Virtualization Technology News and Information
SafeBreach 2016 Predictions: Top Security Trends in 2016

Virtualization and Cloud executives share their predictions for 2016.  Read them in this 8th Annual series exclusive.

Contributed by Itzik Kotler, CTO and Co-Founder, SafeBreach

Top Security Trends in 2016

In 2016, we will continue to play a cat and mouse game with attackers. Malware will continue to be more resilient in delivery and operations, while organizations (realizing the challenge of defending against every type of attack) will look to tools and technologies that can help improve the current disparity between speed of compromise speed of detection, and optimize a CISO's ability to understand how best to address attack risks in his/her environment.

Here are the top security trends we expect to see in 2016:

Growth in Attacks Triggered by Third-Parties

Third-party ecosystems and supply chains are a big component of any organization's business. In the cyber threat landscape, we've seen a number of attacks triggered by third parties. This trend will continue in 2016 and take on multiple forms:

  • Compromise via third-party contractors-The ability to provide access (and network or application credentials) to third parties is an essential part of a business but without proper segmentation and understanding of third-party supply chain risks, most organizations will fall prey to attacks from less secure partners. Just like the Target breach where cyber criminals were able to gain access to point-of-sale (POS) systems via a compromised HVAC contractor, compromise via third-parties will increase in 2016.
  • Cloud ecosystem compromise-The cloud era has introduced the use of public-facing programming interfaces or APIs that define how a third-party connects to an application. These services can sometimes be triggered by users without a proper understanding of the security implications. Therefore, even if a particular application, like Google Apps has been evaluated by IT security and approved for use, a user-facilitated enablement of a Google Marketplace application may lead to a compromise.
  • Third-party website plugins-Instead of targeting large websites directly, various attacks have showed how effective it is to target vulnerabilities in third-party advertising companies or content network companies that deliver content to a site. Similar to the cloud ecosystem example, third-party products integrated into a website may not have passed through rigorous security scrutiny required by organizations.

Increased Focus on Offensive Security

Even as organizations throw more money into security solutions, breaches continue to make the headlines. Massive amounts of sensitive data are being exfiltrated out of enterprises, while the disparity between speed of compromise and speed of detection grows.

One of the reasons is because security attacks come from living, breathing adversaries that exhibit specific characteristics. They are thinking outside the box, using sophisticated breach methods and taking advantage of a very collaborative ecosystem. Our traditional security defenses, made out of point solutions (with unique management systems and configurations) make it hard for an organization to discover a multi-vector attack that blends a variety of methods and spans the entire kill chain.

In 2016, organizations will look to tools and technologies that will help them understand the attacker mindset. By thinking like a hacker, organizations can better understand the motivation behind attacks and better defend against them. Offensive technologies and tactics that automate "red team" efforts, or more effectively replicate hacker breach methods will emerge, to keep up with the increasing efficiencies attackers are enjoying. A big emphasis will be on the ability to improve responses and prioritize efforts by either quantifying risks from attacks or pinpointing security controls that require attention.

The Growth Of Containers Will Depend On Security

With the explosion of devops and containers, application development is now not only more agile but more efficient (containers allow more instances than is possible on virtual machines). The challenge is how security teams keep up. In a Dev-ops oriented world, all IT stakeholders' input are brought in earlier and automated for faster development cycles. Similarly, security must be enabled within Dev-Ops but in a way that does not affect the ability for developers to continue to optimize their releases.

The security challenge is that while containers isolate the underlying host from the application, the isolation is not as robust. In fact, the security documentation from Docker states, "Running containers (and applications) with Docker implies running the Docker daemon. This daemon currently requires root privileges." Root privileges is a big no no from a security perspective. The lack of isolation also makes it easier for malware in one container to propagate across all others on the same host.

Vendors like Docker, and container providers like Google cloud providers are enabling more security in their architectures. In 2016, we will also see container security startups and their architectures begin to firm up with innovation in various areas - from the security profile of containers and container monitoring to preventing unauthorized access. The next stage of growth for containers (and enterprise adoption) will depend on security.

Cyber Insurance Market Will Heat Up In 2016

With the number of organizations being hit by cyberattacks, many are turning to cyber insurance to recover the costs of rebuilding after a breach. This number is actually much higher than many would expect. Earlier this year, consulting firm PwC estimated that total annual premiums on cyber insurance will triple to $7.5 billion by 2020.

According to a survey of 276 directors across public companies conducted by Veracode and NYSE, out of the companies that currently purchase cyber coverage:

  • 91% purchased coverage for business interruption and data restoration
  • 54% purchased coverage for expense reimbursement in the case of PCI fines, breach remediation and extortion
  • 52% purchased coverage in the event of employee/insider threat liability
  • 35% purchased coverage against loss of sensitive data caused by software coding and human errors.

Unfortunately, insurance brokerage policies differ greatly without any industry standards or oversight. In addition, many cyber insurance brokers do not have cybersecurity expertise to properly evaluate an organization's risks and IT processes. In 2016, as more companies are attacked, and there is an increase in cyber security liability, more consistent vetting and cyber insurance policies will emerge.


About the Author

Itzik Kotler, CTO and Co-Founder, SafeBreach

Itzik has more than a decade of experience researching and working in the computer security space. He is a recognized industry speaker, having spoken at DEFCON, Black Hat USA, Hack In The Box, RSA Europe, CCC and H2HC. Prior to founding SafeBreach, Itzik served as CTO at Security-Art, an information security consulting firm, and before that he was SOC Team Leader at Radware (NASDQ: RDWR).

Published Friday, November 20, 2015 6:31 AM by David Marshall
The Top 16 Security Predictions for 2016 | OSINFO - (Author's Link) - December 27, 2015 8:27 PM
The Top 16 Security Predictions for 2016 | OSINFO - (Author's Link) - December 27, 2015 8:28 PM
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<November 2015>