
Industry executives and experts share their predictions for 2018. Read them in this 10th annual VMblog.com series exclusive.
Contributed by Ron Davidson, CTO of Skybox Security
The Year Cloud Security Begins to Mature
2017 will likely be remembered by its notable ransomware events NotPetya
and WannaCry, which marked a wakeup call to a new age of cyberattacks that
reach further into the ‘real world'. However, it's not just ransomware and the
threat landscape that are undergoing an evolution. Widespread cloud adoption
and increasing IT/OT convergence, among other digital transformation
initiatives, are drastically changing networks and increasingly putting
pressure on the security teams tasked with protecting them.
Considering how the cybersecurity industry is contending with one of the
most capable threat landscapes, a new age of incredibly complex networks and a
worldwide skills shortage, here are my top 5 predictions for 2018:
1. Hybrid
networks stretch attack surfaces even further
Though the networks of today have a combination of different
technologies, processes and teams working to secure them, these divisions mean
very little to attackers. They follow the path of least resistance to reach
their target no matter if it means jumping from the corporate to production
network, physical environments to the cloud. In 2018, we'll see attackers increasingly
leverage hybrid network connectivity to infiltrate networks where fundamental
cybersecurity measures have yet to reach their full potential, such as cloud
and OT.
2. No
end in sight for OT attacks
Critical infrastructure organizations, including utilities, energy
producers and manufacturers, as well as enterprises have been making
considerable efforts in the last couple years to improve OT network security.
That's likely because they're becoming a favorite target of attackers.
Nation-state threats as well as cybercriminals have seen the advantage in
targeting notoriously unsecure and vulnerable OT devices that can't afford to
be taken offline. And because of their connection back to the corporate network,
attackers are applying traditionally IT threats, such as ransomware, to OT.
Both WannaCry and NotPetya, while ransomware on the surface, had enormous
impacts on OT, bringing production lines to a halt, forcing hospitals to close
and even disrupting nuclear radiation monitoring.
It's important to note that attacks like these offer just a glimpse of
the risks present in the networks that communities around the world rely on
daily. In 2018, we'll see this trend continue as attackers dive even further OT
networks for financial gain, nation-state objectives or to simply to wreak
havoc.
3. Cloud
security matures
Currently, most businesses are in a transition phase, with networks comprised
of a hybrid of physical, virtual and multi-cloud environments. 2018 will be the
tipping point when physical networks represent the minority of enterprise
network infrastructure. With this in mind, it's crucial that organizations take
the shared responsibility model of the cloud to heart and bring security management
expectations of the cloud in line with that of physical networks.
To meet this expectation, organizations will need to turn to
intelligently automated solutions to match the agility and elasticity of the cloud.
2018 will likely see an uptick in automation that can better support virtualized
environments.
4. The
distributed attack model thrives
Though NotPetya may have seemed like a poor iteration of ransomware to
many, it demonstrated, along with WannaCry, the distributed attack model on
which modern ransomware relies. It targets as many victims possible, looking
for low-hanging fruit, so attacks can be carried out easily and automatically,
maximizing the attacker's ROI. Ransomware is a perfect fit for this model, in
that any target an attacker can make unusable - through encryption or locking out
actual users - can provide the means for extortion. Now that distributed ransomware
attacks have proven global-reach capabilities, we're sure to see more
mass-scale attacks in 2018.
5. Complex
networks pressure security to go automated
As previously mentioned, the level of complexity characterizing today's
networks means that IT security teams are battling a constant stream of data that
must be contextualized, analyzed and acted upon. On top of that, the cybersecurity
skills shortage plaguing the industry has led to fewer skilled workers
available to implement the right solutions and manage the mounting issues at
hand. This "perfect storm" is effectively creating an environment full of
attack vectors, where organizations could be more vulnerable than ever.
In 2018, we expect a surge in adoption of automated solutions,
particularly for integrated analytical workflows, with the ability to deliver
actionable intelligence to security practitioners.
##
About
the Author
As
CTO of Skybox Security, Ron Davidson brings nearly three decades of experience
to lead R&D and the Skybox Research Lab. His previous role was at Cisco,
where he served as senior director of security research and analytics for the
company's video security business. Early in his career, Davidson belonged to
the renowned IDF Unit 8200, called by Forbes investigative journalist Richard
Behar "Israel's secret startup machine" for cybersecurity companies.