Virtualization Technology News and Information
Tenable 2018 Predictions: The Year Your MRI Gets Hacked

VMblog Predictions 2018

Industry executives and experts share their predictions for 2018.  Read them in this 10th annual series exclusive.

Contributed by Renaud Deraison, Co-founder & CTO of Tenable

2018: The Year Your MRI Gets Hacked

Beware Medical IoT

In 2018, we will see the first medical IoT hack leading to stolen data. I can imagine an MRI machine or a sonogram being hacked, and scans, alongside patients' personal informations, being leaked to a public forum.

DevOps goes mainstream

IT is shifting from a "means of production" to the "heart of the production." Companies previously used IT as an accelerator to do their job, but, with every company being a software company, this dynamic is shifting. Fortune 500 will now embrace DevOps not just for pet projects, but for projects that are core to their businesses.

The agility and recruiting power of DevOps really draws a lot of companies to it, and it enables companies to be more competitive. This means elastic computing and containers, two integral components of DevOps, will see an acceleration in adoption in 2018. Unfortunately, this also means that the risk of a break-in has moved from "some employees get spied on" to "everything has been stolen."

Industrial Security gets overdue attention

The high profiles attacks of 2017 acted as a wake up call, and many plant managers now worry that they could be next. In 2018, industrial manufacturers themselves will drive a cooperation with the security industry to provide security themselves, not only because they're more aware of threats to their systems, but also because of impending government scrutiny.

This differs from IT/IoT, where security vendors go to market themselves as a layer on top of IT (for example, a vendor that provides an antivirus that layers on top of Windows). You can't buy a $2.3 billion power plant only to slap another $50K of security on top of it, so suppliers must provide a secure plant in the first place, meaning they will turn to the ecosystem of security companies to fill that need. As a result, third-party companies operating on their own will stay in a niche market

IoT (consumer IoT in particular) will continue to be an unorganized mess

Today's IoT ecosystem has multiple categories of devices. If you organize them by lifetime --  your typical car or phone has a lifetime of less than 5 years on average, but your light switch has a lifetime of 10, 20 or possibly 30 years -- you find that the devices with shorter lifespans are built by companies with great software talent that push secure devices out of the gate because it's easier to build secure devices in a closed ecosystem. However, companies that build long term devices do not have IT experience and often hack something together in a manner that's not maintainable in the long term.

What this all means is that, in 2018, IoT devices will continue to get great security on one side and horrible security on the other. There will continue to be no common APIs, no minimum security requirements, and no guaranteed minimum lifetime. In spite of vendors like Google and Apple trying to push clean, unified APIs, many vendors with less computer science expertise will continue to push connected devices with security levels rivaling the ones from the late 90s.


About the Author

renaud deraison 

Renaud Deraison is chief technology officer of Tenable. Prior to co-founding Tenable, Renaud redefined the vulnerability management market by authoring Nessus, the world's most widely deployed vulnerability scanner, with over one million downloads.

Renaud is author of three patents related to network scanning and security, and has published his work in books and magazines. He is a member of the editorial board for the Common Vulnerabilities and Exposures Organization. In 2013, he received the Ernst and Young Entrepreneur of the Year Award for defense and security, together with Ron Gula and Jack Huffard.

Published Friday, November 10, 2017 7:44 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<November 2017>