The shift to use public clouds to support digital transformation has created the biggest and most urgent security problem CSOs face. Business applications from web analytic platforms and domain name services, through apps stores and marketplaces, to mission critical ERP will all come under more intense fire as hackers look for a way in, motivated by greed, a social cause or politics. In fact, I and many of my fellow security experts, will not be surprised if there’s a successful cloud attack of such scale in 2019 that every business will be forced to re-evaluate their use and security.
One of the biggest contributors to this prediction is the current global cyber landscape. It’s a boom time for hackers and Nation State activity will most certainly capitalise on it. Organised groups will create widespread disruption, either as solo endeavours for profit or in conjunction with armed conflicts.
And we should expect that communications systems, the backbone to life and trading, will be an ongoing target. I anticipate we will see attempts to bring about multi-million dollar loses and should expect more governments to be embarrassed, shamed and manipulated, as well as face physical disruption to internet services in 2019 too.
That clearly has repercussions for anyone using the cloud and should be prompting a review of how secure and stable the cloud and telecoms provisions are.
The reality is that hackers are continually automating their attacks making them more complex, and more lethal. In this environment, moving applications to the cloud is actually making people less secure, not more, since the attack surface is even greater. But it’s not going to stop companies from doing it – the cloud is now an imperative for agile computing and business.
All the time we do adopt cloud computing, the cyberattack surface is growing; multiple clouds running applications with different configurations and security vulnerabilities. Radware sees attacks on cloud apps every six seconds.
More investment in security solutions isn’t something the board can dispute. We must mitigate the risk. Investment is definitely needed to turn the cloud from the Wild West to a secure environment for business.
Of course, the reason we use the cloud is because it unlocks so much of the promised potential of IoT devices. But that too brings concern and based on developments we’ve seen on the dark web, it leads me to predict that we’ll see more attacks that harness the power of IoT to create swarmbots and hivenets to launch larger more efficient attacks.
In the case of swarmbots hackers will turn individual IoT devices from ‘slaves’ into self-sufficient bots, which can make autonomous decisions with minimal supervision, and use their collective intelligence to opportunistically and simultaneously target vulnerable points in a network.
Hivenets take this a step further and are self-learning clusters of compromised devices that simultaneously identify and tackle different attack vectors. The devices in the hive can talk to each other and can use swarm intelligence to act together, recruit and train new members to the hive.
When a Hivenet identifies and compromises more devices it will be able to grow exponentially, and thereby widen its ability to simultaneously attack multiple victims. This is especially dangerous as we roll out 5G as hivenets could take advantage of the improved latency and become even more effective.
So which way should you turn when it comes to securing the enterprise next year? Well firstly start with the fact that anyone who is forewarned is forearmed, and so understanding these risks is a shot in the arm. If you’re adopting IoT, moving more applications to the cloud or find yourself reliant on your cloud provider for security then stop and ask yourself where’s the weak link? If your service provider is hit, are you? And what if a supplier is hit – are you the next domino to fall?
The next thing to consider is what type of attacks are you likely to encounter and if you close the gaps will you be resilient? As part of this, I’d recommend you note the dirty dozen on attack types – the top 12 most likely methods hackers will use.
#1. Advanced persistent threat or APT
#2. Organised cyber crime
#3. Ransom
#4. DDoS Groups
#5. Hacktivists
#6. Patriotic hackers
#7. Exploit kits
#8. Trojans
#9. Botnets
#10. Insider threats
#11. Defacements
#12. Consumer tools
Next is to work out the technology you’ll need to automatically detect, mitigate and defend in real time. Much is spoken of AI in the fight against cyber attacks. I agree, it’s a weapon we must have. But it can’t be replied upon exclusively – not just yet. There is still much work to do until we can do that, and besides there is no substitute for a human making good critical decisions and planning ahead.
So if there’s one thing I urge you to do, it’s not to rely solely on technology. It is to also ensure your team know about the dirty dozen, understand the consequences of decisions they or other parts of the business make and put in place a plan that enables technology and human intelligence.
I believe it is an under utilised weapon in the fight against cyber crime and we must invest in both the technology people will use and the skills they need to use it intelligently if we are win the war.