Businesses and consumers alike have been affected by the almost daily threats
of data breaches and the impact of these have on a continuous basis. Will such
threats enable identity fraud, send a business under or even give adversaries
further power to conduct ever more dangerous attacks? Michael Sutton, CISO at
Zscaler, has crafted his top five predictions for the year ahead and what this
will mean for the threat landscape.
He discusses:
• Nation states ‘offensive
offense’ – It’s likely
2017 will see the US and other nations step into a cyber mudslinging contest
• AI will be used for good and
evil – Another platform
that holds mass quantities of data will be susceptible to savvy criminals in
2017
• Ransomware gets physical – Encrypting data will be replaced
with extortion via disabling physical systems
• Data breaches 3.0 – The next wave as criminals seek
to alter, not exfiltrate data with corporate espionage in mind
• Cyber insurance disruption – Risk scoring algorithms will
need to go far deeper with internal corporate security systems to calculate the
likelihood of a breach
“Offensive Offense –
Increasingly, motivations for offensive nation state sponsored attacks have
gone into a new realm and have been driven primarily as an effort to undermine
the credibility of another government or in some cases influence public
sentiment.”
“Rise of the Machine
(Learning) – Machine learning and artificial intelligence (AI) are the
current buzz words du jour in the security industry. Machine learning will
revolutionise security because humans simply can’t scale in the same way that
but machines do and we’re willing to invest in perfecting the neural networks
that drive them.”
“Ransomware gets Physical
– Most ransomware to date remains relatively unsophisticated, relying primarily
on social engineering as the infection mechanism. Attackers don’t need to pull
0day tricks out of their bag to infect PCs, when signature based defenses are
easily evaded and humans remain gullible. What is changing, is the targets that
the attackers are going after.”
“Data Breaches 3.0 –
First we had the era of the financial data breach with the likes of Target,
Home Depot, Michael’s and Neiman Marcus all suffering massive thefts of
debit/credit card data across 2013 and 2014. Healthcare then bore the brunt of
the attacks announced in 2015 with Anthem, Premera and Carefirst all
acknowledging that millions of records had been stolen. In 2017 we can expect a
third data breach phase, with attackers seeking to alter, not exfiltrate data.”
“Disruption in cyber
insurance – The insurance industry is one that’s ripe for disruption. With
data breaches becoming the norm, cyber insurance has also become a must have
item for large enterprises. Insurance companies are desperate to get in on the
game, but they have a big challenge – how do they calculate the likelihood of a
breach? Life insurance is easy – plenty of people have lived and died and we
have solid data on it.”
