This post is part of an ongoing blog series examining “Sure Things” (predictions that are almost guaranteed to happen) and “Long Shots” (predictions that are less likely to happen) in cybersecurity in 2017.
The endpoint security market will experience some dramatic shifts in 2017. Everything from the disposition of the threat actors to the players in the security vendor space to the nature of endpoints is undergoing significant changes. This will most certainly catch many organizations off guard. But there are options for those security professionals who care to prepare for it. In this post, I will outline four changes that security professionals might see in 2017.
Rapid Consolidation in the Endpoint Security Market
According to the research firm Cybersecurity Ventures, there were more than three dozen vendors and startups in the endpoint security market in 2016. For an evaluator or buyer of security products, that’s too many options, too many disparate approaches, and too much confusion – clear signs of saturation in any market.
Investors also seemed to recognize that the endpoint security market is reaching its saturation point: 2016 marked a slowdown in funding of new security startups, compared to 2015. As fewer (new and existing) startups receive funding, those that cannot deliver enough value to buyers in order to gain a foothold in this crowded market will inevitably die out. Others will be acquired by the traditional antivirus (AV) vendors who recognize the need for rapid retooling of their offerings to stay competitive.
As the pace of cyberattacks continues to increase, so does the pace of this market consolidation. Endpoint security vendors will recognize that they must move fast to keep pace with the threat landscape and the market conditions. These conditions will lead to a rapid, Darwinian consolidation in the endpoint security market.
Dramatic Increase in Use of Exploit Kits
Recent research from Unit 42, the Palo Alto Networks threat intelligence team, outlined the three main reasons cybercriminals continue to rely heavily on exploit kits:
- Exploit kits present cyberattackers with a much stealthier option for infecting Windows hosts with malware.
- The exploitation process is automatic.
- Criminals can use exploit kits to essentially outsource malware distribution.
In other words, exploit kits turn cyberattacks into an automatic, outsourced, and scalable operation for criminals. And with the ability to rent access to any number of exploit kits for a few hundred dollars a month, launching an attack with exploit kits is now far more affordable than ever before.
Information security has always been a “cops and robbers” problem. And with exploit kits, the robbers add automation, outsourcing, and scalability to their side of the equation. This is a trend that will certainly continue to escalate in 2017. The security industry, on the other hand, seems only recently to have recognized that it must match those capabilities or risk losing this battle. Fortunately, there are advanced endpoint protection solutions that already offer these automated, scalable prevention capabilities to forward-thinking organizations.
Marked Increase in macOS-based Malware
In March 2016, Unit 42 discovered KeRanger, the first instance of a macOS-based ransomware. Since then, the team has discovered several new types of malware exclusive to macOS. This is not a surprising trend – what’s surprising is that it took so long.
macOS-based systems present cybercriminals with a perfect set of circumstances:
- A false perception of security among end-users: The traditionally low occurrence of security breaches on macOS-based systems may lead users to be far less vigilant about cybersecurity hygiene, despite risks that are similar to Windows-based systems (for example, these systems share many of the same vulnerable applications, such as Adobe Flash).
- A lack of sophisticated endpoint security solutions: The majority of macOS-based systems either have no endpoint security solutions deployed, or they use the same traditional AV solutions that have proven to be ineffective against today’s cyberthreats.
- Increased organizational adoption of Apple’s technology ecosystem (from iPhones to iPad to Mac computers): In a recent research report by Nomura (October 2016 CIO Survey), the firm reported that 42 percent of the CIOs they surveyed “indicated Apple’s products are becoming more pervasive in their IT infrastructure.”
A large and increasing population of enterprise users who practice poor cybersecurity hygiene and do not have automated, sophisticated endpoint security solutions to protect their systems? Sounds like the perfect target for crafty cybercriminals looking for new sources of ransomware revenue in 2017.
Increased Awareness of IoT Security Flaws
The proliferation of the Internet of Things (IoT) is already underway. According to the research firm Gartner, there were an estimated 6.4 billion IoT devices in use in 2016. The firm forecasts that there will be over 20 billion connected IoT devices by 2020. Despite the large number of devices, IoT security still seems to be an afterthought. This is concerning, considering:
- The increased interconnectivity between IoT devices
- The potential for collecting and sharing data among IoT devices and their supporting data services
- The unknown but potentially significant and increasing number of vulnerabilities within the IoT ecosystem
The IoT ecosystem is still in its technological infancy. The extent and the impact of existing security flaws may not be obvious yet because of the limited computing and connectivity capabilities of the devices in use today.
This was very likely the same argument used to justify distributing unsecure systems in the automotive industry – until researchers demonstrated their ability to remotely hack a car traveling at highway speeds in 2015.
As the IoT device counts and capabilities continue to increase in 2017, the inherent security flaws that may have been ignored in the past will become more prominent, complex and unnerving. Organizations that develop, produce, and host these devices must make a concerted effort to integrate security into these devices and the networks they operate in. Being the first organization to deal with the public repercussions of a breach in IoT security is not a “first mover advantage” in any industry.
What are your cybersecurity predictions around endpoint security? Share your thoughts in the comments and be sure to stay tuned for the next post in this series where we’ll share predictions for healthcare.
[Palo Alto Networks Research Center]