2017 Cyber Retrospective

According to the Aviation Safety Network, 2017 was the safest year on record for air passenger safety. Of course we've come to expect the highest of standards from such a mature industry and the rigor of this profession. This cannot be said as we reflect on 2017 and the cyber security challenges we all face.

Looking back at 2017, some interesting highlights and statistics:

• 1 million hacked Gmail & Yahoo accounts for sale on the Dark Web
• Dozens of AWS misconfigurations (household names) leaked data
• Ukraine businesses hit by NotPetya  ransomware with a ripple world-wide
• Spike in Smart TVs held hostage in Asia
• Rise and fall of the Bitcoin and targeted attacks on crypto currencies
• Less than 6 months to GDPR deadline, organisations rush to prepare
• EU to declare Cyber-Attacks 'Act of War'
• Cyber Security embarks on being recognised under a professional body
• Microsoft Issues XP patch to mitigate NHS WannaCry Ransomware
• Notable recommended removal of Kaspersky anti-malware products

Were we better prepared for the evitable increase in destructive malware, despite knowing ransomware was on this rise in 2016?

Looking forward into 2018, thecyber  threat will continue to be persistent within all industries within UK PLC. The smaller organisations who often feel immune today will have their fair share of problems via traditional day to day cyber enabled crime, whilst the majority will continue to fall victim of low cost phishing attacks.

The threat landscape has evolved for all of us, last year we saw attacks on our critical infrastructure to aggressive ransomware attacks in local government and wholesale denial of services all seen in 2017. The evolving digital space, agile infrastructure, smart systems and automation of technologies provides an innovative environment for hacking and exploiting new technology. The ubiquitous security weaknesses within the vast number IoT devices and the increasing 'smart systems' which are set to transform all our lives, will continue to be unwitting co-conspirators allied in global distributed denial of service attacks. These attacks will continue to challenge the very fabric of the internet, as we know it today. Notwithstanding those able to exploit Net Neutrality weaknesses as cyber-crime.

Securing the pervasive digital presence within an organisation will challenge the way security professionals think about security architecture, what a 'device' is and its 'identity', aligned to multi-layered communication and integration issues. Notwithstanding how this dovetails into core business processes and how these devices, people and apps communicate together. The advancement in cyber hacking automation will see a rise in the already sophisticated automated hacker toolsets, seeing an advanced hacking capability from a less skilled threat actor. Managed service providers (Cloud and IT) will begin to offer premium cyber safe(r) services in 2018, assuring a safer connected supply chain with protected DNS and DMARC anti-spoofing by default, akin to those offering continuity and resilience enhancements to services today.

Transformational cybercrime capabilities leveraged digital currency such as the Bitcoin, underpinned by Blockchain technology, to anonymously monetise malware and exploit kits on a huge commercial scale. Whilst those with crypto currencies and their digital wallets will continue to be targeted, in 2018, by organised cybercrime actors.

There are over 300 different ransomware variants already from 50 different families of malware. Each new variant brings better encryption and new features, taking advantage of asymmetric cryptography algorithms that use two separate keys. Malware evasion, embedded chipset vulnerabilities and encryption technologies will continue to dominate the landscape as this lucrative cybercrime market evolves. Security researchers prepared to cross the line and sell their zero day wares to the highest bidder will continue to support the advancement of modern cyber warfare. Where the blurred lines of state actors and organised cyber-crime work hand in glove for mutual accord in support of targeted attacks, particularly against the UK national interest.

Cyber defenders should move from legacy incident response duties to a continuous response mode of operation, spending less on prevention technologies and more on investing in their ability to detect and respond. Organisations will develop Security Operations Centre (SOC) capabilities within their IT Service Desk functions, enabling analysts to actively defend and triage existing cyber-attacks.

Active cyber defenders needs a blend of cyber skills borne out of experience and exposure to multi-layered attack patterns. This can be accomplished through simulating cyber-attack operations, where teams practice detecting and responding to realistic situations to gain the necessary skills. Mining operational security big data sets combined with advancements in machine learning will provide a pivotal watershed in combating cyber-crime and reducing an organisations attack surface. Offering defenders improved forensic attribution techniques to enhance cyber intelligence capabilities and provide new mitigation techniques.

With less than six months to go, none will be exempt from the new wave of cyber compliance legislation in 2018. Led in Europe by GDPR, where a disregard for privacy and protection of consumer data will result in huge financial penalties. Followed by the Directive of Network and Information Systems (NIS) for those operating essential services, critical infrastructure and digital service providers.

Cyber security will cross the traditional boundary from information security risk, focused on Confidentiality, Integrity and Availability of data and information assets. Every dimension of our lives is becoming digital, from the cars we drive to our connected homes and cities, services we use as a digitally enabled world. The impact of a cyber-attack as we look forward will not only impact our economy but the safety of people and our digital environments. Beyond 2018, cyber security professionals will become inextricably linked to keeping people and the environment in which we live and work safe, not just information and the flow of data. This inevitable convergence will require us to think about the changes needed for security as a profession, attitudes within business board rooms and the trust within our supply chains.

That said, what remains critical for 2018 is that we must not lose sight of the basics!

In particular, organisations must focus on ensuring basic cyber hygiene tasks are in hand. For example, applying security patches, ethical phishing, enabling active monitoring, trusted anti-malware, awareness and education, testing backups and preparing response plans to name a few. Equally, many businesses fail to understand what actually underpins their critical assets, products and services and where their data assets are across the enterprise. Good cyber hygiene will not keep out or thwart the determined attacker, but it will go a long way in helping to avoid becoming an easy target!