What to Expect in Cybersecurity for 2019Technological advancements, an evolving threat landscape, and sophisticated nation-state actors will impact how organizations mitigate risk in the coming year. By: Hadi Hosn
Security professionals are tasked with outwitting adversaries and mitigating risk in a threat landscape that's evolving faster than ever before. The stakes are high, as the seemingly endless list of damaging breaches last year demonstrated. This organizational struggle isn't new, but when looking at 2019, it's important to remember that whatever threat trends proliferate, business leaders cannot overlook the role security and risk management play in their overall strategy. Offensive and defensive tactics are changing, and though predicting what might happen in the future is a difficult task, what's most valuable to safeguard against threat actors is a holistic strategy that focuses on tactics, not tools, and that supports the growth and maturity of your security program.
Effective Automation Solutions Will Get Beyond One-Size-Fits-All
Automation is a boon for the cybersecurity industry. The ability to automatically process vast swathes of event logs to identify suspicious activity has freed-up an invaluable amount of time and resources, and drastically reduced the number of false positives. Machine learning enables this process to become even more effective.
But automation is nothing without human intelligence and expertise.
This year will likely see an increase in the number of vendors promoting one-size-fits-all solutions that use automation and machine learning. Security professionals should be wary of companies that claim no human input is needed. It takes an experienced security analyst backed by world-class threat intelligence to identify whether or not an event poses a serious threat. Even full AI is not going to be able to replace human expertise in the foreseeable future.
With the benefits of automation also come the risks: the cat and mouse game of cybersecurity is never-ending, and as vendors are utilizing the immense power of AI-related technologies, so are our adversaries. Automation has meant an increase in attack number and speed, and is making hacking accessible for non-technical people through automated hacking tools.
Cryptomining Malware Makes Malicious Hackers More Money
Cryptojacking's recent popularity saw many organizations sheepishly breathing a sigh of relief when compared to big trends like ransomware. But while the costs to businesses appear small when compared to ransomware attacks, businesses still lose productivity and online criminals don't need to be as tech savvy to wreak havoc. . Worse, if you are the victim of cryptojacking, it means a threat actor has already compromised your network. While you may be relieved that you aren't the victim of a more urgent damaging form of cybercrime, one very important question remains: what might the threat actor do next?
That question will become increasingly important in 2019 as returns from cryptojacking shrink and threat actors consider more damaging alternatives. Cybersecurity tools are now much better at detecting and combating cryptojacking than ever before, causing many threat actors to reassess whether it's really worthwhile. This could lead to an increase in the number of more malicious tactics in 2019.
The Dark Web's Sinister Underbelly
There's a reason leading cybersecurity companies rarely talk about the dark web: professional threat actors simply don't do business there. Despite a number of high profile cases capturing the public's imagination in recent years, the most dangerous cybercrime professionals know the dark web is heavily monitored by law enforcement.
The biggest threats to businesses and organizations are in the murky world that exists beneath the dark web. Here you will find groups with rigorous operational security, methodical approaches to avoiding detection, and private communication channels. The dark web is too compromised for these highly organized actors and this year will see more damaging cybercrime organized outside of dark web channels.
Organizations Will Continue to Struggle with Cyber Hygiene
Every year, almost like clockwork, companies learn the importance of basic cyber hygiene the hard way. Expensive cybersecurity tools can be effective when used correctly, but if it takes your company weeks to apply patches or if your employees rely on weak passwords, then your organization is still vulnerable to some of the most common and effective threats. Poor cyber hygiene can leave the door to your organization's networks wide open.
Good cybersecurity basics can't guarantee your company will be safe, but they do make life much harder for adversaries.
Nation-state attacks are unlikely to abate this year. State-sponsored hacking is simply too effective to just disappear. Tensions between state actors also look set to increase, which could lead to an upswing in the number of state-sponsored attacks.
Many nation-state cyber-attacks target intellectual property and sensitive business information, but in recent years, state actors have hacked vital infrastructure in brazen ways that seem designed to send a message. With some major global players adopting more boisterous postures, infrastructure hacks are a real threat this year.
Connected Devices and a Growing Need for Standardization
As of last year, there was an estimated 8 billion connected devices in the world with Gartner estimating that IoT devices will grow to 20 billion by 2020. Threat actors now have a larger attack surface than ever before, and it will continue to expand. But worse than the sheer size and scale of the attack surface is the fact IoT device companies are often not giving security enough consideration.
Additionally, a lack of globally agreed IoT security standards makes life harder for security professionals. IoT cybersecurity is such a vast topic that even seasoned security experts could struggle to know exactly what they should be protecting against. A set of globally-agreed standards would give experts and ordinary security professionals a good grasp of how they should be securing all the IoT devices in their business.
But connected devices aren't the only challenges when it comes to security standards. Without standard industry regulations, governments and municipalities are developing and enforcing data privacy regulations as an answer to this growing challenge. As consumer concerns grow about data use, regulations such as GDPR are likely to develop across the globe. The compliance landscape will continue to evolve but will also be more risk based and focused on organizations carrying out their risk assessments and controlling that risk rather than the regulators rolling out a checkbox based approach to assessments.
Where Do We Go From Here?
No prediction is guaranteed, but what we do know for sure is that cybersecurity concerns will continue to pose threats to individuals and organizations alike. While the trends we see can help shape our response plans, organizations should be wary of any "quick fixes" that don't look at security holistically. We know threats and technologies are evolving; we know malicious hackers are adaptive; and we know to outpace the adversary, effective security must be rooted in cyber resiliency and risk management, with a continued focus on the growth and maturity of a security program.
Threat modeling plays an important role in security maturity – collaborating with key decision makers and influencers from across your organization, it provides a strategic way to look at security risks and identify what threats are most likely to impact your business. To kick off the year with the right security mindset, here are a few steps to help you build a mature threat modeling program:
- Identify critical business assets and processes (e.g., intellectual property, blueprints, payment process, customer database, etc.)
- Break down the assets and process by building end-to-end data flows and process flows (from entry to exit)
- Identify 'worst case scenario' threats as a team. Answer the 'What are the different scenarios and how likely are they?' questions. Use reputable threat intelligence to help identify the real threats to your business and their likelihood
- Identify process and technology vulnerabilities and weaknesses (look at people, process and technology). There are a variety of resources to help organizes manage their cyber risk, and Secureworks® has created the Security Maturity Model, a holistic, risk-based, business-driven approach to evaluating cybersecurity maturity based on an organization's unique business operations and risk profile. It combines control requirements from well-known frameworks such as NIST and ISO27001 to create a consolidated model addressing the most critical security domains and capabilities to meet today's risk focused requirements.
- Develop a set of prioritized attack scenarios: combine the threat scenarios identified in Step 3 with the vulnerabilities and weaknesses of your current environment identified in Step 4, into a list of prioritized real-world attacks on your critical assets and processes (MITRE's ATTACK framework could be a value resource in this process.)
- Conduct a risk assessment and begin roadmap development. The attack scenarios developed Step 5 will need to be accepted by the business stakeholders and included in Enterprise Risk Management programs, and further prioritized in the context of the wider business risks. As part of this step you should also look at developing a set of countermeasures and controls to reduce the risks to an acceptable level. Start with the most critical and prioritized risks and work down the list to get to the bottom of your risk acceptance threshold.
- Having a way to monitor the progress of your roadmap and countermeasure implementation is critical to make your threat modeling program a reality, and move it from a theoretical exercise into practice. Use existing initiatives around threat intel correlation, threat detection, threat hunting, incident analysis, response and build use cases that align to your threat models.
- Threat modeling is a continuous process. The threat landscape continues to change and so should your threat models. You should continuously update your data flows, threat scenarios,vulnerability assessments and risk assessments to remain proactive.