 35% of

the US population

Healthcare

Critical infrastructure systems not designed with outside access in mind will become vulnerable to low-incident, but high-impact events as they become connected to the Internet.

Critical infrastructure

Rise in Digital Theft and Fraud

More opportunities to steal, extort, and commit fraud. Greed principle prevails

Attackers are organized, share methods and tools

Threats not limited by geography

Financial, social, and geopolitically motivated

4.

i~$450 billion

Cyber-crime impact globally

i200% increase In cyber-crime in the last 5 years

i32% reported

Organizations reporting cyber-crime

Rise in Digital Theft and FraudResult:

1. More ways to successfully commit financial fraud and theft

2. Number of attacks increase, externals and internals, from across the globe

3. Higher cost incidents, millions-billion dollar attacks

4. Rising: Ransomware, CEO Fraud, transaction tampering

5. Continuing: DDOS & data breach extortion, Tax, Credit & banking fraud, skimmers, ATMs

Industry currently fails to measure the systemic impact and long term costs

New interest to understand the overall costs:

Security products/services spending, staffing, audit/compliance, and insurance

Incident response and recovery costs

Secure product development, innovation and sales friction, related opportunity costs

Realistic Impacts of Cybersecurity Emerge5.

Result:

1. Understanding impacts will begin to shift the industry perspectives

2. Evolving from tactical treatment of recurring symptoms to strategic interdiction of the systemic condition

Realistic Impacts of Cybersecurity Emerge

i

$3 trillion Aggregate innovation impact of cyber-

risks by 2020

-McKinsey & World Economic Forum

i

$90 trillion Potential net economic benefit drained from global GDP, worst case thru 2030

-Zurich & Atlantic Council

6. Cybersecurity Expectations Increase

Market demands more connectivity, devices, applications, and services

Enterprise perspectives shift to accept the reputation and market risks

Consumers expect security “their way”: Safety with access anywhere to anything

Cybersecurity Expectations Increase

Result:

1. Expectations rise, but resources and capabilities will not keep pace, causing friction and opportunities for attackers

2. Strategic insights are needed to manage risks and seize opportunities

3. Leadership will be key to find the ‘optimal’ balance of security

7.

Attackers are nimble, opportunistic, cooperative, skilled and relentless

Their motivation, resiliency, and creativity drives great adaptability

Acceleration in their methods, tools, and targets (technology, people, processes)

Attackers Evolve, Adapt, and Accelerate

Result:

1. Dark markets and services grow to enable

2. New data breach targets emerge

3. New uses for personal, health, biometric, and login data is explored by attackers

4. Research follows quickly into new areas of technology

5. Ransomware and “CEO email” tactics rise

6. Integrity attacks spear-headed by pros for huge gains – will drive new security solutions

Attackers Evolve, Adapt, and Accelerate

Cybercriminals, competitors, vigilante justice seekers, and nation-states will increasingly target cloud services platforms to exploit companies and steal confidential data.

Cloud services

Attacks on all types of hardware and firmware will continue. The market for hardware attack tools will expand. VMs will be successfully attacked through system firmware rootkits.

Hardware

Equation Group – HDD and SSD firmware reprogramming malware

First commercial UEFI Rootkit

8. Trust and Integrity are Targeted

Attackers leverage trust mechanisms for their goals: Digital certs, Identity and, Encryption implementation

Integrity attacks continue to escalate, altering data instead of stealing it. This begins a whole new game.

Trust and Integrity are Targeted

Result:

1. Digital certs misuse allows access and malicious sites/software to proliferate

2. Vulnerabilities in devices, encryption, and code force changes in product design

3. Integrity attacks emerge as a devastating new strategy, targeting financial, communications, and authentication transactions

A significant new attack vector will be stealthy, selective compromises to the integrity of systems and data. In 2016, we will witness an integrity attack in the financial sector in which millions of dollars will be stolen by cyber thieves.

Integrity

9. Security Technologies Improve but Remain Outpaced and Outmaneuvered

Execs get serious on managing cyber risks

Holistic and strategic views take hold

Cloud gets more secure

Malware detection and forensics improves

Hardware is the new trust foundation

Incident Response capabilities and services achieves professional standing

Security Technologies Improve but Remain Outpaced and Outmaneuvered

Result:

Near-term cyber protection capabilities

Availability/Denial of Service

Confidentiality/Data Breach

Integrity/Trust of Transactions

iEXCELLENT

iGOOD

iLACKING

The security industry will develop effective weapons to protect, detect, and correct many attacks, but the arms race will continue.

The security industry fights back

Security industry to-do list:Behavioral analytics

to detect irregular activities

Threat intelligence, sharedto deliver faster and better protection

Cloud-integrated securityto improve visibility and control

Automated detection and correctionto protect more devices with fewer security professionals

Threat intelligence sharing among enterprises and security vendors will grow rapidly.

Sharing threat intelligence

Legislative steps will make it possible to share threat intelligence with government.

We will see an acceleration in the development of best practices for sharing emerging threat information.

Threat intelligence cooperatives between industry vendors will expand. STIX/TAXII will be the standard by which they share information.

Metrics for success will emerge, allowing enterprises, security vendors, and governments to quantify protection improvement.

10. Lack of Talent Hinders the Industry

Lack of qualified talent will greatly restrict the growth and effectiveness of security

Academia is working to satiate demand, but it will take time.

i1.5-2 million

Unfilled positions by 2017

i12x growth

Compared to the overall job market

i70% understaffed Organizations report

lack of staff

Lack of Talent Hinders the Industry

Result:

1. Salaries continue to rise until demand is met

2. Headhunting and retention of top talent is ruthlessly competitive

3. Leadership and technical roles in greatest demand

4. Outsourcing to MSSP’s and security consulting firms increases

ConclusionAs always, cybersecurity represents risks and opportunities

Much of what was seen in 2015 will continue, but new vectors will emerge to supplant legacy tactics

The fundamentals remain but the details and specifics remain chaotic and unpredictable

New threat vectors will emerge as advanced technology is integrated

Leaders with insights to the future have the best opportunity to align resources and be prepared