INTELLIGENT ENTERPRISE SECURITY
may become more of a concern in the
future. Could this lead to CSOs requiring
professional insurance in the same way
as many medical practitioners do today?
Might we see a longer-term requirement
for formal qualification and registration to
be a practicing CSO, much as others who
protect human lives – such as doctors –
have today?
Twenty-year old first principles
are finally reset
Many of the guiding principles in
cybersecurity have not changed much
in 20 years. Typically, practitioners
have strived to solve every problem to
the best of their abilities, using the best
solutions available at the time. However,
significant changes in IT consumption
models – dynamic, agile systems that
are increasingly disposable in nature
and based around subscription billing
– mean that businesses will no longer
continue to buy and build separate siloed
cybersecurity solutions that require
significant capital expense and people
skills, and are based on multi-year cycles.
As such, the fundamentals of cybersecurity
consumption will change.
Functioning in such dynamic
environments requires cybersecurity to be
native and automated, to work and adapt
at the same pace. This does not mean we
will not still have choices of technology
capabilities and vendors – you only have to
look at the AWS marketplace to see how this
is the case. But this does mean that native
security will require dynamic enablement,
configuration and transposition.
In the past, security often failed as
businesses struggled to connect their
own insights; in an agile IT world, the
importance of having a consistent and
integrated point of visibility, combined with
automated control, will become critical.
The transient nature of increasingly
consumable IT creates a further hurdle,
which is that, by the time an incident is
discovered, the environment in which it
was instigated may no longer exist. As
such, you need to be able to understand
how and why the incident occurred and
what was achieved, when operating in
an increasingly regulated world. This
will lead to greater demand to maintain
historical logging data and for the
correlation required to leverage it.
Cyber adversaries will extend
further into ransomware, OT
systems and cryptocurrencies
In recent years we have seen ransomware
used for profit. However, RanRan
is an example that used concepts of
ransomware, not just for profit, but also
to identify information that could be used
to blackmail victims. While continuing
to be financially focused, I believe
ransomware will also start to do more
data analysis, which means we could see
ransoms based on data value, rather than
being generic, plus more of both targeted
ransomware attacks and those being used
for other motives, such as blackmail.
The Dyn DDoS attack leveraged IoT
devices to attack traditional computer
systems. The volume of operational
technology is growing at pace, whether
that is factory systems or automated
drones delivering medical supplies in
countries like Africa, and we have yet to
see the impact of such systems coming
under direct attack.
However, the value to criminals of
stealing medical goods will surely mean that
they look to break into the IoT or OT system
to redirect the goods, and this highlights
the challenge we are likely to face. The
Greg Day, Vice President and Chief Security
Officer for EMEA, Palo Alto Networks.
growing commercial utilisation of IoT and
OT systems means that, for the adversary,
the value of breaching and controlling these
types of systems is increasing.
Finally, with the growing popularity
of digital currencies, more commonly
known as cryptocurrencies, we can expect
to see more malware focused on stealing
account information to empty these
next-generation accounts. The second
payment services directive requires
payment processors to open up access to
third parties, and as discussions continue
around blockchain digital ledgers, it feels
as if the financial industry is moving
further towards the digital money space.
The question is whether adversaries are
prepared for this transition – evidence
would suggest they are already looking
at it.
Credential theft will target weak
collaborative cloud points in the
supply chains of all kinds
of businesses
Whether it is because of the cloud or
just the dynamic nature of business,
it seems we are only increasing the
interconnectivity with our partners, supply
chains and customers. The challenge
here is working to maintain your own
cybersecurity capabilities, while also
looking at how to manage the risks that
stem from the unknown others including
partners, supply chain.
An IDC session I attended early in
2017 highlighted that the number of
information-based industry-collaborative
clouds will increase fivefold between 2016
and 2018.3 As such, while adversaries
continue to look for an entry point into
the business, it seems likely and logical
that collaborative cloud spaces may be
their next doorway in. As such, businesses
must start to consider what information
they include in these spaces, how they
validate the use of connected third parties
so they can spot anomalous behaviour,
and – most importantly – look at how
they segregate such connection points
from more critical, internal business
systems, using methodologies such as the
Zero Trust model.
39