When an organisation is hacked, which statistically it will be, it is necessary to have the tools in place to analyse forensic data, access a full audit trail and take immediate remedial action.
Ransomware has been, and will continue to be, the biggest cyber security threat this year.
Ransomware reaches the boardroom
Ransomware works. Ransomware is agile and without fear of retribution, offers quick riches to anonymous hackers. Ransomware is everywhere and every organisation is a target.
In 2016, ransomware reached the boardroom. This was driven by high profile, painful attacks that thrust senior executives into the front line while they defended their organisation’s often lack of effective cybersecurity, and subsequent loss of business and reputation.
Hackers are also specifically targeting senior executives with ‘whaling-attacks’ – spear-phishing campaigns directed at senior executives who have access to sensitive information like employee or customer data, and may also control large balances in banking and securities accounts.
>See also: The Trojan horse: 2017 cyber security trends
Unfortunately, in spite of this, many IT Managers will still face the challenge of senior executives not fully understanding IT security in 2017, and an ongoing limited IT representation at Board level.
The rise in ransomware has however resulted in new technologies leveraging artificial intelligence (AI) and machine learning being developed.
These technologies are disrupting the endpoint security market and have caught the attention of senior management. AI is a latest Boardroom buzzword.
Next generation endpoint security
A key priority for IT managers will be to implement next generation endpoint security (NGES).
The move from a reliance on signature-based AV, host-based intrusion prevention systems (HIPS), and other traditional endpoint security tools, is being driven by attackers targeting endpoints with malware that traditional AV simply does not detect.
These new services incorporate AI and machine learning, to provide threat prevention, detection, forensics and remediation.
However, with a myriad of new ‘next generation endpoint security’ vendors entering the endpoint security market, plus the established traditional endpoint security vendors (re)badging their offerings as ‘next generation’ organisations will face the cumbersome challenge of navigating through often confusing and contradictory marketing messages.
AI is by no means a ‘silver bullet’, but it is the best option available at the moment. Unlike last year’s buzzword, ‘sandboxing’, still a moderately effective tool, AI will become established as a key part of the IT manager’s arsenal with its proven capabilities.
Expect to also see significant shakeout in the endpoint security industry in 2017, including some key acquisitions by the established heavy-weight traditional vendors such as Symantec, Sophos and Trend Micro.
The human factor
As always, it’s not just about putting the right technologies or services in place. As was seen in 2016, the human factor will continue to take centre stage in the coming year.
With the increase in frequency and sophistication of targeted phishing and social engineering attacks (because they’re cheap, easy and work) it is often individual IT end users who are ‘allowing’ the attacks, be they ransomware or data breaches, to take place.
To counter this ‘weakest’ link in the IT security armoury, organisations of all sizes started rolling out cyber security awareness training and testing programs in 2016.
Organisations quickly realised that a ‘train and forget’ approach was not effective and are instead now turning to services which provide ongoing simulated phishing attacks to keep employees aware and vigilant. The demand for these types of programs will continue to grow throughout 2017.
General Data Protection Regulation
Although not a direct cyber threat, but a compliance requirement to keep personally identifiable data secure, the General Data Protection Regulation (GDPR) comes into force from May 2018.
Organisations will need to prepare for the GDPR throughout 2017. The first step is to inform key decision-makers within the organisation on the impact of the GDPR and conduct a comprehensive information audit to fully understand the organisation’s personal data use and processing.
The three priorities for 2017 are to review:
The legal grounds on which the organisation currently collects and uses data.
The capability of existing IT systems and procedures to meet new individual data protection and access rights, and to invest as needed. Undergoing CyberEssentials compliance will give organisations a head start.
The staffing requirements for data protection compliance. It is already being forecast that there will be a shortage of Data Protection Officers (DPOs) in the UK.
>See also: Top 10 security predictions for 2017
As regards technology, expect to see greater demand for data discovery, classification and tagging services so that organisations can fully understand the data they hold.
Automated governance, risk and compliance (GRC) services will also be in greater demand, as they can help with GDPR surveys focused on the GDPR Articles. Plus combined with data mapping surveys, GRC services can assist organisations in identifying their current posture and compliance with respect to GDPR, and highlighting the steps required to ensure compliance.
Organisations can keep up-to-date with GDPR and UK plans for data protection reforms by regularly visiting the ICO website.
What’s next for them hackers?
Hackers this year will need to defeat NGES. To achieve this, they may aim to incorporate AI and machine learning in their attacks. Plus expect dormant bots to be activated to take action before organisations roll out NGES.
Finally, we’ve just seen a new type of ransomware, Popcorn, with victims being offered the option of passing on the ransomware in lieu of paying in Bitcoin…
In 2017 end user cyber security awareness and vigilance will remain key, endpoints will be secured using the latest AI and machine learning technologies, and organisations will complete their compliance journey to become GDPR-ready.
Selecting the right vendors and partners to work with will be paramount to cut through the technology marketing-hype.
Sourced by Andy Hanson, CTO, Infosec Cloud