2017 provided the industry with new revelations about today’s cyber threat landscape and the best practices necessary to combat malicious activities. However, contrary to what many believe, we aren’t regularly seeing the development of more sophisticated threats; instead – as we’ve learned from hacks like WannaCry – a common bad actor will most likely use a known vulnerability to activate a cyberattack. Given how accessible known vulnerabilities are to both organizations as well as hackers, it is critical to have good cyber hygiene as the foundation of an enterprise to prevent hackers from taking advantage of a weak link and exploiting a given vulnerability before it can be patched or updated.
Unless organizations adopt stronger cyber hygiene best practices and mitigate risk appropriately, in 2018, we will likely continue to see the same types of threats prey on networks. However, the stakes are much higher today as there is more at risk, hackers now have the tools to compromise not only sensitive networks, but also critical infrastructure. It’s no longer just about data being stolen, it’s about line of business and knowing what operational technology an organization has before a breach can negatively affect its bottom line and impact the company where it really hurts – critical business operations, safety and revenue.
As we look into 2018 and beyond, we asked ForeScout executives and experts for their thoughts about the cybersecurity issues that will keep CISOs/CIOs and security teams up at night. The responses were a bit frightening yet eye opening, and even a bit doom and gloom at times – from nation-state attacks to compromised critical infrastructure and even disruptive cyber fraud. Below reveals what we foresee could happen next…
… From Pedro Abreu, senior vice president and chief strategy officer
Disruptive fraud that hurts profits and cyber insurance bankruptcy. Major Securities and Exchange Commission (SEC) fraud will likely happen, leveraging cyber misinformation or disruption of business that leads to missing revenue numbers. Bad actors who commit cybercrime will take a short financial position in a company or set of companies, and then use cyber actions to disrupt their financial results, affecting their results in a negative way and resulting in a stock drop. Cybercrime actors will profit by shorting the stock and exiting quickly afterwards. This could be done using misinformation or weaponizing the IoT botnet Reaper.
I also anticipate that we are on the brink of experiencing a major cyber insurance fail. It only takes one major cyber event to happen that will impact one or multiple companies to create a cyber insurance liability that’s big enough to put big insurance companies at risk of failing. Although cyber insurance is growing at a huge pace (35% growth in 2016 and expected to grow 20%+ a year for the next five years), companies have little experience with assessing potential payout costs and some of them are over investing in these type of policies, hence they are getting too much risk in their books that they’ve not appropriately hedged. Warnings have been issued, but my estimate is that something big will happen in 2018 that will put one of these insurers at risk of going bankrupt.
… From Matt Hartley, regional vice president of Civilian Agencies, Special Programs & Systems Integrators
A cybersecurity shift in mindset. In 2018, it will likely be revealed that many of the cyber intrusions of recent past were actually nation states, not individual criminals or hacktivist groups. With a revelation of nation states, cybersecurity thinking will shift dramatically from a presumption of greed or criminal motivations to more sinister motives from well-resourced, patient bad guys. This trend would affect product and MSSP markets most immediately. Additionally, many sensitive organizations (primarily governments and FISERV) would re-evaluate and implement plans to isolate themselves from the global internet, resulting in a steep increase of “air-gapped” networks. Lastly, while efforts may fall short, there will likely be legislation, research and focus on a more secure internet over the coming years to help mitigate these threats.
… From Ayelet Kutner, vice president of engineering, Innovation Center
OT cyberattack that ruffles calm waters. My crystal ball is telling me…
As some organizations are slow to adopt IoT/OT security solutions, in 2018, we may see an attack on a large operational technology (OT) network – and it won’t necessarily be sophisticated – but it will be enough to significantly disturb normal business operations of an electrical company, water facility, etc. Or, impair an organization’s ability to provide services, get paid by their customers, or a similar consequence in the US or EU. It may be brute force or a DDoS attack.
… From Julie Cullivan, senior vice president of business operations and chief information officer
Self-healing cybersecurity solutions. In 2018 and beyond, we will likely start to see delivery of security services that can self-remediate, AKA self-heal, when there is an issue. Currently self-remediation refers to a user being given step-by-step instructions on how to remediate an issue. In the future, if an issue is detected, technologies will automatically complete the steps to remediate the security issue without any humans being involved. Of course, artificial intelligence (AI) and machine learning (ML) will be critical to delivering these types of services.
… From Jon Connet, senior director of corporate strategy, Business Development
The first IaaS breach, the rise of cyber-physical threats and pervasive encryption. We’ll likely see the first major data breach of an infrastructure-as-a-service (IaaS) vendor, as attackers and threats will continue to follow the data and money. The rise of cyber-physical threats will drive explosive growth in the cybersecurity insurance market. We will see progress on cybersecurity becoming a board-level issue, especially in the industrial space. Additionally, encryption will likely become increasingly pervasive in the corporate and consumer world, but advances in quantum computing may start to erode the effectiveness of traditional encryption approaches at the nation-state level.
… From Bob Reny, principal systems engineer
The intensity level for hacks will continue to rise. We’ve seen a major credit organization hacked… and, I expect moving forward the intensity of these hacks to only increase. Sadly, we may see someone harmed or killed because of rogue code on an IoT device, making it the first death by a remote hack. I also expect to see a change in how artificial intelligence (AI) starts to interact with people. Chat Bots will become aware and start stealing data.