With the end of the year approaching, it’s time for some predictions about security trends we will see over the coming 12 months.
If the recent attacks against Sony, Forbes, Walmart Canada, and CBS News are anything to go by, 2015 will be the year of a new trend in cyber attacks: data destruction and the rise in capability of the hacktivist. Today, we are accustomed to a particular modus operandi for attackers: they get in, establish a foothold, find what they’re looking for, and steal it. However, what we’re not accustomed to is mass data destruction as part of an attack, and hacktivists having a level of capability where they pose a non-trivial threat to organizations. According to the recent warning from the FBI, however, recent attacks have been far more destructive: hacktivists have overwritten data on hard drives and destroyed master boot records, preventing users’ machines from even booting. If data destruction becomes a trend, it will only heighten the need for improved methods of detection and protection. The cost of data theft is something we’ve unfortunately become accustomed to, but the cost of the destruction of data and systems is far more severe.
With the recent evolution in the threat landscape in mind, 2015 will see the emergence of the next generation of endpoint protection products. We know the need exists, and security vendors are starting to respond. These new products will focus on detecting exploits in web browsers and common productivity apps, since attackers have moved away from targeting vulnerabilities in operating systems and have begun to exploit applications instead. The products will also analyze newly present binaries on the file system and compare them against known bad lists to find and respond to threats. Last, this next generation of solutions will provide some form of sandbox environment for inspecting and then isolating suspicious processes — all on the endpoint.
Moving to the human element, we are also going to see products, and a rise in techniques in using behavioral analysis to detect bad actors who are already inside the network and moving laterally to complete their mission. Behavioral analysis offers ongoing verification of a user’s identity as part of the authentication process, and it can also help detect anomalies and determine the level of risk associated with a particular activity through data modeling. There is clearly a security visibility gap today that behavioral analysis can fill - the ability to detect bad actors who are already inside your network and moving laterally to complete their mission.
These new products will dramatically increase the volume of data available for security professionals to use for threat identification. Accordingly, more organizations will adopt a big data architecture for their security information, and they will need effective ways to filter out the noise and make this information meaningful. More of them will move to a risk-based security approach, in which activities across the network are constantly evaluated, scored, and surfaced based on the potential threat they represent.
Last, we know that attackers quickly abandon the use of malware and use legitimate credentials to complete their mission. While two-factor authentication is an excellent way to protect against this at the perimeter and internally, it doesn’t provide any form of detection or protection when an attacker attempts to authenticate. Organizations will start to realize the value of adaptive authentication provided by the next generation of strong authentication solutions. Using adaptive authentication in conjunction with two-factor methods adds an additional level of risk analysis to the authentication process — all while leveraging an organization’s existing VPN or identity store investment.
All in all, 2015 should be an exciting year that will bring significant changes in the security industry as we respond to the increasing sophistication of cyber-attacks. Organizations should be paying close attention to the rapid evolution of the solutions available and not be hesitant to be aggressive in their approach to security. As we’ve all heard many times, we should be operating as if we have already been breached — 2015 IT security plans should reflect that mentality. Best of luck with your security in 2015!