Tis the season for cybersecurity predictions, and here’s the latest: Offensive and defensive measures will start to be used together, as technology advancements like machine learning make new approaches possible. And this will evolve even as cybercrime becomes smarter and more sophisticated.
According to Richard Greene, CEO, Seculert, prediction will emerge as the new holy grail of security. Up until 2014, the cybersecurity industry considered prevention to be their sole objective. Sophisticated enterprises then began to complement their prevention strategies with detection technologies to get the visibility on their infrastructure they lacked. In 2016, prevention will emerge as a new priority with machine learning becoming a key tool for organizations that want to anticipate where hackers will strike, he said.
This will come against the backdrop of adversaries getting smarter.
“Common cyber-criminals will no longer be the most common threat,” he said in an email. “Sophisticated criminal gangs with modern organizational models and tools will emerge as the primary threat. Besides being well-funded, these attackers have the luxury of time on their side, so they’re able to develop more advanced techniques not yet anticipated by the cyber-defense community.”
Because of this, global governments have also come to realize they must have both cyber-defense and cyber-offense capabilities. Public sector hackers will rarely attempt the kind of attack we saw in Ukraine this year, but we can expect a growing number of state v. state reconnaissance attacks as cyber “armies” research the strengths and weaknesses of their opponents.
So, money is no longer the sole motivator.
“Rather than hacking for just for financial gain, in 2016 we’ll see cybercriminals infiltrate to cause physical damage,” Greene said. “Hacktivist groups have already proven they are not motivated by money, but rather by a cause. When money is no longer the motivator, infrastructures, priceless artifacts and more are put at risk.”
Greene also predicted that enterprises will be more vulnerable than ever as the internet of things expands the attack surface. It’s just a matter of time before you discover the Fitbit on your wrist or the thermostat connected to your Wi-Fi can be used as the starting point to penetrate corporate and government networks,” he said. So, the CISO of the future will have a new and expanding role.
“Their responsibilities will shift from managing tedious work cycles on uncovering, analyzing and reporting threats, to an elevated role where they must think proactively and strategically to ensure the greater enterprise can achieve its strategic goals,” Greene concluded.
Photo © Anneka