Industry executives and experts share their predictions for 2018.  Read them in this 10th annual VMblog.com series exclusive.

Contributed by Roy Katmor, CEO, enSilo

2018 on the Horizon: How Attacks will Reshape the Cybersecurity Market

This year saw massive attacks and breaches. We expect nothing less in 2018. What needs to change most, however, is the industry's response to the continuing barrage of threats and what that means in the cybersecurity marketplace. While vendors continue to develop new tools and technologies, few are bringing to market solutions that make real, material impact. Security teams are still vexed by the lack of qualified operators while relentless attacks continue to face the enterprise. As a result, expect to see a shift in positioning of security service providers while the cream of the vendor solution market rises to the top. Here are the trends that will shape cybersecurity in 2018:

The cost of disruption continues to skyrocket

WannaCry and NotPetya ransomware hit a number of industries in an unexpected wave of attacks.  Many people think that WannaCry was an attacker's "test run", but it still took down 85% of Telefonica, one of the largest private telecommunications companies in the world.  WannaCry is a representation of how a cyber attack can all but destroy a company's operations by paralyzing things like hospital, communications and transportation systems, going beyond the usual malware goal of simply stealing data.  Following the trajectory of ransomware and similar data-wiping attacks, we predict increasingly destructive incidents will occur that critical infrastructures - an event that could thrust the cost of disruption to astronomical levels.

Extortion and damage-motivated attacks will continue to target industries that attackers believe will pay out to restore operations and cut losses. Organizations with high uptime requirements necessitated by laws or competition are prime targets - think hospitals, banks, telecommunications firms and cloud providers.

Ransomware will advance in distribution methods causing an even greater surge than what we saw in 2017.  Ransomware is good business for attackers these days and will continue to be financed by its victims - consumers and enterprises alike.

Moreover, attackers will start to leverage new fileless techniques to bypass security measures that have caught up to more "traditional" attacks.  Disruption will continue to occur, costing thousands to billions of dollars in loss of operation.

The preferred methods of attack will change

Fileless attacks will capitalize on novel exploitable surfaces like Powershell  and Metasploit.  Additionally, code injection methods such as AtomBombing and Process Doppelgänging, are other recently discovered critical weaknesses that will need to be addressed with high-priority. These novel attack methodologies will undoubtedly cause a seismic shift in the future threat landscape.

As this happens, fileless attacks will become increasingly common. Designed to function completely within the memory of a system and leave no evidence, these attacks open up victims to a Pandora's Box of malicious behavior that typically go undetected. Fileless attacks usually occur for an extended amount of time prior to the targeted victim identifying the attack.

Similarly, expect that code injection methods, which leverage operating systems with the ability to bypass conventional security methods, will continue to be found in the wild. Also, don't be shocked when malware bypasses written in Linux binary impact Mac systems that doesn't know how to inspect for this kind of exploit.

The good news is that exploitation mitigation is getting better and vulnerability exploits are only getting more costly for attackers. The bad news is that you will likely see an even greater increase in social engineering-based attacks and fewer vulnerability exploits as a result.

SOC teams will be flooded by targeted indicators origin DDoS attacks

Around 79% of security professionals report being overwhelmed by the inundating number of threat alerts they are faced with. Alert fatigue plagues the industry and is a difficult problem to manage on most enterprise security platforms. There are a number of other issues at play that negatively impact the marketplace today.

Security operations center (SOC) operations are hindered by the lack of talent and the number of security experts available to fill their teams. Incident Response teams can't prioritize among the barrage of alerts and threats. Response times for legitimate critical alerts go unnoticed resulting in outages and downtime. Dwell time is increasing and it's unsustainable.

In 2018, we predict to see SOC and incident response teams completely weighted down with targeted indicators origin DDoS attacks, aiming to completely paralyze the incident response processes, camouflaging other backchannel attacks. As a result MSSPs will accelerate their adoption of a model more akin to incident response focused services a.k.a. Managed Detection and Response (MDR) services. Leaders and service providers in the industry will be forced to look past indicator based alerts - what most security teams do in a day is the opposite of an efficient solution.

Instead of focusing the time and resources of an entire SOC team on hunting potential breaches in real time, following methodologies that don't work and the constant triage of doubtful indicators of attack/compromise, there is much more power and value that can be gained by an on-demand team focused on advanced detection and aggressive real-time response. Following the MDR model, if the right operators are armed with the right tools, a combination of automation and orchestration capabilities aligned with pre- and post-infection real-time protection measures, enterprises will save on personnel costs while maintaining a significantly more secure and manageable environment.

##

About the Author

Roy Katmor is a 15-year seasoned product manager and security market strategist, combining strong technical knowledge with proven sales and marketing skills. Prior to enSilo, Roy led Akamai's security strategy. Before that, he managed Imperva's data security products and architecture management. Additionally, Roy held various product management and R&D leading roles at several international public and privately-held companies. Roy holds a BSc in Information Systems from the Technion, Israel Institute of Technology, and MBA in finance and business strategy from the Hebrew University.