Virtualization Technology News and Information
Core Security and SecureAuth 2018 Predictions: What Can 2017's Cybermistakes Teach Us About What to Expect in 2018?

VMblog Predictions 2018

Industry executives and experts share their predictions for 2018.  Read them in this 10th annual series exclusive.

Contributed by Chris Sullivan, SVP, Information Security Office, at Core Security and SecureAuth

What Can 2017's Cybermistakes Teach Us About What to Expect in 2018?

In today's connected world there are too many devices and too many networks to protect and cyber criminals are more sophisticated than ever. The 2017 threat landscape proved that no one is immune to cyber attacks. But can we take the cybersecurity mistakes made in 2017 to better arm ourselves for a safer 2018? There is hope. Organizations that take a comprehensive and holistic approach to security and the ability to monitor identity, access, authentication, threat, network detection and response and vulnerabilities have the best chance at combating whatever new threats attackers throw at them in the coming year. Below, the Core Security experts weigh in on what we can expect in 2018 and what C-level teams need to be thinking about in order to successfully navigate today's complex cyber environment.

Protect yourself from insider threats

Organizations need to protect themselves from the inside out. Stephen Newman, head of products and strategy at Core Security, predicts that insider assisted threats - when a malicious threat actor or accomplice has trusted access to an organizations information, processes or security practices - will continue to expand. Company loyalty is diminishing, healthcare costs are skyrocketing, companies are no longer participating in 401K matching and companies are sending more and more jobs overseas, creating more reasons for an employee to be enticed by a threat actor.

"Traditional malware and vulnerabilities/exploits are becoming more difficult to hide - at least inside advanced companies that have valuable data to protect," says Stephen Newman. "This is driving threat actors to other means of accessing confidential data. With so much of our personal lives out in the open on social media or due to other hacks, threat actors will blackmail employees into helping them."

Just like ransomware is holding individuals hostage, we anticipate that with the level of personal information exposed, some industrious bad guys will start using the data against the individuals, creating the perfect storm for an inside job.

Will IoT ever be secure?

Probably not, according to Bobby Kuzma, Security Researcher at Core Security. There are too many devices to protect, creating an easy environment for even the most unsophisticated criminal. "IoT security will continue to suck. Everyone will complain and nobody will be able to do anything about it," he says.

Fight the good fight

In light of recent breaches, many organizations are changing their networks and trying to implement a "Zero Trust" way of thinking, which requires thorough authentication before granting access to any networked resource. Carefully planning out a "Zero Trust" model is the right approach, says Stephen Newman. "To stay one step ahead in today's dynamic threat landscape, organizations need to be strategic and forward-focused, instead of focusing just on what hurts."

And it's not just security leaders who need to change their way of thinking. The government needs to redirect its focus in regards to cybersecurity policy in 2018. We're going to see a shift in the concept of digital identity. "The concept of credit scoring is going to have to fundamentally change," says Newman. "Virtually everyone now is exposed, so we need a new system."

Organizations who will successfully (and securely) navigate through 2018 will have a 365 view of their security posture, not only looking at traditional network, endpoint, and vulnerability information but also working to substantially reduce threat discovery and response time.


About the Author

chris sullivan 

Chris Sullivan, SVP, Information Security Office, at Core Security and SecureAuth

Chris Sullivan oversees all aspects of Core's security principals, strategy and posture, and the overall technology strategy across business lines and partnerships. In addition, Chris helps drive CoreLabs, a center for cyber security research and innovation, which maximizes collaboration between developers and cyber defenders across all security domains. Previously, Chris held positions as General Manager of Core Security's Intelligence/Analytics business, and VP of EMEA Operations, Advanced Solutions, Customer Solutions and Professional Services. He also serves as Chairman of the Access Risk Benchmarking Committee for ISACA and is a frequent speaker at industry conferences including the European Identity Conference, the Gartner Catalyst Conference, the MIT International Science and Technology Initiatives (MISTI), the IT GRC Forum, and the ISACA ISRM conference. 

Published Monday, January 15, 2018 7:25 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<January 2018>