
Virtualization and Cloud executives share their predictions for 2016. Read them in this 8th Annual VMblog.com series exclusive.
Contributed by Itzik Kotler, CTO and Co-Founder, SafeBreach
Top Security Trends in 2016
In
2016, we will continue to play a cat and mouse game with attackers. Malware
will continue to be more resilient in delivery and operations, while
organizations (realizing the challenge of defending against every type of
attack) will look to tools and technologies that can help improve the current
disparity between speed of compromise speed of detection, and optimize a CISO's
ability to understand how best to address attack risks in his/her environment.
Here
are the top security trends we expect to see in 2016:
Growth in Attacks Triggered by
Third-Parties
Third-party
ecosystems and supply chains are a big component of any organization's
business. In the cyber threat landscape, we've seen a number of attacks
triggered by third parties. This trend will continue in 2016 and take on
multiple forms:
- Compromise via third-party contractors-The
ability to provide access (and network or application credentials) to third
parties is an essential part of a business but without proper segmentation and
understanding of third-party supply chain risks, most organizations will fall
prey to attacks from less secure partners. Just like the Target breach where cyber criminals were able to gain access to
point-of-sale (POS) systems via a compromised HVAC contractor, compromise via
third-parties will increase in 2016.
- Cloud ecosystem compromise-The cloud era
has introduced the use of public-facing programming interfaces or APIs that
define how a third-party connects to an application. These services can
sometimes be triggered by users without a proper understanding of the security
implications. Therefore, even if a particular application, like Google Apps has
been evaluated by IT security and approved for use, a user-facilitated enablement
of a Google Marketplace application may lead to a compromise.
- Third-party website plugins-Instead of
targeting large websites directly, various attacks have showed how effective it
is to target vulnerabilities in third-party advertising companies or content
network companies that deliver content to a site. Similar to the cloud
ecosystem example, third-party products integrated into a website may not have
passed through rigorous security scrutiny required by organizations.
Increased Focus on Offensive Security
Even
as organizations throw more money into security solutions, breaches continue to
make the headlines. Massive amounts of sensitive data are being exfiltrated out
of enterprises, while the disparity between speed of compromise and speed of
detection grows.
One of the reasons is because
security attacks come from living, breathing adversaries that exhibit specific
characteristics. They are thinking outside the box, using sophisticated breach
methods and taking advantage of a very collaborative ecosystem. Our traditional
security defenses, made out of point solutions (with unique management systems
and configurations) make it hard for an organization to discover a multi-vector
attack that blends a variety of methods and spans the entire kill chain.
In
2016, organizations will look to tools and technologies that will help them
understand the attacker mindset. By thinking like a hacker,
organizations can better understand the motivation behind attacks and better
defend against them. Offensive technologies and tactics that automate "red
team" efforts, or more effectively replicate hacker breach methods will emerge,
to keep up with the increasing efficiencies attackers are enjoying. A big
emphasis will be on the ability to improve responses and prioritize efforts by
either quantifying risks from attacks or pinpointing security controls that
require attention.
The Growth Of Containers Will Depend On Security
With the explosion of devops and
containers, application development is now not only more agile but more
efficient (containers allow more instances than is possible on virtual
machines). The challenge is how security teams keep up. In a Dev-ops oriented
world, all IT stakeholders' input are brought in earlier and automated for
faster development cycles. Similarly, security must be enabled within Dev-Ops but
in a way that does not affect the ability for developers to continue to
optimize their releases.
The
security challenge is that while containers isolate the underlying host from
the application, the isolation is not as robust. In fact, the security documentation from Docker states, "Running containers (and applications) with Docker implies
running the Docker daemon. This daemon currently requires root privileges." Root privileges is a big no no
from a security perspective. The lack of isolation also makes it easier for malware
in one container to propagate across all others on the same host.
Vendors like Docker,
and container providers like Google cloud providers are enabling more security in their architectures. In 2016, we will also see
container security startups and their architectures begin to firm up with
innovation in various areas - from the security profile of containers and
container monitoring to preventing unauthorized access. The next stage of
growth for containers (and enterprise adoption) will depend on security.
Cyber Insurance Market Will Heat Up In
2016
With
the number of organizations being hit by cyberattacks, many are turning to
cyber insurance to recover the costs of rebuilding after a breach. This number
is actually much higher than many would expect. Earlier this year, consulting firm PwC estimated that total annual premiums on cyber
insurance will triple to $7.5 billion by 2020.
According
to a survey of 276 directors across public companies conducted by Veracode and NYSE, out of the companies that currently purchase cyber coverage:
- 91% purchased coverage for business
interruption and data restoration
- 54% purchased coverage for expense
reimbursement in the case of PCI fines, breach remediation and extortion
- 52% purchased coverage in the event of
employee/insider threat liability
- 35% purchased coverage against loss of
sensitive data caused by software coding and human errors.
Unfortunately,
insurance brokerage policies differ greatly without any industry standards or
oversight. In addition, many cyber insurance brokers do not have cybersecurity
expertise to properly evaluate an organization's risks and IT processes. In
2016, as more companies are attacked, and there is an increase in cyber
security liability, more consistent vetting and cyber insurance policies will
emerge.
##
About
the Author
Itzik Kotler, CTO and
Co-Founder, SafeBreach
Itzik has more than a decade of experience researching and
working in the computer security space. He is a recognized industry speaker,
having spoken at DEFCON, Black Hat USA, Hack In The Box, RSA Europe, CCC and
H2HC. Prior to founding SafeBreach, Itzik served as CTO at Security-Art, an
information security consulting firm, and before that he was SOC Team Leader at
Radware (NASDQ: RDWR).