Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

A10: 10 Security Predictions for 2018

December 2017 by A10 Networks

In the 1970s, the Amazing Kreskin wowed audiences with his uncanny ability to
see the future. Using suggestion, he’d make predictions. While Kreskin would
stop short of calling himself a psychic - instead choosing to be considered an
entertainer - his predictions often came true.

By the A10 Networks Security Engineering Research Team (SERT)

Today, we’re going to do our best Kreskin impression and attempt to predict the
state of cybersecurity in 2018. Using our experience and understanding of the
market as guide, we’ve put together 10 predictions cybersecurity next year.
Without further ado, here are A10’s top 10 security predictions for 2018.

1. Digital security will become a basic human rights issue.

Today, mankind is highly dependent on digital communications. Mobile devices,
laptops and the cloud have enabled instant and ubiquitous access to data for
everyone. Cyberthreats continue to grow and affect enterprises and service
providers. These threats also affect consumers, who are often the least equipped
to deal with security issues. Phishing, fraud, identity theft and ransomware
threaten consumers’ peace of mind.

Our dependence on safe communications is not unlike our need for clean air,
water and food. Digital security needs to be treated as a fundamental human
right. Without simple protection and assurance, people are at risk. They face
significant hardships and monetary losses due to rampant security threats and
issues. Before security issues take epidemic proportions, society must shift its
perception and see cybersecurity as a fundamental human right. This will give
businesses and consumers peace of mind.

2. A catastrophic attack will cripple, partially or completely, a major mobile
network operator by targeting its core.

Mobile network operators today focus on protecting their networks from attacks
originating from outside. They defend their networks using Gi firewalls and DDoS
protection appliances. This is changing, however, and now we see that attacks
can also originate from inside the network.

Mobile network operators are not properly prepared for such attacks, and the
core of 3G and 4G networks is generally not protected. Come next year, a savvy
attacker will target the right component and can bring down the network by
disabling its brains.

3. Encryption will become much more important in east-west traffic.

As east-west traffic grows rapidly and more companies shift workloads to the
cloud, sensitive data is more exposed than ever. This can result in theft and
data breaches. Encrypting east-west traffic will be necessary to achieve
security and compliance. We see this taking center stage in 2018 as use of
encryption continues to grow as trust online dwindles.

4. City and state governments will experience more cyberattacks that ever
before.

For the last several years, city and state governments have faced increasing
volumes of cyberattacks. In 2018, it will reach a boiling point. As city and
state governments continue to move to online services and leverage modern
architectures like the cloud, budgetary constraints will dictate their security
capabilities. Most will resort to best effort and underfunded security programs,
increasing the likelihood of governments becoming targets. These attacks will
also have a ripple effect in that they could expose citizens to more fraud and
theft or exposure of personal data.

5. Serverless security and analytics functionality will become more mainstream
for functions such as virus scanning, etc.

One area that serverless computing systems, like AWS Lambda, shine is in the
triggered manipulation of data. In some security and visibility use cases, this
is a key element of the transaction.

Within the next year, you will see these serverless applications enable pay as
you go businesses focused on cybersecurity and malware protection. This will
also enable scalable, on-demand analysis of infrastructure telemetry.

Triggered logs, flow information and packet capture analysis using serverless
infrastructure will become more commonplace and allow small to mid-size
businesses the same scale benefits and flexibility of large scale businesses due
to the pay as you go model.

6. Cloud providers become a target by attackers looking to cause disruption.

As more companies move to the cloud, attackers will directly or indirectly
target cloud providers. Just one look at the Dyn and Mirai attacks of 2016 show
this trend forming, and it’ll reach a new peak in 2018. Corporations will have
limited response capabilities to deal with their cloud provider being attacked,
as they have no control over the underlying infrastructure.

This will cause more companies to look at a multi-cloud strategy to avoid
putting all of their workloads with one cloud provider.

7. Adaptive and deceptive security products will become a top five technology.

In order to trick the bad guys, new technologies will emerge that will give
security researchers and security operations the ability to predict an attack
that is yet to happen. Predictive analytics will go from a nice to have to a
must have, and corporations will have to invest these technologies to stay ahead
of threat actors and protect their systems.

8. AI will be heavily used to power emerging security technologies.

While we’re not talking about full-fledged AI here, the rise of commoditized
machine learning capabilities and chat bots being built into just about every
new product will allow for human and electronic intelligence to be combined more
effectively. Come next year, this will give security teams the ability to assess
and prioritize security vulnerabilities based on more than just a single label,
thus offering deeper protection.

9. Vulnerable SCADA systems and/or IoT will cause physical damage in 2018.

Vulnerabilities in Internet of Things (IoT) devices and supervisory control and
data acquisition (SCADA) systems will lead to physical - not just digital -
damage of some type in 2018. Hopefully the scale of damage will limit casualties
to controller components. Unlike stuxnet and flame targets, IoT and SCADA
devices are leveraging common open-source frameworks that are easy to
fingerprint and hard to patch after installation, making them prime targets.

10. We’ll witness the rise of blockchain security technologies.

Blockchain will be more than just a buzzword come 2018. Blockchain technologies
will be leveraged by many companies next year. Browsers will get
native/experimental support and online identities to reduce the amount of
anonymous transactions. By design, blockchain technologies are more secure than
their predecessors, creating an online environment with tighter security and
less anonymity than we’ve seen in the past.


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts