The title of the opening keynote at RSA Security LLC’s annual information security conference this week in San Francisco — “Planning for Chaos” – neatly sums up the myriad challenges that anyone who uses technology today faces.
Every day, it seems, new kinds of risks and attacks on information security threaten virtually every service we rely upon every day, from Facebook and Uber to our increasingly Internet-connected cars and homes.
The growing risk of cyberattacks, combined with the proliferation of new malware technology such as ransomware, has introduced new headaches for enterprise security groups in areas that were barely even on the radar screen a year ago. Then there’s the dubious quality of security in so-called Internet of Things devices such as security cameras, which were blamed for a massive distributed denial of service attack in October.
And it’s more than lone hackers or even organized criminal groups fomenting these attacks. The alleged Russian cybermeddling in the 2016 U.S. elections also highlights the broad-based threats from state-sponsored attacks — not just against governments but corporate enterprises as well. “State-sponsored attacks are at an all-time high and they’re heavily targeting private organizations,” said Paul Innella, chief executive of Tetrad Digital Integrity LLC, a government services provider. “Targeting intellectual property information and business strategies has become an important tactic for states like Russia and China, and it’s unclear what the government can do about it.”
To make matters worse, it’s getting harder find people who can fix the situation. There’s a severe shortage of security personnel that’s expected to reach a stunning 1.5 million open positions by 2020.
Add it all up, and the result is a world in which keeping information secure is both more critical and more difficult than ever to achieve. It’s no surprise that Gartner Inc. estimates worldwide information security spending will more than double from $76.9 billion in 2015 to $170 billion by 2020.
“We’re moving from a world where we were restricting access to a world where it’s all about information sharing,” said Peter Burris, head of research at Wikibon Research, owned by the same company as SiliconANGLE. “We have to make sure that as we share more, we’re doing it with more controls, because your brand will be synonymous with your security.”
AI to the rescue
Not surprisingly, these new threats are spurring new entrepreneurial activity. Investors continue to pour money into security startups, many of which are bringing artificial intelligence and machine learning to the task of interpreting and responding to the mammoth volume of data pouring in from networks and servers. As Burris noted, the prevailing attitude in defense circles now is that breaches are inevitable, so the only practical strategy is to detect and contain attackers before they do too much damage.
This philosophy underlies much of the new security technology that is coming to market, which uses machine learning and artificial intelligence to discover patterns that indicate a breach. These approaches run the gamut from IBM’s Watson for Cyber Security platform – which compares a corporation’s internal data to a base of millions of documents, academic papers and threat reports to spot patterns humans would miss – to LogicHub Inc., which is teaching machines to learn from human security experts in order to automate their thought processes. Many of these technologies are now offered as services, prompting research firm MarketsandMarkets to forecast that the managed security services market size will nearly double to $33.7 billion by 2021.
“Machine learning has been kind of a buzzword in the past, but the models behind it are improving,” said Rob Westervelt, research manager in the Security Products group at International Data Corp. “It’s still unclear if these tools will replace existing SIEM [security information and event management] or just complement it. Many enterprises have had SIEM for a long time and aren’t even using it that thoroughly.”
Slow on the uptake
Poor governance and internal practices continue to be the industry’s biggest Achilles’ heel. One recent analysis of 10 million leaked passwords found that 17 percent of accounts were secured with “123456.” Many smaller companies, in particular, still see cyberattacks as someone else’s problem. Hewlett Packard Enterprise Co.’s “State of Security Operations 2017” report found that more than a quarter of the 137 security operations centers it has studied over a nine-year period failed to achieve a rating of even one point on a five-point scale.
Such organizations “operate in an ad-hoc manner, with undocumented processes and significant gaps in security and risk management,” researchers reported. Earlier, Hewlett Packard Enterprise Co. chastised organizations for failing to break down silos between development security teams, thereby undercutting the inherent benefits of the DevOps development process, which brings together software developers and IT workers in an enterprise.
Ransomware, malicious software that blocks access to a computer until the victim pays to fix it, looms larger than ever today, so not surprisingly it will figure prominently in at least 10 sessions at the RSA Conference. “It’s the only threat that increased significantly in 2016,” Westervelt said. “It’s an issue that nobody has been able to get a handle on yet.”
Nearly 40 percent of organizations have been hit by a ransomware attack, according to Osterman Research Inc. It was the fastest-growing malware variant in 2016. Ransomware represents a troubling evolution of the cyberthreat landscape. As black market prices have plummeted for personal information such as credit cards and health records, cybercriminals have turned their attention to individuals, extorting relatively small amounts but at high frequency. “I’m getting a lot more calls from enterprises that were hit multiple times,” Westervelt said. “More than 90 percent of infections are through email attachments, and the social engineering criminals use is just amazing.”
Equally concerning is the speed at which ransomware is evolving. For example, a recently detected variant called Doxware extorts money from victims by threatening to reveal embarrassing personal information. Infection has also spread to servers in a version that attacks the MongoDB NoSQL database, spreading from 200 to 27,000 machines in a little more than a week after it was discovered in January.
Cloud security fears abating
Not least, the rise of cloud computing has escalated security concerns that have kept many enterprises from fully embracing the next generation of computing. But there are signs that attitudes are finally changing. A survey of 2,200 security pros by Bitglass Inc., found that 52 percent of respondents said the cloud is at least as secure as their on-premise systems, up from 40 percent in the previous year’s survey.
The sixth annual “Future of Cloud Computing Survey” released in October by North Bridge Venture Partners and Wikibon found that security remains the top obstacle to enterprise cloud adoption, but that concerns about security fell significantly over the past year.
Decisions by big government organizations such as the Department of Defense to migrate massive amounts of their infrastructure to public cloud providers are helping to ease security concerns, Innella said. “Many federal IT systems are moving into the cloud and I believe industry is beginning to follow suit,” he said. “A lot of people are now looking at cloud as mainstay infrastructure.”
For those who aren’t among the 45,000 people expected to attend the RSA Conference, SiliconANGLE Media’s mobile video studio theCUBE will be covering it, conducting interviews onsite with industry leaders on Tuesday, Feb. 14, with more interviews and live commentary in theCUBE’s studio in Palo Alto, California, on Wednesday, Feb. 15.