Post on 07-Sep-2020
The information provided in this document is the property of S21sec, and any modification or use of all or part of the content of this document without the express
written consent of S21sec is strictly prohibited. Failure to reply to a request for consent shall in no case be understood as tacit authorization for the use thereof.
© S21sec Portugal, S.A.
C-Days 2016Cybersecurity National Centre
Date: Set 2016
Cybersecurity trends and
forecast for 2017
2SLIDE 2
PUBLIC WITH AUTHORIZED CIRCULATION
15 years experience in
the security
business
Incident
prevention
and response
24x7
Protection against all types
of cybersecurity threats
Comprehensive
Security Management
PUBLIC WITH AUTHORIZED CIRCULATION
SLIDE 3
*
Motivations
Analysis vectors
Trends and Forecast
Table of Contents
PUBLIC WITH AUTHORIZED CIRCULATION
SLIDE 4
Make everyone who reads this more aware of cyber risks
Help professionals direct their career to where they can be of most value
Provide insights that help companies (re-) align cyber security
MotivationsThis presentation and overall S21sec posture
Cybersecurity will have an increasing impact in the life of all of us
Awareness and visibility is fundamental to cyber risk avoidance
Cybersecurity National Centre has/will have a fundamental role in the Portuguese society …
… and it needs all the help all of us can provide
Conte
xt
Go
als
PUBLIC WITH AUTHORIZED CIRCULATION
SLIDE 5
*
Motivations
Analysis vectors
Trends and Forecast
Table of Contents
PUBLIC WITH AUTHORIZED CIRCULATION
SLIDE 6
ContextChanges in the world
(geopolitical, technical, etc.)
CrimeChanges in the way criminals are conducting their activities
MarketOffer and demand market of cybersecurity professionals
Regulation
Changes in regulation related to cybersecurity
Analysis vectorsWhat vectors were considered in this analysis?
PUBLIC WITH AUTHORIZED CIRCULATION
SLIDE 7
Trends and Forecasts - Analysis vectorsHow were trends and forecasts matched?
Co
nte
xt
• Facts and trends that are relevant are listed in
the darker rows…
The forecast is presented here as a deduction,
induction, correlation, simple evolution, etc., of
the facts and trends on the left
Cri
me
• … organized by category …
Ma
rket
• Sometimes, some of the categories are not
relevant …
Re
gu
l.
• … for specific forecasts and the rows are shown
in a lighter tone.
PUBLIC WITH AUTHORIZED CIRCULATION
SLIDE 8
*
Motivations
Analysis vectors
Trends and Forecast
Table of Contents
PUBLIC WITH AUTHORIZED CIRCULATION
SLIDE 9
ATM and PoS networks will be targetedTrends and Forecasts
Types of Attacks (with confirmed data breach)
Source: Verizon, Data Breach Investigations Report, 2015
Insider Misuse 129
ATM/POS Intrusions 419
Cyber-espionage 290
Payment Card Skimmers 108
Web App Attacks 458
Physical Theft/Loss 35
Crimeware 287
Miscellaneous Errors 11 2006 2007 2008 2009 2010 2011 2012 2013 2014
PUBLIC WITH AUTHORIZED CIRCULATION
SLIDE 10
ATM and PoS networks will be targetedTrends and Forecasts
PUBLIC WITH AUTHORIZED CIRCULATION
SLIDE 11
ATM and PoS networks will be targetedTrends and Forecasts
Co
nte
xt • ATM and PoS data is not only financial but also
behavioral, being “monetized” in multiple ways
• ATM and PoS systems are prone to be short-of-
patch for long periods of time
Sophisticated attacks on ATMs
(and PoS) will increase
Attackers are increasingly using
advanced techniques to infect ATM and
PoS devices, using inside information
(systems and networks) and, additionally,
knowledge regarding operational
procedures.
Banks will accelerate use of ATM and
PoS protection technologies
(hardening solutions)
Cri
me
• Attacks on ATM and PoS networks have
increased in the recent years
Not applicable
Not applicable
PUBLIC WITH AUTHORIZED CIRCULATION
SLIDE 12
Smartphones will be increasingly targeted (Android mostly)Trends and Forecasts
Note: study from Cambridge University
PUBLIC WITH AUTHORIZED CIRCULATION
SLIDE 13
Smartphones will be increasingly targeted (Android mostly)Trends and Forecasts
Co
nte
xt • Smartphones are being sold by the millions
• People use smartphones for everything
• Independent app stores became common
• Most stores do not check app’s security
Smartphones will be increasingly
targeted
Common people will become afraid of
using smartphones for financial
operations.
Use of MDM solutions by organizations
will become critical.
Cri
me
• Financial institutions are implementing Digital
Transformation programs, as a response
towards the rise of FinTechs
• Publishing “malware apps” in app stores has a
successful track record
Not applicable
Not applicable
PUBLIC WITH AUTHORIZED CIRCULATION
SLIDE 14
Critical Infrastructures will be under attackTrends and Forecasts
Co
nte
xt • Geopolitics are heating up (Trump, Putin, UK)
• APTs are getting more sophisticated
• Time-to-infect is getting shorter
Critical Infrastructures will be more
targeted
However, due to the fact that APTs are
becoming quicker-to-infect and stealthier,
there won’t be many reports about it.
Difficulties in pushing protection on these
organizations might arise due to the
“there are no evidences of it happening”
effect.
Cri
me • Cyber terrorism and Cyber sabotage, including
the “supposedly” state-sponsored, have
increased in the recent years
Not applicable
Not applicable
PUBLIC WITH AUTHORIZED CIRCULATION
SLIDE 15
Cybersecurity will have a legal push-down from Companies’ BoardTrends and Forecasts
Co
nte
xt • C-Level Execs are becoming increasingly aware
of the relation of cybersecurity and privacy and
the overall impact of all cyber-things on the
Operational Risk Framework
Data Privacy Officers will become
common (2017 onwards) and pushed
to accumulate cybersecurity roles
However, there might be the temptation
to make it a “legal” position (cheaper,
due to availability of resources) rather
than a technical-savvy one.
Top organizations will understand that
what is needed is a cyber-security
professional with legal education or
vice-versa
Not applicable
Ma
rket
• Data Privacy Officers will be a “must have” for a
large number of organizations
Re
gu
l.
• GDPR is here and it is to stay
PUBLIC WITH AUTHORIZED CIRCULATION
SLIDE 16
Analytics will become “the” hot-topic in intrusion and APT detectionTrends and Forecasts
Co
nte
xt
• Company information is on high demand, for all
the typical reasons (privileged information,
intellectual property, etc.).
Organizations will have to use
analytics to identify suspicious
behavior.
Instead of identifying malware, these
systems will flag as “incident” situations
in which credentials were used to
access a system for the first time, from
an unknown device at a new location
outside usual hours, e.g.
New solutions will pop-up from both
established companies as from startups
Cri
me
• Credentials are becoming the more
“monetizable” asset on the block
• Criminals are attacking companies without the
use of malware. They rather use stolen
credentials and “old-school-scams-on-techroids”
Not applicable
Not applicable
PUBLIC WITH AUTHORIZED CIRCULATION
SLIDE 17
Attacks to health institutions Trends and Forecasts
12 other Hospitals are part of a investigative report
that can be read at
http://www.healthcareitnews.com/slideshow/ransomw
are-see-hospitals-hit-2016
PUBLIC WITH AUTHORIZED CIRCULATION
SLIDE 18
Attacks to health institutions Trends and Forecasts
PUBLIC WITH AUTHORIZED CIRCULATION
SLIDE 19
Attacks to health institutions Trends and Forecasts
Co
nte
xt • Health is a big business in some countries
• Health systems are increasingly online
• Health institutions do not invest in cybersecurity Attacks to health institutions
(hospitals, mostly) will increase
Several health-related technologies are
increasingly online and are lacking
security controls.
Hospital hacks will be delivered through
business partners (suppliers,
maintenance companies, etc.)
Cri
me
• Recent attacks to hospitals (ransomware) had
huge paybacks
Not applicable
Not applicable
PUBLIC WITH AUTHORIZED CIRCULATION
SLIDE 20
Malware-as-a-service replaces isolated and proprietary hacks Trends and Forecasts
PUBLIC WITH AUTHORIZED CIRCULATION
SLIDE 21
Malware-as-a-service replaces isolated and proprietary hacks Trends and Forecasts
Co
nte
xt
• Eastern-Europe countries are very tolerant with
cyber-criminals, as long as they don’t target their
own countries
Malware-as-a-service will fuel
low-end criminals who will push
ransomware even further
The business model of the “elite
cybercriminals” is quick in adapting to
economical standards and is pushing
models as the “pay-as-you-grow”.
Therefore, a very long tail of low-end
criminals will be created.
Cri
me
• Malware-as-a-service infrastructures are getting
highly sophisticated
Not applicable
Not applicable
PUBLIC WITH AUTHORIZED CIRCULATION
SLIDE 22
Cyber risk ratings will become mainstreamTrends and Forecasts
A large international company
PUBLIC WITH AUTHORIZED CIRCULATION
SLIDE 23
Cyber risk ratings will become mainstreamTrends and Forecasts
*Verizon 2015 Data Breach report
Yahoo Mail accounts breached
through third-party database hacking
Lesson from the Google office
hack: Do not trust third-parties
Third-party vendor behind possible
Lowe’s data breach
Third-party Vendor source of breach
at the Home Depot
Target credential theft highlights
third-party vendor risk
BREACH ORIGIN
DirectThird-Parties
PUBLIC WITH AUTHORIZED CIRCULATION
SLIDE 24
Cyber risk ratings will become mainstreamTrends and Forecasts
Co
nte
xt • Cybersecurity is becoming relevant in all of the
Operational Risk framework
• Suppliers risk was traditionally only focused on
availability and SLA (not any more)
Maybe not in 2017 but pretty soon
cyber risk ratings will be
mainstream.
Organizations are not able to properly
monitor the cybersecurity posture of all
its suppliers and partners and,
therefore, must depend on someone
else to do it properly, in a cost-effective
manner.
Cri
me
• Criminals are hitting organizations indirectly, via
its business partners
Not applicable
Not applicable (yet … I believe cyber-risk insurances will
be mandatory in a few years)
PUBLIC WITH AUTHORIZED CIRCULATION
SLIDE 25
Cybersecurity will become more expensive (and sometimes with less quality)Trends and Forecasts
PUBLIC WITH AUTHORIZED CIRCULATION
SLIDE 26
Cybersecurity will become more expensive (and sometimes with less quality)Trends and Forecasts
UK Cybersecurity Breaches Survey, 2016
PUBLIC WITH AUTHORIZED CIRCULATION
SLIDE 27
Cybersecurity will become more expensive (and sometimes with less quality)Trends and Forecasts
Concern about cyber risk continues to grow The “Regulation Cycle”
Regulators become defensive regarding
financial impact “on the system” and citizen’s
(i.e. political impact) personal data loss and
push regulations
Regulated entities become defensive
regarding fines and penalties and converge
to the regulation, making it become a
commodity
When present regulations are
commodities, regulators tend to strengthen
new versions of the regulations
PUBLIC WITH AUTHORIZED CIRCULATION
SLIDE 28
Cybersecurity will become more expensive (and sometimes with less quality)Trends and Forecasts
Co
nte
xt • Cybersecurity is becoming relevant in all of the
Operational Risk framework
• Cybersecurity is at the top-of-mind of everyone,
including the C-Level
Offer and demand market will push
prices up on the cybersecurity arena.
Specialized staff is in high-demand and
salaries are raising quicker. Portugal
has a severe shortage of these
professionals, in all cybersecurity
domains.
As a corollary, not so specialized
professionals will assume functions that
are not prepared to assume and the
delivery won’t be up to the standards.
Not applicable
Ma
rket
• Lack of cybersecurity professionals worldwide,
specially in Europe and critically in Portugal
Re
gu
l. • GDPR is here and it is to stay
• EBA regulations are strict and hard
• Critical Infrastructures are on the go as well
PUBLIC WITH AUTHORIZED CIRCULATION
SLIDE 29
Outsourcing will be on the riseTrends and Forecasts
Co
nte
xt
• Cybersecurity is becoming relevant in all of the
Operational Risk framework
• Awareness of C-Level is increasing
Organizations will start using
outsourced cybersecurity services
across the board
It will be impossible for a normal
organization to have in its staff all the
capabilities required to manage and
operate information security in a cost-
effective manner.
Trust in service providers will be key
Not applicable
Ma
rket
• Lack of cybersecurity professionals worldwide,
specially in Europe and critically in Portugal
Re
gu
l. • GDPR is here and it is to stay
• EBA regulations are strict and hard
• Critical Infrastructures are on the go as well