Next year’s threat landscape
2017 is near its end, which means it’s time to take stock of the shambolic incidents, and the wins, of the past 12 months, and throw them together in a cauldron to create a mist through which to activate a crystal ball and work out if we can do any better next year by anticipating the threats, risks and actors on the stage. Given this is ostensibly a CyberSec blog, I’ll throw my hat in and use my amazing technomantic gifts as well. All predictions subject to varying change, use for entertainment purposes only and all other legal disclaimers apply. No flies on me.
I would also like to point out that some of the following you will probably have seen elsewhere, as, rather unsurprisingly, the Monsters Under Next Year’s Bed tend to be the same ones that scare every tech-head. So no, it’s not plagiarism when everyone does it. Plus, these are some pretty scary monsters, so I’m expecting a fair few new analyst and consultant jobs for all CyberSec fields to appear in Q1 2018, particularly within law enforcement and intelligence, threat intelligence firms, and digital forensics companies.
This is part the second.
GDPR: You and the Supply-Chain
Yes, I know I’ve talked about this ad nauseam, but it’s not going away. This is less of a threat in terms of an attack, but it is still something that must be dealt with swiftly. The time to get this rolled out and introduce compliance was yesterday, so if you still haven’t done anything about, I’d seriously get your skates on. With seriously damaging penalties, this is one piece of legislation that you will want to be in sync with.
It’s not just you who needs to comply though. You need to make sure that you’ve pushed all your supply chain and third-party suppliers to comply as well. They are often the weakest link in the Cyber Security landscape, so harp on at them; make it clear that unless they comply, they will be faced with a staggering bill and no ability to trade with UK or EU countries. After all, you don’t want their negligence coming back to bite you.
That’s it. That is all I’m saying. Sort it out, or face the penalties. If you think that this legislation doesn’t apply because you don’t operate within it’s jurisdictions, a hint of advice: look to compliance anyway, because there will be similar legislation cropping up everywhere soon enough.
Machine & Deep Learning (AI)
Ubiquitous is the watchword here. All forms of ML/DL are now everywhere, making them accessible for every possible form of research. But that also means that the CaaS providers are able to do the same, constantly improving their malware. With AI becoming increasingly common, opportunity will be exploited.
I suspect that parallel computing in the public domain will soon be a Thing again, looking at trends like blockchains, and it will be used for ML. Add the right wrapper, and this could quite easily be a malware package not only stealing your data, but using your computer, or those on your network, to generate its next iteration before spreading its payload to another victim.
Choose your network and endpoint protection carefully. Find the one that updates regularly and researches AI and associated attack vectors well. While this might not be a major issue for smaller companies, those involved in large-scale computing, data centre management, healthcare and finance should take particular care here.
Sweet nightmares until next time!