A glance at IT news shows cybersecurity trends remain on companies' radar. At the CIO Boston Summit, Cybereason's Jessica Stanford discussed steps to defend against risk.
From ransomware like WannaCry to destructive wipers like NotPetya, and massive data breaches like Equifax to the revelation of CIA hacking tools like Vault7, cybersecurity dominated headlines in 2017. As data breaches continue to affect organizations of all sizes, Gartner predicts worldwide enterprise security spending to reach $96.3 billion this year.
We cannot help but wonder what's in store for cybersecurity as 2018 continues. At the recent CDM Media CIO Boston Summit, Jessica Stanford, director of product marketing at Cybereason Inc., highlighted the top 2018 cybersecurity trends that researchers at the Boston-based security company identified.
While companies can expect to see more cybersecurity drama unfold, "we are hoping that at the end of 2018, we can look back and say it was the 'year of the defenders,'" Stanford said.
2018 cybersecurity trends: The rise of supply chain attacks
Companies can expect to see a rise in supply chain attacks like the Target data breach, where attackers used the HVAC system to penetrate Target's network, Stanford said.
While larger organizations are implementing more security defenses, weak security practices are still prevalent at third-party suppliers because they think they are immune to attacks, she said.
"Attackers, when they are seeking out targets they want to reach, have to find out the weakest link and, often, that's through those third-party vendors."
We are hoping that at the end of 2018 we can look back and say it was the 'year of the defenders.'
Jessica Stanforddirector of product marketing, Cybereason
Stolen data has also decreased in price -- another factor that's driving these supply chain attacks. If prices are going down for these records, attackers have to be more efficient about getting them, she explained.
There are several ways to mitigate these risks, she said: Companies should monitor all vendor access and keep third-party access limited to certain systems. They should also restrict user's ability to install third-party software, and create redundancies throughout the supply chain.
Stanford added that CISOs should feel comfortable about going to a third-party vendor and asking to see their incident response and disaster recovery plans.
"[It's important to] have that conversation before you build that business relationship to truly understand, 'Is this a supplier that I feel comfortable working with,'" she said. "Hopefully, there is an opportunity for you to learn from each other and, if not, you can choose not to use that vendor."
One of the big reasons is the lack of consequences, she said. "When something happens in the physical, real world, people are often held accountable for that. But, unfortunately, when we see these destructive attacks, there is not always that same level of accountability being held for the people who are conducting them."
They are also fairly easy to launch, as there are a lot of basic tools that people have access to, she said. Such attacks can also be very effective and damaging, she added: The NotPetya wiper is estimated to have cost companies $1.2 billion worldwide.
Jessica Stanford, director of product marketing at Cybereason, during her session at the CDM Media CIO Summit in Boston.
Creating an effective backup system that is tested regularly, putting in prevention capabilities, simplifying an organization's IT environment and developing an effective patch management process are ways to mitigate the risks of these destructive attacks, she said.
"I have heard many people complain that patch management is a problem. … Security wants effective patch management, but IT doesn't want to always want to implement it. If you can go in at the beginning and set mutual goals around patch management, it can help mitigate that issue."
The commoditization of cyberattacks
The commoditization of advanced tool sets and the public disclosure of attack techniques have blurred the lines between the attack capabilities of nation state attackers and those of the lower-level cyber criminals, she said.
"Tools, techniques and procedures that used to be only available to nation state attackers are [now] available for all cyberattackers," Stanford said, citing the leaked National Security Agency hacking tool EternalBlue that quickly became a hacker favorite.
Stanford warned organizations to not ignore low-level threats that can often be addressed through a patch. "Work from your risk vector analysis to understand who you might be a target for and understand what gaps they might see to get in and start to close those gaps. Develop [threat] hunting capabilities, so you can hunt for these threats when they come up."
Surge in fileless attacks
Fileless malware attacks -- among the top 2018 cybersecurity trends -- are on the rise as well, because they are really easy to execute, she said. PowerShell is increasingly being used to perpetrate fileless attacks. Scripting language often enables obfuscation, which makes it harder to detect, she said.
Restricting unnecessary scripting languages, updating to PowerShell 5.0, and implementing endpoint security solutions are some of the ways to minimize the risk of such attacks, she said.
"We are hopeful that the year 2018 will be the year of the defender, because we do see many organizations are building stronger defense systems," she said.
