Ron Davidson, CTO and Vice President, R&D, Skybox Security, suggests that growth in Indian enterprise comes with new security challenges
January 19 2018: 2017 will undoubtedly be considered as ‘Year of ransomware’, the year when the global security landscape was forever changed by attacks like WannaCry and NotPetya. The havoc caused by these attacks reached far beyond the paltry ransom demand. Hospitals turned away patients. Production lines came to a halt. Nuclear radiation monitoring was disrupted. Cyber events like these were a wakeup call to the brave new world of cyberattacks and how they could reach further into the ‘real world’ than ever before.
But it’s not just ransomware and the threat landscape that have changed. Digital transformation initiatives like the move to the cloud and the increasing convergence of IT and operational technology (OT) have drastically changed networks and expanded responsibilities of security teams tasked with protecting them. These initiatives, for all their business benefits, have caused network complexity to skyrocket — an issue cyberattackers are all too eager to exploit. All the while, the labor force to safeguard against attacks remains stubbornly inadequate.
As we head into 2018, here’s a look at the cybersecurity trends sure to emerge amid the intersection of the most capable threat landscape, the most complex networks and a worldwide —including India — skills shortage:
Hybrid Networks Stretch Attack Surfaces
The attack surface — the total sum of the ways an organization is susceptible to cyberattack — is like a balloon. It expands with the introduction of new attack vectors and attack targets, like extensions into virtual, cloud and operational technology environments. It contracts with the good cyber hygiene and risk reduction. The larger your attack surface, the more likely it is to pop.
To control an attack surface that encompasses hybrid networks and that’s affected by a constantly evolving threat landscape, organizations will need to unify visibility and centralize management. Gaining seamless visibility across physical IT and OT networks, as well as virtual and cloud networks, will give them a holistic foundation on which to build a security program ready to address an agile threat landscape.
While different technologies, processes and teams may be involved to secure various types of networks, attackers don’t pay attention to such divisions. If anything, they exploit these divisions in security management, and simply follow the path of least resistance to reach their intended target, no matter where the attack originates. In 2018, we’ll likely see attackers leverage hybrid network connectivity to infiltrate cloud and OT networks where traditional cybersecurity measures are still being fleshed out.
Ongoing Evolution of Distributed Attacks
While NotPetya was originally dubbed a ransomware attack, seemingly a new iteration of WannaCry, it was pretty lousy at the ransom part. What it and WannaCry demonstrated, though, was the distributed attack model on which modern ransomware relies. It targets as many victims possible, looking for low–hanging fruit, so attacks can be carried out easily and automatically, maximizing the attacker’s ROI. Ransomware is a perfect fit for this model, in that any target can be extorted for payment. Now that the distributed attacks have proven global–reach capabilities, we’re sure to see more mass–scale attacks in 2018.
The good news about the distributed attack model? Cybercriminals sell or share proven attack methods, such as vulnerability exploits, to carry out distributed attacks. Again, this practice gives them a better ROI than developing new, native exploits or exploits for a specific target. It also means a relatively small number of vulnerabilities exploits are being used and reused. If vulnerability management programs can take a threat–centric approach and focus on this subset of vulnerabilities, they’ll have a greater impact on their organization’s security than if they targeted only CVSS critical vulnerabilities.
Security Goes Automated Out of Necessity
As mentioned earlier, networks are growing increasingly complex, meaning that IT security teams must contend with growing amounts of data that needs to be contextualized, analyzed and acted upon. At the same time, the industry is suffering from a worrying talent shortage, which means that there are fewer skilled workers available to manage these issues. This is creating an environment where attack vectors abound, increasing the organization’s risk of attack.
As a result, in 2018 we expect to see a surge in the adoption of automated solutions, particularly for integrated analytical workflows. These can deliver actionable intelligence to security practitioners of what to focus on — such as vulnerabilities posing an imminent threat — what tools are at their disposal to take action and tracking the workflow to ensure tasks are carried out to completion.
The Scales Tip to the Cloud
At present, most firms are in a transition phase, with networks made up of a hybrid of physical, virtual and multi–cloud environments. 2018 is set to be the tipping point, as corporate networks become predominantly or entirely virtual or cloud–based.
Organizations will need to be sure they understand and can support the shared responsibility model of the cloud, in that the cloud service provider is responsible for security of the cloud while the organization is responsible for security in the cloud. The assumption that cloud networks are inherently secure needs to be overcome, and security teams need to have the means to understand how traffic moves into, out of and within cloud networks to put the proper security controls in place.
The importance of automation, as mentioned above, becomes even more important in cloud–networks. The elasticity of clouds makes their security management too much to handle via manual processes. If organizations are aiming for a complete move to the cloud, they need to ensure that security programs are poised to support the approach.
Increased Attacks on Operational Technology
The convergence of IT and OT networks presents several advantages in terms of productivity, ease of management and cost–effectiveness. But it has also introduced new cyber risks to critical infrastructure organizations such as utilities, energy producers and manufacturers that could have very real impacts on uptime, human safety and the environment.
Because of the havoc that can be caused, OT networks have become an attractive target for APTs as well as cybercriminals. In 2017, we’ve seen an increasing trend in the application of IT threats to OT networks, such as ransomware. NotPetya disrupted radiation monitoring systems at the Chernobyl nuclear site, and cost Maersk alone $300 million. WannaCry forced hospitals to turn away patients and brought production lines to a halt
These attacks were just a glimpse of the risks present in the networks we rely on in our everyday lives. In 2018, we’ll see attackers further testing the security of OT, whether for their own financial gain, mayhem or nation–state attacks. Organizations need to wake up to the fact that they need to get a hold of the interaction between these converged networks, their risks, the threats against them and the tools available to secure them.
In May 2018, the General Data Protection Regulation (GDPR) will take full effect, impacting any business with E.U. operations as well as any that process E.U. citizen data. This latter component is still taking some non–E.U. companies by surprise. Organisations late to the preparation game will make for some panic in the first half of the year.
There is a bit of good news, though, in the race to GDPR readiness. First there have been some assurances that if organizations can demonstrate good faith efforts to comply with the new regulation, they will likely see some leniency. If they ignore it, however, they risk fines much larger than the current regulation — up to €20 million or 4 percent of turnover.
The other good news is that if companies are working on cloud transitions and also need to be ready for GDPR, both initiatives require similar prep work. It all starts with visibility. Both from a security and compliance standpoint, organizations need to know what data resides where, the paths around it, the controls in place to protect it and its risks. With this type of foundational knowledge, organizations can implement policies with better accuracy and efficiency and stay abreast of their overall security and compliance status.
Massive Indian Growth Comes with New Security Challenges
For India, there are a good number of large infrastructure projects in the pipeline, such as: large scale government sponsored digitization endeavors; the fostering of smart cities;the “Make in India” initiative; new transportation projects (airports and metro railways);thedevelopment of electronic cities; andthe formation of new banking and finance organizations. These large-scale projects are driving massivegrowth in India,which in turn will drive growth in managed security services.Growth in these areas will also increase IT and OT (operational technology) network size complexity and lure moretargeted attacks. Consequently,Indian organizations (including businesses in the private sector,government and PSUs)willheavily invest in multi-layer security solutions that provide a holistic approach to cybersecurity and can address the complexity of managing risk and protecting against advanced threats on very large, heterogeneous networks.
Skybox arms security leaders with a powerful set of security management solutions that give unprecedented visibility of the attack surface and key Indicators of Exposure (IOEs), such as exploitable attack vectors, hot spots of vulnerabilities, network security misconfigurations and risky firewall access rules.