New decade, new cybersecurity threats
By Bharat Mistry
Today’s CISOs live in challenging times. The past 12 months have seen the threat landscape shift in increasingly complex and fragmented ways. From the emergence of new technologies and regulatory rules to the ruthless exploitation of weaknesses in critical infrastructure, many of these trends will have a major impact on how IT endpoint security leaders approach not just the coming year, but the next decade.
They will have their work cut out. We blocked over 26.8 billion unique threats in the first half of 2019 alone, with detections of ransomware, BEC, fileless threats and more all up on previous months. But to tackle the threats of tomorrow, we must pull back a little and look at the bigger picture.
Fakers keep faking
One of the most concerning trends of recent months has been the hijacking of AI technology to create so-called “deepfake” content. Think of it as spoofing on steroids: video and/or audio clips doctored to appear as if a legitimate individual did or said something they did not. This technique has already been used to trick a British CEO into wiring €220,000 to a ‘Hungarian supplier’. He thought he was talking to his German boss, only to find out that hackers used AI to mimic the latter’s voice.
We’ll inevitably start to see these attacks catch on as the means to launch them are disseminated via the cybercrime underground economy. Employees are going to have to get better not only at spotting phishing and BEC emails but detecting faked audio and video. Business processes and authentication policies will need to be updated to mitigate the worst effects of the new trend.
Deepfakes not only have profound implications for enterprise fraud, but also state-sponsored attempts to spread misinformation ahead of elections. Even if subsequently a doctored video is proven to be a fake, the reputational damage can be hard to undo.
5G unleashes a tsunami of threats
The coming wave of technology innovation in 2020 will to a large degree ride on the back of newly launched 5G networks. Already rolling out in recent months, the new tech will bring exponentially higher mobile broadband speeds and greater network capacity to support a huge increase in IoT devices. This explosion in corporate-run and BYO smart endpoints will expand the enterprise attack surface at a time when stretched IT security teams are already struggling to maintain visibility and control over their IT assets and mobile device management.
Aside from these corporate IoT patching problems, it’s likely that hackers will try to compromise the networks themselves by attacking the software used to manage them. Software-defined network architectures bring with them many benefits, but unfortunately they also mean organisations will be exposed to software vulnerabilities in the code effectively running 5G.
Much has been said about the potential security threat from allowing vendors from certain countries to supply 5G networking equipment. But the truth is that threats to 5G networks encompass much more than this. Carriers and other stakeholders must build protections in from the start, rather than trying to retrofit them later. Security must be scalable, high performance and ready to work seamlessly in next-gen virtual/software-defined networks.
New rules mean new threats for banks
Financial services is one of the sectors most frequently targeted by cyber-criminals, for obvious reasons. As increasing numbers of lenders make more of their services accessible via mobile applications, the onslaught will increase. New European banking rules known as PSD2, or Open Banking in the UK, will further increase the cyber-attack surface as we head through 2020 and beyond.
The new regulations will effectively enable a whole new wave of fintech innovators to compete for the business of banking customers, with services designed to provide aggregated insight into their finances and other functions such as direct payments from their accounts. Our concerns are that this will increase the opportunities for hackers to phish consumers, pretending to be any one of these companies. Access to banking app log-ins in particular could reap major rewards for them.
There are also fears that many of these fintech players may not have enough resources dedicated to security, and therefore be a target in their own right. Any flaws in the banking APIs used to allow these firms to access bank account information will be ruthlessly exploited.
Ransomware becomes critical
Critical infrastructure (CNI), manufacturing and other organisations running large operational technology (OT) estates represent an acute threat. Not only do they run mission critical services where attacks could have a huge impact on large numbers of customers, but OT is also becoming increasingly exposed as systems gain connectivity. Patching is problematic because many of these systems can’t be taken offline to test fixes, and replacement cycles for machinery can run into the decades. As we’ve highlighted in the past, manufacturers of ICS systems also have a poor track record of releasing security patches.
These organisations are also potentially at risk via their managed service providers (MSPs) and cloud partners. We predict cloud computing platforms in particular will be exposed to an uptick in code injection attacks, either directly or via third-party libraries.
This all makes the sector highly vulnerable to ransomware and extortion-based DDoS attacks as we head into the new decade. The impact could range from production delays to energy outages.
Time to get strategic
There’s no one-size-fits-all strategy to keep organisations safe from the threats listed above. Best practices, of course, go a long way: things like effective patch management, restricted access policies, using encryption software for sensitive data at rest and in transit, continuous network monitoring and reinvigorated employee education programmes.
Don’t fall for silver bullet promises to fix all of these issues in a single product: it simply doesn’t exist. But at the same time, there’s a growing need to consolidate on those providers that can support a connected threat defence strategy from a single pane of glass. Security teams are inundated with alerts from competing tools, making it hard to prioritise the important ones and creating dangerous gaps in protection.
With better visibility comes improved control. Then CISOs can start thinking strategically about how to support business growth in 2020, rather than continuous fire-fighting.