Earlier this year, Dr. Srinivas Mukkamala, co-founder and CEO of RiskSense – a leader in risk-based vulnerability prioritization and management spoke at AIOps Expo on Transformative Impact of Data Science on CyberSecurity.
In this talk, Dr. Mukkamala demonstrated how AI can be used to mimic a human hacker and detect vulnerabilities at scale. He explained how this “attacker’s approach” can be used to predict attack susceptibility, validate the exploitability of vulnerabilities, assess if security controls can mitigate imminent threats, and quantify risk based on diagnostic and operational data. Finally, he discussed how this approach can increase cybersecurity resilience.
The following is a guest post from Srinivas:
Willy Sutton famously said that the reason he robbed banks was, “That’s where the money is.” In projecting cyber-security trends for 2020, the best predictor is to focus on where the money is for perpetrators. Cybercrime is a mature industry dominated by large and technically sophisticated criminal syndicates. They behave like every other legitimate business in that their goal is to simply maximize revenue while controlling costs. There is one BIG exception to this rule for 2020, but we’ll get to that.
Five major trends will dominate cybersecurity next year, some are threat oriented while others are inward-looking and focus on defensive measures. Here they are…
Ransomware will continue to be the growth driver in cyber-crime. The reason is simple, it’s the shortest distance between investment and revenue for its perpetrators. Unlike, identity theft, crypto-currency theft, or bank fraud, ransomware is a fast, cheap, and effective method of extracting fees from victims. But ransomware too is showing signs of maturity. The rate of appearance of new ransomware families fell by half in 2019. The reason for this is that the families that did appear were more sophisticated, harder to prevent, and contained better distribution mechanisms.
At the same time, the average ransomware demands have increased rapidly to $36,000 in the second quarter of 2019. But this number really understates the risk as perpetrators have adopted a more sophisticated pricing model which charges larger organizations much higher ransoms to unlock their data. Rivera Beach, FL, for example, had to pay $600,000 to unlock the city records encrypted by a ransomware gang while Korean hosting company Nayana paid $1m to unlock 3,400 hosted websites.
Refusing to pay can cost even more as Norwegian aluminum maker Norsk Hydro learned when they spent $58m in the first half of 2019 to remediate the ransomware attack they experienced in March. The company’s Q1 profit also fell 82% due to production downtime caused by the attack.
The implications for security professionals of these trends are clear. The time has come to move from a strictly defensive posture vis-à-vis ransomware to a more offensive strategy focused on finding and fixing vulnerabilities that can be exploited by ransomware.
Automation and Orchestration
While many organizations (and security vendors) will continue to focus on developing and deploying new detection technologies, progressive enterprises will look for ways to better utilize the tools they already have in place. In most cases this will involve automating and orchestrating common and repetitive remediation tasks to free up security analysts to focus on more sophisticated threats and vulnerabilities. The battle cry from many CISOs in 2020 will be, “Stop giving me ‘actionable data’ and tell how we can take unattended actions that don’t require people.”
Concern for container security will continue to increase significantly and with good reason. With 90% of enterprises currently implementing containers(5), securing these assets is now a top priority. While the prevention technologies like TwistLock, Aqua, and StackRox are important, the ability to map vulnerabilities to individual container assets (static and run-time), which has proven so valuable for securing other parts of the IT attack surface, is sorely lacking. One of the leading security vulnerabilities that will need to be addressed in 2020 is that far too many containers are running with far too many privileges. In these scenarios, if one container is compromised, an attack can quickly laterally across the enterprise IT infrastructure.
As an industry, we invested heavily on identity and access management at the user level, but have not done the same for container and cloud implementations.
Data Supply Chain
It’s no longer sufficient for an enterprise to simply lock down its own infrastructure, since every organization, large and small, relies on a patchwork of third parties for their data supply chain. As such, organizations are not only responsible for protecting their own data but ensuring its security and integrity when used by “downstream” companies. Several large data breaches this year did not involve the enterprises that collected the data, but rather their analytics service provider partners.
My belief is that this phenomenon will drive the majority of big enterprises to insist on data protection and security as part of their supplier contracts and demand transparency from vendors in terms of their security posture and defensive measures.
Next year we can expect to see a range of cyber attacks that will target the U.S. presidential election in much more sophisticated ways than the social media campaigns we experienced in 2016. Several nation states have vested interests in influencing or disrupting the 2020 election and we are ill-prepared to defend against such foreign intervention.
One of the things to keep in mind is that from a data management perspective, the U.S. presidential election isn’t a single data collection and processing exercise. It spans 50 different instances that are independently operated by different teams using different tools and security processes. As it turns out, a bad actor does not have to compromise all 50 election systems to influence or disrupt the election. The outcome of the election will be determined by results in a dozen or fewer swing states. I expect we’ll see significant phishing activity targeting the offices of the Secretary of State and other election officials in these battleground states starting in the spring. Their aim will be to establish undetected beachheads that can be exploited next fall.
Join others with $8.5B+ in IT buying power who plan 2020 budgets! Including 3,000+ resellers!
Feb 12-14, 2020, Fort Lauderdale, FL. Register now.