Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Top 10 cybersecurity predictions for 2016 by Matthew Rosenquist

Cybersecurity is a difficult and serious endeavor which over time strives to find a balance in managing the security of computing capabilities to protect the technology which connects and enriches the lives of everyone.
Peering into the future of cybersecurity provides valuable insights around the challenges and opportunities. The industry is changing rapidly and attackers seem to always be one step ahead. Organizations must not only address what is ongoing, but also prepare for how cyber-threats will maneuver in the future.
The 2016 Cybersecurity Predictions presentation showcases the cause-and-effect relationships and provides insights and perspectives of the forthcoming challenges the industry is likely to face and how we can be better prepared for it.

  • Login to see the comments

Top 10 cybersecurity predictions for 2016 by Matthew Rosenquist

  1. 1. Top 10 Cybersecurity Predictions for 2016 and Beyond Matthew Rosenquist Cybersecurity Strategist, Intel Corp March 2016
  2. 2. More of everything will massively increase the number of potential targets. The growing cyberattack surface
  3. 3. The ease and cost of developing connected things is dropping fast, leading to an explosion of new products, many without adequate security protection. New Device Types
  4. 4. Chain Reactions Drive Cybersecurity Evolution…
  5. 5. 10 Evolving Challenges in Cybersecurity
  6. 6. 1. Government’s roles expand 2. Advances in nation-state cyber- offense affects everyone 3. Life safety and cybersecurity intersect in products 4. Rise in digital theft and fraud 5. Realistic impacts of cybersecurity emerge 6. Security expectations increase 7. Attackers evolve, adapt, & accelerate 8. Trust and Integrity are targeted and undermined 9. Security technologies improve but remain outpaced and outmaneuvered 10. Lack of security talent hinders the industry Cybersecurity is Rapidly Evolving
  7. 7. Public demands their governments be more actively involved in preventing and responding to cyber threats, major hacking events, fraud, and digital crimes, yet not infringe upon individual’s privacy. Government’s Roles Expand1.
  8. 8. Government’s Roles Expand Result: 1. More regulations, to raise security standards 2. Better policing and collaboration 3. More laws for prosecution actions 4. Friction around technology privacy and government access
  9. 9. Nation-State Cyber-Offense Affects Everyone Broad adoption by many nations of cyber- offense capabilities. Governments incorporate cyber into their defense apparatus with clear objectives and deployable systems. 2. i 29countries Have formal cyber warfare units i 63countries Use cyber tools for surveillance i $19billion US 2017 proposed budget for cybersecurity
  10. 10. Nation-State Cyber-Offense Affects Everyone Result: 1. Trickle-down effect gives advanced technology to criminals and attackers 2. Reverse engineered code is reused by other threats 3. Attackers don’t need to invest in developing high-end exploits, instead they harvest what governments create
  11. 11. Life Safety and Cybersecurity Intersect in Products Industrial and consumer products are being connected to the internet and to each other Vehicles, appliances, power stations, medical devices, and billions of other devices are gathering data and exerting a level of control in our lives Risk of catastrophic impacts as our reliance and trust increase 3.
  12. 12. Life Safety and Cybersecurity Intersect in Products Result: 1. A slow wake-up call for the transportation, healthcare, and industrial sectors as risks emerge 2. As IoT devices explode in number and function, so will the potential misuse 3. Remote devices, cameras, and drones become more concerning to safety and privacy. Expect more regulations
  13. 13. Attacks on automobiles will increase sharply in 2016 due to the rapid increase in connected automobile hardware built without foundational security principles. Transportation
  14. 14. Top 10 Healthcare breaches of 2015, affected almost 35% of the US population Healthcare
  15. 15. Critical infrastructure systems not designed with outside access in mind will become vulnerable to low-incident, but high-impact events as they become connected to the Internet. Critical infrastructure
  16. 16. Rise in Digital Theft and Fraud More opportunities to steal, extort, and commit fraud. Greed principle prevails Attackers are organized, share methods and tools Threats not limited by geography Financial, social, and geopolitically motivated 4. i ~$450billion Cyber-crime impact globally i 200%increase In cyber-crime in the last 5 years i 32%reported Organizations reporting cyber-crime
  17. 17. Rise in Digital Theft and Fraud Result: 1. More ways to successfully commit financial fraud and theft 2. Number of attacks increase, externals and internals, from across the globe 3. Higher cost incidents, millions-billion dollar attacks 4. Rising: Ransomware, CEO Fraud, transaction tampering 5. Continuing: DDOS & data breach extortion, Tax, Credit & banking fraud, skimmers, ATMs
  18. 18. Industry currently fails to measure the systemic impact and long term costs New interest to understand the overall costs:  Security products/services spending, staffing, audit/compliance, and insurance  Incident response and recovery costs  Secure product development, innovation and sales friction, related opportunity costs Realistic Impacts of Cybersecurity Emerge5.
  19. 19. Result: 1. Understanding impacts will begin to shift the industry perspectives 2. Evolving from tactical treatment of recurring symptoms to strategic interdiction of the systemic condition Realistic Impacts of Cybersecurity Emerge i $3trillion Aggregate innovation impact of cyber- risks by 2020 -McKinsey & World Economic Forum i $90trillion Potential net economic benefit drained from global GDP, worst case thru 2030 -Zurich & Atlantic Council
  20. 20. 6. Cybersecurity Expectations Increase Market demands more connectivity, devices, applications, and services Enterprise perspectives shift to accept the reputation and market risks Consumers expect security “their way”: Safety with access anywhere to anything
  21. 21. Cybersecurity Expectations Increase Result: 1. Expectations rise, but resources and capabilities will not keep pace, causing friction and opportunities for attackers 2. Strategic insights are needed to manage risks and seize opportunities 3. Leadership will be key to find the ‘optimal’ balance of security
  22. 22. 7. Attackers are nimble, opportunistic, cooperative, skilled and relentless Their motivation, resiliency, and creativity drives great adaptability Acceleration in their methods, tools, and targets (technology, people, processes) Attackers Evolve, Adapt, and Accelerate
  23. 23. Result: 1. Dark markets and services grow to enable 2. New data breach targets emerge 3. New uses for personal, health, biometric, and login data is explored by attackers 4. Research follows quickly into new areas of technology 5. Ransomware and “CEO email” tactics rise 6. Integrity attacks spear-headed by pros for huge gains – will drive new security solutions Attackers Evolve, Adapt, and Accelerate
  24. 24. Cybercriminals, competitors, vigilante justice seekers, and nation-states will increasingly target cloud services platforms to exploit companies and steal confidential data. Cloud services
  25. 25. Attacks on all types of hardware and firmware will continue. The market for hardware attack tools will expand. VMs will be successfully attacked through system firmware rootkits. Hardware Equation Group – HDD and SSD firmware reprogramming malware First commercial UEFI Rootkit
  26. 26. 8. Trust and Integrity are Targeted Attackers leverage trust mechanisms for their goals: Digital certs, Identity and, Encryption implementation Integrity attacks continue to escalate, altering data instead of stealing it. This begins a whole new game.
  27. 27. Trust and Integrity are Targeted Result: 1. Digital certs misuse allows access and malicious sites/software to proliferate 2. Vulnerabilities in devices, encryption, and code force changes in product design 3. Integrity attacks emerge as a devastating new strategy, targeting financial, communications, and authentication transactions
  28. 28. A significant new attack vector will be stealthy, selective compromises to the integrity of systems and data. In 2016, we will witness an integrity attack in the financial sector in which millions of dollars will be stolen by cyber thieves. Integrity
  29. 29. 9. Security Technologies Improve but Remain Outpaced and Outmaneuvered Execs get serious on managing cyber risks Holistic and strategic views take hold Cloud gets more secure Malware detection and forensics improves Hardware is the new trust foundation Incident Response capabilities and services achieves professional standing
  30. 30. Security Technologies Improve but Remain Outpaced and Outmaneuvered Result: Near-term cyber protection capabilities Availability/Denial of Service Confidentiality/Data Breach Integrity/Trust of Transactions iEXCELLENT iGOOD iLACKING
  31. 31. The security industry will develop effective weapons to protect, detect, and correct many attacks, but the arms race will continue. The security industry fights back Security industry to-do list:  Behavioral analytics to detect irregular activities  Threat intelligence, shared to deliver faster and better protection  Cloud-integrated security to improve visibility and control  Automated detection and correction to protect more devices with fewer security professionals
  32. 32. Threat intelligence sharing among enterprises and security vendors will grow rapidly. Sharing threat intelligence  Legislative steps will make it possible to share threat intelligence with government.  We will see an acceleration in the development of best practices for sharing emerging threat information.  Threat intelligence cooperatives between industry vendors will expand. STIX/TAXII will be the standard by which they share information.  Metrics for success will emerge, allowing enterprises, security vendors, and governments to quantify protection improvement.
  33. 33. 10. Lack of Talent Hinders the Industry Lack of qualified talent will greatly restrict the growth and effectiveness of security Academia is working to satiate demand, but it will take time. i 1.5-2million Unfilled positions by 2017 i 12xgrowth Compared to the overall job market i 70%understaffed Organizations report lack of staff
  34. 34. Lack of Talent Hinders the Industry Result: 1. Salaries continue to rise until demand is met 2. Headhunting and retention of top talent is ruthlessly competitive 3. Leadership and technical roles in greatest demand 4. Outsourcing to MSSP’s and security consulting firms increases
  35. 35. Conclusion As always, cybersecurity represents risks and opportunities Much of what was seen in 2015 will continue, but new vectors will emerge to supplant legacy tactics The fundamentals remain but the details and specifics remain chaotic and unpredictable New threat vectors will emerge as advanced technology is integrated Leaders with insights to the future have the best opportunity to align resources and be prepared