2017 Cybersecurity Predictions: Preparation, Proliferation, Personnel and Protection = A Bumper Year in EMEA

The innovations in today’s digital world continue to advance at a tremendous pace, and 2016 didn’t fail to have its own impact on society. As a hobbyist in remote flight, the introduction of drones to deliver blood and medicines in Rwanda from a Silicon Valley startup was an amazing example of how the Internet of Things can have a hugely positive impact on society. I can’t wait for the completion of the $10 million Tricorder XPRIZE to be announced in early 2017, when fiction is expected to become fact, as a portable wireless device that is anticipated to be able to monitor and diagnose health conditions.

What can we expect in 2017 from a cybersecurity perspective? Personally, I believe 2017 and early 2018 will be the most exciting years in terms of evolving our cybersecurity capabilities as businesses prepare for the May 2018 deadlines imposed by upcoming EU legislation changes. This is a rare opportunity to step back and take stock of our capabilities and validate if they are still fit for their purpose, both for the approaching deadline and thereafter. This is a welcome driver to look to the future as security professionals are often so caught up in enabling the ongoing technology innovations and managing evolving cyber risks.

So here are my predictions for the next 12 months:

1. 2017 is the year businesses need to get prepared for the May 2018 deadline for upcoming EU legislation in the form of the GDPR and NIS Directive.

  • This will mean that businesses finally have to gain control of the mountains of data they have gathered and generated, as well as to understand both the value and risks they create for the business.
  • We can expect some early examples to be made, as the EU looks to ensure that businesses take their digital societal responsibilities
  • Cybersecurity leaders will need to validate that their cybersecurity capabilities are relevant to the risk they face and that they leverage current best practices, referred to as “state of the art,” with clearly documented processes and measures. Too often security experts continue to hold on to legacy practices, perceiving that continuing to do the same things as before is enough; as such, 2017 will be the year for change.

2. Businesses will be vulnerable as they are immobilized by the confusion of what a good next-generation endpoint strategy looks like.

  • With the growing volume of unique attacks, organizations have, for a long time, been looking for new solutions to either complement or replace signature-based approaches. However, with many different, new approaches to choose from, businesses are hesitating for too long while they look for validation to define their future next-generation endpoint strategies. With the growth of ransomware, one instance has become one too many, and now is the time when next-generation capabilities are needed.

3. We will see the cybersecurity landscape continue to change.

  • Ransomware will continue to have business impact. Expect ransomware to target a broader range of platforms and further leverage historical cyberattack techniques, such as APT-style attacks, as those behind them look to increase their profits. While this threat remains lucrative, it will continue to be a focus for attackers, which could distract them from developing threats leveraging other areas of technology.
  • DDoS will refocus on the retail space as retailers become increasingly dependent on online revenue streams.
  • Targeted credential theft will allow attackers to move the attack out of the business network. As more businesses in Europe embrace cloud, credential theft – whether through social engineering or attack – will mean that adversaries have to spend little or no time in the business’s network to achieve many of their cyberattack goals.

4. While senior cybersecurity skills are in reasonable shape, practitioners are in demand, and outsourcing capabilities are not scaled for evolving demands (volume of work, hybrid cloud/on-premise services, incident response, next-generation SOC requirements, training and running AI/big data systems).

  • With the continuing growth of information to draw on in order to prevent and protect against cyberthreats, we can only expect more security events that need to be managed. The scale of security experts has not and will not keep pace; therefore, businesses must rethink how and where human skills should be leveraged in cybersecurity. Today there are too many siloed human-dependent cybersecurity processes that, with evolving best practices, can and should be consolidated and automated. In a market with limited skills, usability and automation should be treated as equally important as capability.

5. Most companies will confirm whether cyber insurance will become a part of their investment strategy and realize that insurers are a valuable point for CISOs wishing to translate and validate risk to senior executives to help better understand their business’s cyber risks.

6. Cross-domain incidents will stop organizations siloing IoT/OT, and business/home systems, and help them start to realize it is actually one, big cyber mesh.

  • It’s likely that essential services will suffer more outages, following the early examples in Ukraine, the recent Mirai bot DDoS attack, and others.
  • In recent years, we have seen more attacks on automotive systems, so attackers inevitably will start to look at moving laterally into other autonomous systems, as they grow in popularity. These may vary from driverless city centers to the Amazon button to the increasing use of drones for commercial businesses.

It will be interesting to see how many of these predictions come true over the next 12 months. If experience has taught me anything, some will have been realized in half that time, while others may take a little longer – and, as always, I’m sure we’ll be thrown a few curveballs. The only near guarantee I can give is that the digital world will continue to have an amazing and positive impact on our lives, and I’m proud to be part of the global cybersecurity community that supports its enablement.

What are your cybersecurity predictions for 2017? Share your thoughts in the comments.

[Palo Alto Networks Research Center]

Support Design Should Begin at the Start

Everyone can think of a moment when they have experienced a problem with goods or services. Everyone can also think of a moment after the problem that…wait for it (drumroll)…there was poor customer support or no support at all.

So where does the disconnect between an enterprise’s strategic objectives and its failure in the eyes of the customer begin? Could this failure have been avoided from the start?

Here’s how it happens:  Oftentimes an enterprise reviews its strategic plan, which is a process that often generates new ideas and a new focus on how to achieve its objectives. A critical factor in achieving these objectives is IT. As part of this effort business cases are created and reviewed with due diligence and care, focusing on risk analysis, costing and other key planning issues. Approvals are given at various levels, and once the green light is reached, we then develop the product/service/upgrade, with implementation to follow.

Imagine that all of the above stages are completed and the enterprise has just successfully launched a new service to customers through its digital channel. The product is marketed well and it is disruptive, so this results in huge demand from customers. At this point it may seem that all is well and good; however, as with all things, problems are going to occur and customers (internal/external) will be affected.

This is where the true test begins and where many enterprises fail because proper support systems were not put in place at the start. There are several reasons why this can occur, including a lack of foresight at the beginning, a focus on being first to market over competition, improper resource analysis, a lack of training, a poorly developed service level agreement (SLA) or no SLA review.

Just as security and risk are key considerations, proper support mechanisms should be considered when implementing your enterprise IT governance structure since this is a form of risk mitigation in itself. You can implement the most state of the art IT infrastructure that strategically aligns with your enterprise’s objectives and delivers super-fast service; however, if there is no support for the 100 percent certainty that something will go wrong, then all becomes useless. Design your framework so that failures are welcomed and not left to chance.

Ammett Williams CCIE, CGEIT, Telecommunication Team Leader – First Citizens, TT

[ISACA Now Blog]

3 Fundamentals for Secure Cloud Adoption

Organizations must concentrate on a prevention-focused security architecture for cloud deployment — designed to stop threats across all potential attack vectors.

The key questions to consider when adopting cloud services include:

1. Who’s really responsible for our data?
You. In public cloud environments, as the data owner, you’re responsible for your data — not the cloud service provider (CSP). And although the CSP will secure the underlying infrastructure, the safety of your applications and data is your responsibility. So you need a consistent security posture.

2. Who has access to our applications and data?
A role-based access policy can help mitigate the risk of data loss. Although the CSP will have authorisation messages in place, it’s important you decide who should have access and whether additional assurance is required.

3. What happens if there’s a security breach?
What kind of support will the CSP give if there’s a breach? It’s important to know this before launching a cloud strategy.

Understanding the risks, and the challenges is a vital first-step as your organization moves to make the most of the cloud. Get your copy of our new whitepaper with BT Security, “Securely Enabling Cloud Adoption” and start your next conversation.

[Palo Alto Networks Research Center]

2017 Cybersecurity Predictions: Financial Sector Attackers Exploit Cracks in Blockchain Technology

This post is part of an ongoing blog series examining “Sure Things” (predictions that are almost guaranteed to happen) and “Long Shots” (predictions that are less likely to happen) in cybersecurity in 2017.  

This year saw some notable cybersecurity events in the financial services industry, including thefts from a number of SWIFT (Society for Worldwide Interbank Financial Telecommunication) member banks and from malware-infected ATMs in Asia. As we look ahead to 2017, I predict that we’ll see the following cybersecurity trends in the financial services industry.

Sure Things

  • Growing Adoption of Public Cloud – The financial services industry is the final frontier for public cloud computing. After years of saying it will never happen due to information security concerns, the industry has slowly warmed up to the use of the public cloud. Both Amazon Web Services (AWS) and Microsoft Azure already publicize a number of financial institutions as customers. Many organizations have been testing, evaluating, and conducting proofs-of-concept in 2016 with a critical eye on appropriate cybersecurity practices. A significant number of these institutions will finally adopt the public cloud for computing workloads in 2017. Initially, these may include applications that handle less sensitive data. Although there are still pockets of resistance out there in the financial services industry, they are definitely getting smaller. The appeal of agility, scalability, and cost-benefits offered by public cloud computing is irresistible, especially when security can be architected into the solution instead of bolted on.
  • Common Use of Multi-Factor Authentication (MFA) – As we saw with the recent fraudulent transactions at several SWIFT member banks, legitimate login and password credentials were somehow stolen and used to initiate fund transfers. This basic authentication technique is prone to compromise and allows account takeover (ATO) attacks. Financial institutions will finally take note and adopt more robust MFA techniques – at least internally for critical applications and sensitive data, and certainly for privileged accounts, such as root, administrator. Although not all MFA techniques are created equally, any form will create another hurdle that the cyber adversary cannot easily clear. MFA techniques are based on presenting evidence – at least two of the following:
    • Something you know (e.g., login/password, PIN)
    • Something you possess (e.g., one-time password token, mobile phone)
    • Something you are (e.g., fingerprint, retina scan)

Long Shots

  • Broad Implementation of Zero Trust Networks – Forrester Research first introduced the Zero Trust (ZT) model in 2009, but as of the end of 2016, implementations are still not widely seen. Conceptually, the information security value of restricting traffic to only known, legitimate flows between various portions of the network is difficult to refute. Any malicious activity will then be constrained by the nearest segmentation gateway.  However, the challenges with the ZT model include: difficulty in completely identifying the legitimate traffic patterns (both initially and in perpetuity); necessary cooperation across multiple disciplines (e.g., IT, security, business); and the potential for business disruptions, especially in brownfield environments. In spite of this, financial institutions will warm up to the idea of ZT for their networks and take some big strides in 2017. This will start off with pockets of network segmentation that limit traffic to/from more sensitive portions of each environment. These efforts will limit the exposure and restrict lateral movement after a compromise. In the end, it will be a question of how far down the ZT path a financial institution will go within its own network.
  • Blockchain Opens Another Attack Vector – There continues to be significant buzz regarding blockchain technology within the financial sector. Blockchain is certainly bigger than Bitcoin and is a distributed ledger technology that is being considered for payment processing, trade settlement, virtual wallets, etc. In addition to start-ups, traditional financial institutions are actively working to understand this technology and the potential impact on their organizations. Some of the benefits include greater expediency as well as reduced costs for cross-border payments, securities trading, and settlement as a result of cutting out the intermediaries. Other benefits include greater transparency and audit trails for compliance officers, auditors and regulators. Even with the best of intentions in mind, early financial industry adopters of this technology will create another attack vector, despite the inherent mechanisms for cryptography and immutability. Vulnerabilities in nascent implementations of blockchain technology will be discovered by malicious actors who will exploit them in an effort to compromise the security and confidentiality of financial transactions in 2017. This provides a segue to the next prediction.
  • Better Results from Coopetition – FinTech start-ups continue to challenge financial institutions for a share of their customers’ wallets. FinTech brings lower costs and innovative approaches to a segment of the banking and investing population. However, they often lack brand recognition, access to a large customer base, and experience with regulatory matters. On the other hand, traditional financial institutions clearly have those qualities, but often lack the agility and capacity for innovation. Traditional financial institutions are trying to embrace cloud computing to remove some of the drag, and some have even launched their own (autonomous) FinTech units. Others have embarked on collaborative efforts with FinTech companies as a means to marry the core competencies of both sub-sectors. This approach may very well be the best path to innovative solutions in 2017, which are industrial-grade in terms of scalability, enterprise architecture, cybersecurity, etc. Ultimately, this will provide lower cost financial products or services and improved customer experiences, but with safety, soundness, and regulatory compliance fully baked in.

What are your cybersecurity predictions for the financial services industry? Share your thoughts in the comments and be sure to stay tuned for the next post in this series where we’ll share predictions for EMEA.

[Palo Alto Networks Research Center]

Traps Earns CRN Product of the Year Award for Endpoint Security

Today is a big day for Palo Alto Networks, our partners and the momentum we’ve achieved in advanced endpoint protection. We are very proud that Traps has been recognized by CRN as the overall winner for endpoint security in CRN’s 2016 Products of the Year.

Traps is our advanced endpoint protection product and an important part of our next-generation security platform. This award validates our unwavering commitment to innovate and lead with our channel partners.

Not only did we win Product of the Year in Endpoint Security, we swept the category. And the best part: For the first time, the award is based on channel partner feedback, further underscoring the strength of our Traps channel momentum.

CRN’s coveted Products of the Year awards are given to standout products and services that represent “best-of-breed” technological innovation (Traps v3.4) backed by a supportive channel partner program (NextWave Traps Specialization). A panel of CRN editors selected five eligible products as finalists in each of the 17 different product categories. Then, CRN fielded a survey of targeted solution providers comprised of partners representing the finalist vendors. The survey asked the partners to score their experiences in the following three areas:

  • Technology – product quality and reliability, richness of product features/functionality, technical innovation and compatibility, and ease of integration
  • Revenue and Profit – demonstrated ability to drive new revenue, resulting profit margins, and demonstrated ability to attach services revenue
  • Customer Demand – demonstrated ability to meet a market or customer demand; demonstrated ability to create new customer relationships or improve existing ones

Traps not only received the highest overall score in the Endpoint Security category but also received the highest score in all three areas. To sweep such a highly competitive category, based on channel partner feedback in a market that is at an inflection point, is a huge achievement for the entire company.

Palo Alto Networks was built on market disruption. We thrive on making the previously impossible, possible. And we are ready to do it again in the endpoint market. The situation is simple: Legacy antivirus point products can no longer protect against today’s advanced cyberattacks. With Traps our partners can deliver advanced endpoint protection against both known and unknown threats.

If you aren’t already one of the 75 NextWave Traps Specialized partners worldwide, here are a few reasons – from the past month alone – as to why you might want to reconsider:

  1. Effective November 1, 2016, server pricing was reduced to align with workstation pricing.
  2. On October 6, 2016, we introduced a deal registration discount boost for NextWave Traps Specialized partners. Traps Specialized partners will receive a 5 percent boost for standard deal registration pricing and a 3 percent boost for non-standard pricing.
  3. On October 4, 2016, Coalfire Systems confirms that organizations in the financial and healthcare sectors can replace legacy antivirus endpoint products with Traps to help prevent cyber breaches while remaining compliant with PCI and HIPAA/HITECH standards.

Finally, in addition to sweeping the Endpoint Security category, our Next-Generation Security Platform, specifically the PAN-OS 7.1 updates, earned the subcategory win in technology in the Security-Network category.

Our channel mission is to build an ecosystem of next-generation security innovators with the coverage, capacity and capabilities to elevate our leadership position in the security market. Channel partner recognition of our Next-Generation Security Platform for its superior technology is a key initial step to achieving our channel mission.

A special thank you to our partners for recognizing our efforts in both the Endpoint Security and Security-Network categories. Let’s use this recognition to our advantage and continue to break away together.

 

 

[Palo Alto Networks Research Center]

English
Exit mobile version