It was another year of frustration for enterprise security organizations as attackers continued to penetrate high-profile organizations and steal massive amounts of personal information, headlined by the 143 million records pilfered in the Equifax Inc. breach. Big data analytics and machine learning presented some intriguing possibilities to change the defense posture from prevention to detection, but there’s also the possibility of actually escalating the battle. Here’s what we can look forward to in the coming year, in the latest in a series of 2018 technology industry predictions by SiliconANGLE’s staff and other experts.

A machine learning arms race

Most experts now agree that traditional perimeter-based prevention tactics are no longer effective. Chances are that attackers have already breached the walls and are lurking inside the network, waiting for their opportunity to strike. That makes machine learning-based detection particularly interesting. With the shortage of skilled security professionals growing, machines can be taught to look for patterns that indicate suspicious activity, eventually evolving to do so better than humans. That could ease the burden on security operations centers, which are overwhelmed with false alerts. The problem is that the attackers have machine learning, too. They’ll tune their technology to confuse or mislead the models being used by the good guys. The result could be a stalemate, or even a dangerous escalation if attackers can use the technology to create mayhem on a larger scale.

How others see it

• Intel Corp.’s McAfee security division “expects that researchers will reverse-engineer an attack in the next year that was driven by some form of machine learning.” Uh-oh.
• Adam Hunt, chief data scientist at RiskIQ Inc., agreed that machine learning could escalate the battle. “Machine learning models will need to evolve quickly to keep up with these threats by incorporating instance-based approaches,” in which new problem instances are compared with instances that have been stored in memory, he said.
• But the march to machine learning-based approaches is inevitable, according to Varun Badhwar, chief executive of cloud threat defense company RedLock Inc. “In 2018, we will see the end of traditional compliance scanning tools,” he said. “They will be replaced by artificial intelligence-driven approaches that are constantly learning about the environment and pinpointing anomalies.”

Data protection: The big exhale

Make no mistake: The European Union’s General Data Protection Regulation should be taken seriously. But by most accounts, fewer than half of the organizations affected by the new privacy and security rules will be ready for GDPR by the May 25 deadline. Enforcing a law that nearly everyone breaks is next to impossible, so the EU will focus on a few prominent miscreants and make an example of them. It will let the vast majority of small offenders go. It’s also unlikely that regulators will enforce the onerous penalties of charging violators 4 percent of global revenues for a single violation. Such an over-the-top fine is sure to spark lawsuits that further tie up regulatory resources. “Everything about the current regulations is based on the seriousness of the breach,” said Darron Gibbard, chief technical security officer at Qualys Inc. and former head of risk and information security services at Visa Europe Ltd. “I’m a firm believer that there would have to be a similar approach.”

How others see it

• The growing popularity of so-called “multicloud” strategies will create new complexities for companies in regulated industries, said Vince Lubsey, senior vice president of innovation at Virtustream Inc. “One challenge will be customers’ ability to view and manage security risk and compliance across all of the environments they have to manage,” he said. “Today that’s mainly a manual effort.” Not surprisingly, Virtustream has a solution.
• GDPR will be a shot in the arm for security budgets and the quality of cloud security, in particular, said John Considine, general manager of cloud infrastructure services at IBM Corp. “Enterprises will double down on taking security measures to ensure their cloud apps protect personal data,” he said. “Cloud security services will become more sophisticated with encryption capabilities, AI integration and security that works seamlessly across public, private and multicloud environments.”

Ransomware grows up

Image: Flickr CC

Distributors of ransomware are realizing that they set their initial sights too low. Extracting four-figure ransoms from individual users is no longer worth the effort, particularly since people are becoming more savvy about backup and protection. The new focus will be on using ransomware tactically to disrupt entire organizations and to extort large sums from wealthy individuals. “Internet of things” devices present a tempting new attack surface, since their security is often weak to nonexistent. Expect high-profile attacks to attempt to take down entire factories or utilities by compromising legacy equipment. Organized crime and rogue governments will also get in on the action.

How others see it

• Retailers are natural targets, said Kevin Watson, CEO of Netsurion LLC. “We believe enterprising cybercriminals will target both large and small retailers with ransomware attacks to force large, immediate payments to restore operations,” he said. “That’s a large profit within minutes.”
• McAfee agreed. “The growing number of connected devices offers an opportunity for ransomware to target the wealthy by cutting off access to their heat, for example,” the company said in an email. “Ransomware technologies will be applied to cybersabotage and disruption of organizations.”

A huge IoT-based attack is coming

The October 2016 distributed denial-of-service attack against Dynamic Network Services Inc. was just the beginning. The growing population of poorly protected intelligent devices is too attractive a target for cyberattackers to resist for long. Expect them to be back in 2018 was something more insidious and destructive that uses connected devices to tunnel back into corporate networks. The good news is that the next attack could be a wakeup call for device makers to put their heads together and cooperate on security standards and for enterprises to declare that they won’t do business with device makers that don’t make security a top priority.

How others see it

• “Device manufacturers and service providers will seek to overcome thin profit margins by gathering more of our personal data, with or without our agreement,” McAfee predicted. “The will turn the home into a corporate storefront.”
• The explosion of devices and access points will render traditional defenses useless, said Hansang Bae, chief technology officer at Riverbed Technology Inc. “Security will be better ensured by viewing the network more holistically as well as having technology safeguards in place that monitor the behavior of users and handle anomaly detection,” he said.

And that pretty much sums up the direction in which security practices are headed.

Image: Unsplash