Next year’s threat landscape
2017 is near its end, which means it’s time to take stock of the shambolic incidents, and the wins, of the past 12 months, and throw them together in a cauldron to create a mist through which to activate a crystal ball and work out if we can do any better next year by anticipating the threats, risks and actors on the stage. Given this is ostensibly a CyberSec blog, I’ll throw my hat in and use my amazing technomantic gifts as well. All predictions subject to varying change, use for entertainment purposes only and all other legal disclaimers apply. No flies on me.
I would also like to point out that some of the following you will probably have seen elsewhere, as, rather unsurprisingly, the Monsters Under Next Year’s Bed tend to be the same ones that scare every tech-head. So no, it’s not plagiarism when everyone does it. Plus, these are some pretty scary monsters, so I’m expecting a fair few new analyst and consultant jobs for all CyberSec fields to appear in Q1 2018, particularly within law enforcement and intelligence, threat intelligence firms, and digital forensics companies.
Welcome to part three of your Christmas increased drinking regimen.
Yes, I did just portmanteau Cloud Computing and Security. You’ve already considered cloud options for your organisation, you’re probably running on hosted O365, at the very least. But you don’t really know how to secure your external assets. Newsflash: no-one else really does either. This should worry you.
I’ve previously written about the chasm-wide skills gap the Cyber Security industry is facing, and Cloud Security skills are suffering largely in this respect. It’s certainly time to get your training budget in order, if you can’t afford a cloud specialist.
Too much is being moved into the cloud to ignore this problem. It is far too big. Plus, you also need to ensure that your hosting company is GDPR compliant, too. With the increase in data breaches we’ve seen this year, a healthy dose of cloud paranoia might just save you money and face.
The NCSC has some advice on where to start, use this as a platform to make headway into securing your cloud solutions.
Full-scale Cyber War?
A little clickbaity-y there, sure, but it is on-topic at least. 2018 will be the year that things change drastically, so says my crystal LCD screen. So far, there haven’t really been any major repercussions for nation-state actors loosing malware and wreaking havoc on the cyber battlefield. This can’t last. Rules of engagement will become a big talking point over the next 12 months, before anything can escalate beyond the point of no return. With more of our kill-stabby-blow-y uppy things being put under automated control, this isn’t just about who can hack who, or playing grab the secret files – this type of cyberwar is now about controlling your enemies’ weapon systems. Unless something is done, we won’t have to worry about who has a nuclear arsenal, but who can access ours.
While this might not be a direct, or even indirect concern for most of us, the ramifications could affect computer legislation, tighter software development rules, regulation on malware research and much, much more.
If you are a part of a major player in the industry in anyway, now might be the time to start considering what recommendations you can make to legislators to ensure they do have a balanced, evidence-based expert opinion they can base their decisions on. It will be needed.
As always, sweet nightmares!