Today's CISOs are living in challenging times. Over the past 12 months, the threat landscape has changed in increasingly complex and fragmented ways. From the emergence of new technologies and regulatory rules to the ruthless exploitation of critical infrastructure vulnerabilities, many of these trends will have a major impact on how IT endpoint security leaders approach not just the coming year, but the next decade.
They will have their work cut out for them. In the first half of 2019 alone, we blocked more than 26.8 billion unique threats. We detected ransomware, BEC, fileless threats and more compared to previous months. But to tackle the threats of tomorrow, we need to step back a bit and look at the bigger picture.
One of the most disturbing trends in recent months has been the hijacking of AI technology to create so-called "deepfake" content. Think of it as spoofing on steroids: video and/or audio clips doctored to look like a legitimate person is doing or saying something they're not. The technique has already been used to trick a UK CEO into wiring €220,000 to a "Hungarian supplier". He thought he was talking to his German boss, only to find that hackers had used AI to mimic the latter's voice.
Inevitably, we will start to see these attacks coming as the means to carry them out spreads through the cybercriminal grey area. Employees will need to improve their skills not only in detecting phishing and BEC emails, but also in detecting fake audio and video messages. Business processes and authentication policies will need to be updated to mitigate the worst effects of the new trend.
Deep interference not only has a profound impact on corporate fraud, but also on state-sponsored attempts to spread misinformation before elections. Even if the fake video is subsequently proven to be false, the reputational damage will be hard to undo.
The coming wave of technological innovation in 2020 will rely heavily on newly launched 5G networks. Already being introduced in recent months, these new technologies will bring exponentially higher mobile broadband speeds and greater network capacity, enabling a massive increase in the number of IoT devices. This explosion in corporate and BYO smart endpoints will increase the enterprise attack surface at a time when overburdened IT security teams are already struggling to maintain visibility and control over their IT and mobile device management.
In addition to these enterprise IoT patching issues, it's likely that hackers will try to compromise the networks themselves by attacking the software used to manage them. Software-defined network architectures bring with them many benefits, but unfortunately they also mean that organizations will be vulnerable to vulnerabilities in code that works effectively on 5G networks.
Much has been said about the potential security risks of allowing vendors in some countries to provide 5G network equipment. But the truth is that the threats to 5G networks encompass much more than that. Carriers and other stakeholders need to build in security from the start, not try to upgrade it later. Security must be scalable, high-performance and ready to work seamlessly on next-generation / software-defined virtual networks.
For obvious reasons, financial services is one of the sectors most targeted by cybercriminals. As more and more lenders increase the availability of their services via mobile apps, the onslaught will grow. New European banking regulations, known as PSD2 or Open Banking in the UK, will further increase the cyber attack surface in the period up to 2020 and beyond.
The new regulations will effectively allow a whole new wave of fintech innovators to compete for the business of banking customers, with services designed to provide aggregated insight into their finances and other functions such as direct payments from their accounts. The concern is that this will increase the chances of hackers targeting consumers by pretending to be one of these companies. In particular, access to banking app logins could greatly benefit them.
There are also concerns that many of these tech-savvy players may not have enough resources dedicated to security, and thus not be an end in themselves. Any flaws in the banking APIs used to allow these companies access to bank account information will be ruthlessly exploited.
The acute threat is to critical infrastructure (CNI), manufacturing facilities and other organizations that operate large operational technology (OT) estates. Not only do these organizations provide critical services where attacks can have a huge impact on a large number of customers, but as systems gain connectivity, OT becomes increasingly vulnerable. Patching is problematic because many of these systems cannot be taken off the production line to test equipment, and machine replacement cycles can last for decades. As we have highlighted in the past, ICS vendors also have a poor track record of releasing security patches.
These organizations are also potentially at risk through their managed service providers (MSPs) and cloud partners. We anticipate that cloud platforms in particular will be vulnerable to uptick in code injection attacks, either directly or via third-party libraries.
This all makes the sector highly vulnerable to phishing and ransomware-based DDoS attacks as we enter a new decade. The consequences can range from production delays to power outages.
There is no one-size-fits-all strategy to keep organizations safe from the threats mentioned above. Best practices go a long way, of course: effective patch management, restricted access policies, the use of software that encrypts sensitive data at rest and in transit, continuous network monitoring and lively employee education programs.
Don't be fooled by the silver bullet promises to fix all these problems in one product: it simply doesn't exist. But at the same time, there is a growing need to consolidate those vendors who can support a combined single pane of glass threat defense strategy. Security teams are inundated with alerts from competing tools, making it difficult to prioritize the important ones and create dangerous gaps in protection.
With better visibility comes better control. Then CISOs can start thinking strategically about how to support business growth in 2020, instead of constantly putting out fires.