More Related Content Similar to Top Cyber Security Trends for 2016 (20) Top Cyber Security Trends for 20161. © 2015 Imperva, Inc. All rights reserved.
Top Cyber Security Trends
for 2016
Amichai Shulman, CTO, Imperva
December 16, 2015
2. © 2015 Imperva, Inc. All rights reserved.
Amichai Shulman – CTO, Imperva
• Speaker at industry events
– RSA, Appsec, Info Security UK, Black Hat
• Lecturer on information security
– Technion - Israel Institute of Technology
• Former security consultant to banks and financial services firms
• Leads the Imperva Application Defense Center (ADC)
– Discovered over 20 commercial application vulnerabilities
– Credited by Oracle, MSSQL, IBM and Others
2
Amichai Shulman one of InfoWorld’s “Top 25 CTOs”
3. © 2015 Imperva, Inc. All rights reserved.
Agenda
• Introduction
• 2015 Forecast Score Card
• 2016 Cyber Security Trends
• Summary and Conclusion
• Q&A
3
4. © 2015 Imperva, Inc. All rights reserved.
2015 Score Card
4
Trend Score
1 Targeted attacks change their nature
A
2 Patching is going to become impossible A-
3 DDoS is growing at the Internet rate A
4 SSL is at a tipping point A-
5. © 2015 Imperva, Inc. All rights reserved.
2016 Cyber Security Trend #1:
IoT / BoT - Botnet of Things
1
5
8. © 2015 Imperva, Inc. All rights reserved.
Asking the Right Question
• Can someone hack my toaster?
8
9. © 2015 Imperva, Inc. All rights reserved.
Asking the Right Question
• Can someone hack my toaster? • Can my network be attacked with a
shoe?
9
10. The Internet
of Things
A dramatic increase in
networked devices leads
to more opportunities for
ATTACK
The Internet
of Things
11. © 2015 Imperva, Inc. All rights reserved.
BoT - Botnet of Things
• Connected IoT devices will never have “adequate” security
– Device take over
– Credential theft
• Botnets can grow larger undetected
– More opportunity – easier to form larger botnets
– More DDoS as a Service opportunity
• Possible increase in exposure from insiders
– BYOD on steroids
– Watch, wearables and others not as secure
– More compromised devices in the vicinity of enterprise networks
11
12. © 2015 Imperva, Inc. All rights reserved.
Our Prediction
• More people talking about the wrong problems
• More “IoT” based botnets
• More incidents to link personal credentials with IoT breaches
• Highly sensitive companies starting to feel the pressure (not until the end of
the year)
12
13. © 2015 Imperva, Inc. All rights reserved.
2016 Cyber Security Trend #2:
Rise of Insider Threat
2
13
14. © 2015 Imperva, Inc. All rights reserved.
Rise of Insider Threat
14
Globally 89% of respondents felt that their organization was now more at
risk from an insider attack – Vormetric 2015
“55% of the Incidents from Internal Actors due to Privilege Abuse”
-Verizon DBIR 2015
16. © 2015 Imperva, Inc. All rights reserved.
Outside In
• Personal attack surface is growing
– Social, mobile, IoE
– We are extremely exposed and extremely vulnerable
• Engaged employees are a two way sword
– Mix work and personal life
– Most infections happen during office hours, 20% of infected machines attributed to
enterprise networks
• End stations are increasingly vulnerable
– Tracking the number of patched vulnerabilities in end point components suggests a
growing backlog with a constant fixing capacity
16
17. © 2015 Imperva, Inc. All rights reserved.
Inside Out
• Shadow IT
– Unmanaged Database servers
– Partly commissioned SaaS applications
• More employees and more collaboration
– Barriers are taken down
• Shared data repositories with trusted partners
• Sensitive data is everywhere
– Cloud applications provide direct access without IT control
– Big data lakes
– 1000s of “traditional” databases
17
18. © 2015 Imperva, Inc. All rights reserved.
Our Predictions
• Decrease in detection rates
– Most solutions look for the tools and not the attack
– Attackers have all the infrastructure in place to evade ANY solution that takes the
above approach
• Increase in absolute number of attacks of internal nature
• Large increase in total number and percentage of incidents of internal nature
18
19. © 2015 Imperva, Inc. All rights reserved.
2016 Cyber Security Trend #3:
Data Security for the Big and Small
3
19
20. © 2015 Imperva, Inc. All rights reserved.
Big Breaches = Big Price Tag
• Cost of data breach is higher than anticipated
– Target’s gross breach expenses totaled $252 million, insurance compensation brought that
down to $162 million
– Home Depot expects $100 million in insurance payments toward $232 million in expenses
from its 2014 breach
– Anthem breach expected to cost more than $100 millions
20
21. © 2015 Imperva, Inc. All rights reserved.
Big Breaches Start Small
• Target breach started with a
compromised HVAC company
• T-Mobile customer data breached
through Experian
• JPMC customer data breached after
an affiliate was breached
• Lockheed Martin breach through
RSA
21
22. © 2015 Imperva, Inc. All rights reserved.
Smaller Companies are Targets
• While sophisticated, targeted attacks do exists they are a negligible minority
• 80% of infections stem from massive eMail campaigns
• Smaller organizations are infected and compromised as much as larger ones
(or even more)
• Attackers are aware of 3rd party relationships between large targets and
smaller service providers
• Transfer of liabilities may prove to be devastating for a smaller 3rd party
22
23. © 2015 Imperva, Inc. All rights reserved.
Cyber Insurance is Not a Silver Bullet
• Big breaches leave some of the costs uncovered
• Insurance claims result in higher policy costs in the future
– “Health insurers who suffered hacks are facing the most extreme increases, with some
premiums tripling at renewal time” - Bob Wice, a leader of Beazley Plc's cyber insurance
practice
• Policy cost is detrimental for smaller business
– Insurers are not proficient yet in assessing the risks
– May consider making coverage conditional on a full and frequent assessment of
policyholder vulnerabilities (PwC Research)
– Especially true for 3rd party liabilities
23
24. © 2015 Imperva, Inc. All rights reserved.
Our Predictions
• Continuing on our previous prediction – smaller organizations are going to
continue falling prey in larger numbers
• Expect more breaches to be attributed to 3rd party negligence
• Big enterprises to start paying attention to security posture of 3rd parties
– Set up standards / guidelines / requirements
– Transfer liability in the event of a breach
• Cyber insurance companies to attempt to set guidelines for data security
– Penetrate the smaller business market
– Must come up with a good actuary model based on standardized mitigation requirements
24
25. © 2015 Imperva, Inc. All rights reserved.
2016 Cyber Security Trend #4:
SSL More of a Problem than a Solution?
4
25
26. © 2015 Imperva, Inc. All rights reserved.
Subversion of Free SSL Certificates for Malware
26
27. © 2015 Imperva, Inc. All rights reserved.
Subversion of Free SSL Certificates for Malware
• Easier to encrypt C&C communications
• Fast flux DNS can now be used in conjunction with SSL
• More certificates for more organizations = more opportunity for theft
– More opportunity for impersonation and code signing
• Free SSL certificates can significantly lower the cost of signed malware
– Combined with automation will help them remain undetected
27
28. © 2015 Imperva, Inc. All rights reserved.
What (else) Could Possibly Go Wrong?
• eDellRoot
• Logjam
• Schannel TLS Triple Handshake
Vulnerability - CVE-2015-6112
– Add “Extended Master Secret”
• Bar Mitzvah attack
– RC4 under SSL is REALLY broken
• SSL Pinning
– Would invalidate NG Firewalls?
28
29. © 2015 Imperva, Inc. All rights reserved.
A Note on HTTP/2
• Major complex revision of HTTP protocol
– Keep semantics but replace everything under the hood
• Intended for use over TLS
– This part was not mandated by RFC but dictated by major browser vendors
• Inconsistency between SPDY and HTTP/2 in the use of TLS extensions
• New implementations that are not even based on the SPDY prototypes
• Across all major servers and browsers
29
30. © 2015 Imperva, Inc. All rights reserved.
Our Predictions
• Continuous growth in SSL implementation and design vulnerability flow
• Increase in SSL usage and changes to CA infrastructure will benefit attackers
– More attacks go undetected over network (SSL certificates)
– More attacks go undetected inside end stations (code signing certificates)
• New HTTP/2 vulnerability flow
– We already have some in our lab
• It’s going to be much worst before it becomes better
– The foundation for secure traffic over the Internet must go through a drastic simplification
process
30
31. © 2015 Imperva, Inc. All rights reserved.
2016 Cyber Security Trend #5:
Ransomware/Blackmail – Flourishing
Business
5
31
32. © 2015 Imperva, Inc. All rights reserved.
Ransomware Business on Personal Devices
32
33. © 2015 Imperva, Inc. All rights reserved.
Ransomware Business on Personal Devices
33
• CryptoWall 4.0 – enhanced and harder to detect
• Once data is encrypted, unfortunately, not many options
– Standard modern encryption used in the proper way (i.e. cannot be broken)
– Reformat and restore from backup
• Authorities set the right atmosphere
– “To be honest, we often advise people just to pay the ransom.” – Assistant Special Agent
in Charge of the FBI’s CYBER and Counterintelligence Program
– The success of the ransomware ends up benefitting victims (same as above)
– Ransoms are low. And most ransomware scammers are good to their word (guess who…)
• Criminals are netting an estimated $150 million a year through these scams
(FBI)
34. © 2015 Imperva, Inc. All rights reserved.
Ransom/Blackmail on Enterprises
34
36. © 2015 Imperva, Inc. All rights reserved.
DDoS as a Service
• Ransoms with threats of DDoS Attacks
• Based on low end DDoS as a Service Providers
• Simple execution
– Go online
– Purchase a monthly package
– Launch short attacks
– Send email
– Collect money
36
37. © 2015 Imperva, Inc. All rights reserved.
Our Predictions
• Unless authorities step in this is going to grow
• May spill into the ICS / SCADA domain
• Some gangs may choose to go after bigger prey
37
39. © 2015 Imperva, Inc. All rights reserved.
Our 2016 Predictions
• IoT will start taking its toll on enterprises and individuals
– Botnet of things
– Credential theft through insecure devices
• Rise of insider threat
– Dramatic growth in successful attacks of insider nature
– Due to increased attack rate and lower detection rates
• Attackers go down the food chain
– Increased attacks on smaller companies
– Increased liability will drive data security needs
39
40. © 2015 Imperva, Inc. All rights reserved.
Our 2016 Predictions (cont.)
• Continuous decay in security value of SSL
– Coupled with new opportunities for attackers to abuse growing use of SSL
– HTTP/2 vulnerability flow
• Ransom/Blackmail as a business model
– Fast growth business
– May affect larger organizations and other domains (ICS / SCADA)
40
41. © 2015 Imperva, Inc. All rights reserved.
Recommendations
• Cyber space is not going to become more secure this year
• Enterprises must continue to invest in securing themselves, this goes down to
the smaller enterprises as well
• Attackers are after data. This is where enterprises should invest their efforts of
protection
• Once inside the organization attackers are not “attacking” but rather “abusing”.
Look for solutions that detect abuse rather than attack
• Look for security as an overlay solution
– Databases cannot defend themselves
– Applications are not self defending
– Networks cannot be defended against DDoS from inside the network
41