Simon Eid, Country Manager, Splunk ANZ
Almost a quarter of Australian organisations deal with security breaches that interrupt their business on a monthly basis. This is according to Telstra’s 2016 Cyber Security Report, which also revealed this unnerving figure has more than doubled since 2014.
As the fourth industrial revolution creates a new wave of data to be gathered and stored, Australia’s threat landscape is also rapidly expanding. Phishing email scams, critical breaches and data leaks are becoming the new norm. Today, companies, government agencies and individuals are in a race against the clock to find ways to outsmart their online adversaries.
With this in mind, it’s time to look beyond traditional security solutions, to data protection and recovery. Here are our top four predictions on what will create this year’s biggest waves in cyber security:
1. Internet is a Critical Infrastructure
DDoS attacks like the Australian Census outage and the Mirai botnet powered on Dyn have proven that the Internet is more vulnerable than we dare to think.
To ensure systems stay online at all times, we’ll see more organisations focusing on detection over prevention. A good example is the University of Adelaide. Looking for a way to more quickly recognise and respond to attacks, the university deployed a data-driven, enterprise security solution. This saves their IT team hundreds of hours per year in security analyst time, by automating log search and providing faster insight into potential threats. In addition to identifying the initial problem, the solution correlates the associated data and remediates the issue before it becomes a significant threat.
This shift in mentality – understanding what you need to detect, not only preventing attacks – has been in the works for years, but 2017 is the year the industry will start to turn over a new leaf.
2. More Focus on Machine Learning, Behavioural Analytics and Adaptive Response
The aforementioned attacks prove that hackers have refined their art, and are outpacing security defenses. To combat this, more organisations are adopting an analytics-driven approach to security, leveraging machine learning and enabling adaptive response. This encourages automating retrieval, sharing and response in multi-vendor environments. In 2017, we expect to see a rapid increase in the adoption of both.
Machine learning based solutions will become more mainstream in 2017 as organisations become quicker and smarter at responding to threats. An example of this is behavioural analytics. This allows security teams to apply more data and automation techniques to monitor and verify identities, API requests, machine-to-machine interactions and signal anomalies that could be a threat.
3. Internet of Things (IoT) will be the Favoured Vector of Cyberattacks
Telsyte expects the Australian ‘IoT at home’ market to climb to $3.2 billion in 2019 when an average household will have 24 Internet-connected devices compared to nine in 2015.
As ‘IoT at home’ is only a section of the rapidly expanding IoT market, it’s crucial to note the security pitfalls these devices can pose not only to their owners but to external organisations as well.
Backdoors in IoT systems may provide hackers a gift – millions of unprotected gateways into IT infrastructure. Large enterprises are facing hundreds of millions of automated attacks per day, and IoT growth is likely to increase this figure exponentially. The proliferation of IoT devices and its lack of maturity in security design will demand better strategy in enterprise topology, network zoning and operational intelligence.
4. A Ransomware Marketplace is Emerging
This year we’ll see ransomware being commoditised in dark web marketplaces, as cybercrime syndicates around the world cooperate to establish structure and a value chain for ransomware tools.
In effect, this marks a fast growing underground industry on the dark web in which the makings of cyberattacks can be bought and sold, and profit reinvested to better the tools to generate even bigger returns.
To combat this, enterprises are seeking dynamic resources for real-time intelligence that help detect ransomware threats. But it’s also crucial companies identify their risk tolerance to place the highest security around their most valuable assets. This will increasingly help prevent the propagation of ransomware and enable companies to put ‘bodyguards’ around the most critical assets.