2017 will be a year filled with twists on existing security challenges and undoubtedly filled with a few new surprises. As the year kicked off, we asked Tushar Kothari, the Attivo Networks CEO, to make five predictions for the New Year. Here’s what he believes:
1. POS malware breaches will increase.
It may appear that the number of breaches of retailers and the customer records being stolen is reducing. This in fact is a misnomer. The number of breached records is reflecting as lower only because less information is being disclosed on the number of records being stolen and since the attacks are shifting their focus on different segments, retail to travel to restaurants.
Attackers are also moving downstream and focusing more on smaller retailers and businesses as there are more of them and they have less sophisticated IT infrastructure. The core problem around Point of Sale (POS) breaches also remains largely unaddressed. There are still thousands of POS systems that are not running any form of anti-virus software because they are running on older Windows XP operating systems and there is a “trust” relation system with asset management servers. With one compromise to the asset management system, malware can be distributed un-noticed to POS terminals in mass. With this compromise, attackers can also open communications to continue to update new variants of malware, commands, and exfiltration of data. This is an extremely high risk vulnerability that can go undetected for months to years before the breach is discovered. Also, with the increased use of the TOR network and the value of data being sold on the DarkWeb commanding from $5-$30 per stolen credit and debit card, the incentive to continue to attack POS systems will remain high.
2. The ratio of detection and prevention budgets will change, with more money going to detection. Additionally, budgets will begin to have specific allocations for advanced threat detection.
As breaches continued this year, more CISOs started to consider more budget allocation to detection systems so attackers inside the network could be identified and stopped. Historically more than 75% of InfoSec technology budgets are spent on preventative solutions and their maintenance. However, a recent survey by Pierre Audoin Consultants among 200 decision makers showed they expected to spend 39 percent of their of their IT security budget overall on detection and response within two years. Gartner has also come out projecting that by 2020 60% of security budgets will be allocated for rapid detection and response approaches.
3. Deception technology will enter the mainstream for advanced threat detection.
The shift from Intrusion Detection and Prevention stand-a-lone solutions to inclusion in Next-Gen Firewalls will continue and a new category of Advanced Threat Detection solutions will emerge to close the gap for detecting signature-less or unknown attacks, in-network lateral movement, insider and stolen credential attacks. Deception technology will be a preferred solution for Advanced Threat Detection. Gartner has called out deception as an automated responsive mechanism representing a sea change in the capabilities of the future of IT security. They have stated that deception is the most advanced approach for detecting threats within a network and acknowledged it as a top 10 security trend for 2015, 2016, and we predict again for 2017.
4. The number of days before hidden attacks are discovered will decrease.
According to a variety of sources, malware continues to go undetected within companies for months—with some detections occurring after as many as 200 days. With more emphasis on detection technology, there will be a decrease in dwell time and an increase in the number of breaches being detected by the companies by their internal teams, whereas, historically, only 1 in 5 breaches are detected internally. I predict by the end of 2017 that this number will increase to 50% of all breaches being detected internally by customers, enforcement agencies, and other interested 3rd parties.
5. There will be an increased focus on improving incident response speed and efficiency.
Vendors will continue to collaborate in sharing information and on integrating their solutions enabling the sharing of data and to provide security teams with a single source for the collaboration of attack information. Collaboration will allow teams to see real threats they might have missed on their own based on a partial view of threat activity throughout the network. Operational efficiency will be increased significantly, providing better detection, quick remediation, and more effective incident response at the time of attack.
It will be exciting to see how the year unfolds and how these predictions turn out. We at Attivo, hope that everyone is off to a very happy and prosperous new year!