
Virtualization and Cloud executives share their predictions for 2016. Read them in this 8th Annual VMblog.com series exclusive.
Contributed by Wolfgang Kandek, CTO of Qualys
Survival of the Secure-est
2015 was another huge year for data breaches. We saw cyber
attacks go up in both number and in the scale of data affected; and yet, this
past year is only a training session for 2016. In the upcoming year, IT teams will
be forced to deal with more data, more devices, more patterns and as a result,
more threats. Adding to this risk will be the continued rise of the Internet of
Things (IoT), which adds huge numbers of devices to IT networks, as well as the
ever-limited supply of skilled security professionals. Below I'll dive into my
top line security predictions for 2016, as well as how organizations can be
best equipped for the threats to come.
IoT and an
all-connected world
IoT has already added huge numbers of devices to IT
networks, meaning that we are confronted with more security and event data than
ever, making it harder to find the relevant bits. In addition, there is the new
concept of personal IoT, where new network devices are introduced in a person's
own environments, eventually connecting to an organization's networks. These devices
all come with their own vulnerabilities. We've already seen examples of this in
fitness
trackers and teapots.
The most basic way to limit attacks through personal IoT
reach is to have a guest network for these devices where end-users can connect
freely. This prevents bleed-over from IoT to an enterprise network and
eliminates these additional attack vectors. Also, use features such as access
point (AP) isolation to make sure that devices are sheltered from each other and
encourage users to keep their corporate machines off the guest network.
Moreover, in 2016, I suspect that overall automatic patching
will eventually come to IoT as we are already seeing the impact of not
preparing for these scenarios - take Jeep's
latest headlines, for instance, and contrast that with those of Tesla. The advantages
of automated patch rollouts have been visible in the phone ecosystem for years.
It's only a matter of time before the "Internet of Cars" (along with all other
"things") picks up the same pace.
Continued security
skill shortage
Despite growing concerns over cyber security, in 2016 we
will continue to see a shortage of skilled security personnel. Companies will
be forced to cross train their employees and engage with outside providers for
security training such as the SANS Institute and others.
In addition to local training, cloud computing is the best
way to lessen this shortage. By shifting to cloud computing, such as running an
enterprise resource planning (ERP) system in the cloud, the majority of
security processes (i.e. OS patching, DB patching, secure OS/DB configuration,
etc.) will be automatically handled. IT can then focus on high-level issues such
as account creation and access control.
Even more attacks,
but not through mobile devices
Contrary to what some IT security vendors may be predicting,
I do not see mobile being the next big security target of 2016. While they have
their issues, iOS and Android are immensely better than traditional computing
endpoints when it comes to commercial malware. On the client side we will continue
to see PCs and laptops being the primary targets, offering attackers the
greatest return on investment.
At Qualys, our data analytics see drive-by exploits and vulnerabilities
taking center stage in 2016. Exploits and malicious toolkits or exploit-kits are
already on the rise for drive-by attacks, which have become the de facto choice
for infecting large numbers of machines. In addition to applications like Flash
and Java, which are currently targeted, we will see an increase in attacks on
legacy browsers such as Internet Explorer.
So how can organizations stay ahead of increasingly
sophisticated cyber attacks? Current security solutions are a patchwork of
often incompatible technologies, where organizations have piled technologies
one on top of another, each addressing one specific threat. It is time to
reorganize and protect all endpoints on premise or on the Internet. Organizations
need to adopt a continuous view of their assets and their security. I see the
use of multiple technologies converging in a single platform as the only
logical choice, where active scanning and mobile agents bridge all environments
into a coherent picture.
Best of luck out there!
##
About the Author
Wolfgang Kandek, CTO
of Qualys
As the CTO for Qualys, Wolfgang is responsible for product direction
and all operational aspects of the Qualys platform and its infrastructure.
Wolfgang has over 20 years of experience in developing and managing information
systems. His focus has been on Unix-based server architectures and application
delivery through the Internet. Prior to joining Qualys, Wolfgang was Director
of Network Operations at the Online Music streaming company myplay.com and at
iSyndicate, an Internet media syndication company. Earlier in his career,
Wolfgang held a variety of technical positions at EDS, MCI and IBM. Wolfgang
earned master's and bachelor's degrees in computer science from the Technical
University of Darmstadt, Germany.
Wolfgang is a frequent speaker at security events and forums
including Black Hat, RSA Conference, InfoSecurity UK and The Open Group.
Wolfgang is the main contributor to the Laws of Vulnerabilities blog.