2016 will see an increasing number of attacks and the emergence of new targets; the complexity and sophistication of attacks, initiated by increasingly capable and technically well-equipped cyber criminals, will continue to rise. This, according to security analysts and consultants at OpenSky, a TÜV Rheinland company, will be the IT world in the coming year. What are the consequences for decision-makers in the IT security sector?
In a world where 100% protection can't be achieved, every organisation, no matter its size, is a target. "The most important thing is to anticipate such attacks with threat intelligence and establish solid security incident response processes so that operations can be kept on track despite an attack or can be resumed as quickly as possible after an attack," says Olaf Siemens, Executive Vice President ICT & Business Solutions at TÜV Rheinland.
The nine trends below reflect OpenSky's view of 2016's developing cyber threat - and recommended actions to combat attacks.
1. Cybercrime becomes easier and more lucrative.
Cybercrime continues to mature and industrialise - it is becoming professional. Malware toolkits are available as cybercrime products with after sales support, and capabilities like 'Distributed Denial of Service' (DDoS) are available as volume priced cloud services. Increasingly these types of products and services can be obtained free of charge. This is an unavoidable trend which organisations can face only by acknowledging it, being proactive, and taking proportionate measures to protect themselves.
2. The Internet of Things fuels the emergence of new attack vectors.
Attacks on connected cars, connected medical devices, and connected critical infrastructure have all hit the headlines in the recent past; and this is just the tip of the iceberg. The Internet of Things is proving to be a treasure trove for hackers. When developing networked devices, manufacturers are still placing more value on features than on security. "Security by design" must become an integral factor in development so that innovations win over increasingly security-conscious users.
3. The cloud forces new and emerging operating models.
Widespread transition to the cloud continues and new operating models are arising, but companies and the public sector remain responsible for keeping their business and customer data secure. It is therefore essential to integrate robust incident response structures into the cloud strategy. Part of the answer will be encryption, ensuring data is encrypted before it enters the cloud and, that the accountable-organisation, not the cloud provider, manages the encryption keys for themselves. Solid IT governance practices will be required to ensure that, during the transition, an organisation's IT infrastructure continues to support and enable the achievement of its corporate strategies and objectives.
4. Information security moves beyond classic compliance.
The good news is that, after years of checkbox compliance - which doesn't keep an enterprise safe - organisations are beginning to focus the necessary resources on information security and risk management. This focuses on the company's values, risks and measures, and goes beyond simply complying with regulatory requirements. Where generated data is stored and how it is aggregated is becoming increasingly relevant when evaluating risks. In the future, elements such as risk management, business continuity planning and enterprise architecture will be linked even more closely with each other.
5. Mounting pressure for adequate data protection and security defines public debate.
Increasingly, existing standards of the cyber security-world will need to adapt to the current threat situation. At the same time, governments are being called to account for their need to have ever more intrusive access to citizen data as a component of cyber strategy designed to defend their country. For example, the EU will continue to evolve and tighten its data protection act, in light of the recently repealed safe harbour regulation. This upcoming reform will keep data protection and security a topic of interest.
6. Incident response is becoming a daily undertaking for all businesses.
Traditional 'defence in depth' approaches to information security are no longer effective where attackers are using Zero-Day exploits and Advanced Persistent Threat (APT) techniques. Existing signature-based anti-virus products still have their place, but at best as a hygiene factor. Security incidents are no longer the exception – they are happening every day. Organizations hoping to detect an APT at an early stage will need to build (or acquire) the capability to access and analyse vast amounts of data. This requires the use of experts and professional tools.
7. Organisations will increasingly rely upon Managed Security Services (MSS).
The complexity and sophistication of today's cyber threats is a challenge for the majority of IT security teams. The demand for Managed Security Services (MSS) will continue to grow in order to deal with personnel and technology bottlenecks. MSS allows for needs-based expert support for timely problem-solving and the use of innovative technologies.
8. Industrial Control System (ICS) security becomes more relevant.
As part of Industry 4.0 with Machine to Machine (M2M) communication, increasing networking and an increasing "softening" of the perimeter security, companies must close open attack vectors, and learn to understand how office IT and networked production IT should work together in the defence against attacks.
9. Cyber Threat Intelligence (CTI) becomes essential for information security.
Identifying emerging methodical and technological trends in the field of cybercrime as early as possible and analysing their level of criticality can help companies to optimise their own cyber security defence. This is why the demand for cyber threat intelligence (CTI) specialists is growing. These specialists have thorough analytical knowledge in the fields of cybercrime, cyber activism and cyber espionage.