2016 was aptly termed the "Year from Hell" for security breaches. Major hacking efforts hit the U.S. Department of Justice, revealing data personal data on FBI and Homeland Security employees; the IRS was hacked, and over 700,000 personal tax documents were obtained; healthcare providers were hacked and personal and financial information of patients were obtained; DDos attacks were attributed to insecure IoT devices; and even a presidential election was hacked.
2017 could be worse, as hackers discover new methods of malware delivery, get into vulnerable databases, including those of corporate and governmental enterprises. Obviously, new technology must be developed to fend off these attacks, and here are some trends that we will see in 2017.
The October DDoS attack that impacted a big part of the Internet was, in part, enabled by default passwords on IoT devices. Simple, common or outdated passwords are common, and make it so easy for hackers to slip in. Compounding this problem is the fact that so many systems are accessed remotely by employees on their own devices, which are often highly vulnerable.
One solution is that of "password vaults," in which passwords are stored and unknown to users. These passwords would be regularly validated and rotated. Because hackers always go for the easiest target, they may avoid systems like this, rather than spend the amount of required time and effort to chip away at a vault system.
Passwords are the Weakest Link in Security Systems
A more promising alternative for passwords lies biometric authentication. Instead of focusing on what a person "has" (e.g., a password and a token), it focuses on something a person is.
Common biological features used instead of passwords are fingerprints, palm print patterns, iris of an eye, or facial and voice patterns. The last three are probably the safest, because they do not involve physical contact with the device. And the deployment of these features will make use of smartphones as portable sensors. In this way, users can access a system remotely via their phones and the Wi-Fi capabilities can transmit the biometric features to a back-end system.
The Obvious Benefit
Biometric authentication features cannot be stolen, hacked, or duplicated, and this, of course, is the ideal in security. And should an unscrupulous employee, who has stolen information or accessed what he should not have, attempt to claim he was hacked, he is dead in the water.
While biometric authentication is not 100% accurate (it will occasionally provide a non-match result), it is nonetheless far superior to the traditional password/token system, and many enterprises with sensitive data are moving toward such a system. As the technology improves, it will easily become the preferred system of government agencies too – in fact, it already is in some. To date, the fingerprint has proved to be the most accurate, but that may change as we move through 2017.
Getting Serious About Privilege Management
The higher up in an organization someone is, the more valuable he becomes to a hacker. Current systems of access for CEO's, IT pros and vendors are not adequate.
It's time for organizations to get serious about who has access to what. Many think, for example, that they can just put their vendors on the VPN's and "call it a day." Nothing could be further than the truth.
Smart organizations will develop and implement a privilege management system that provides access of individuals only to certain parts of the system, dependent upon their positions and need for information/data.
"The other issue," says Bryan Christiansen of Netswat, "is that people are just more willing to cough up their personal and financial information in order access apps or connectivity. They trust that these app developers and other providers have the skills to put adequate security in place to protect them. This is just not the case. And when users access these apps from a device that is connected to an organization's system, hackers are in heaven."
Limiting access on a "need to know" basis, and having measures in place to alert an organization when an attempted breach has occurred will be a much bigger trend next year.
Dwell Times – A Huge Problem
A dwell time is the amount of time between a successful hack and that hack being discovered. Sometimes it can be as lengthy as two years or more – that's a costly hack. The reason this occurs is that we have been, until now, focusing on what to do after a breach has been discovered, using forensics tools to identify the culprit, rather than on prevention alerts early on.
During 2017, IT companies will be far more focused on developing products that look at raw traffic and identify patterns that indicate a potential breach. The goal is to catch the breach very early and prevent serious damage. This is an area in which AI has a huge role to play, and it will play that role more and more as we move through 2017.
Mobile and IoT Devices Will Remain the Most Vulnerable
Mobile devices go everywhere and connect to public Wi-Fi everywhere. Likewise, with IoT devices. These connected devices are anything but "smart," particularly older IoT devices that are still in use and have little security protections at all. An individual who turns his thermostat on via his mobile device – the same device he uses to access sensitive data for work – has left his workplace open to hackers. And that is just the tip of the iceberg, so to speak. A huge concern of IT security professionals is how all of this opens up the potential of an attack on a large infrastructure such as a power grid.
Unfortunately, not enough has been accomplished in this area, but it will certainly be a high priority in 2017, given the ease with which the DDoS attack occurred. Forensics has traced this to the Mirai botnet, composed of insecure IoT devices.
Again, the focus for 2017 will be in developing products that will detect breaches early on and convincing users that they must be installed, so that alerts come quickly.
Other Security Issues
There are many additional vulnerabilities that will need attention in 2017 – more sophisticated malware, ransomware, and cloud security. Most IT security professionals agree that we have been too reactive, going into action only after breaches are discovered. The overall trend for 2017, it appears will be the use of AI to detect patterns of activity that signal potential hacks and then taking steps to prevent or at least minimize them. In fact, a recent commission report to President Obama has made just such a series of recommendations.