One of the most important aspects of any CISO's job is keeping up with the emerging trends in cybercrime. And with the cyberthreat landscape undergoing changes every few weeks — and criminals constantly changing their tactics to stay ahead of security professionals — it's not enough to simply be able to protect a business against the major threats of the day. Successful CISOs will have to live in the future, observing trends and taking steps to ensure their businesses remain protected.
A new survey from the Centre for Economics and Business Research, entitled "Business and Economic Consequences of Inadequate Cybersecurity," asked over 200 C-level executives in Britain about their businesses and cybersecurity. While the entire report is worth reading, there are specific sections regarding emerging trends that deserve special attention. These insights, culled from interviews with top executives, can provide valuable starting points for CISOs who want to look beyond immediacy when it comes to protecting their systems.
This isn't to say cybercrime will become a legitimate business, as it involves illegal activity, but rather that attackers will start to operate within a business atmosphere — as opposed to the lone wolf operations of yesterday. Of all the trends, this one looks to be the most certain, as the sophistication of recent attacks already proves this to be a trend that's currently in motion.
As part of this trend, cybercriminal organizations will begin to have better structure, better tools and, most importantly, long-term plans. Successful attacks will no longer be looking to do as much damage in as little time as possible, but will often be precursors for later, longer attacks. Initial attacks will often be a way of obtaining credentials or delivering small, malicious payloads — and then getting out without making too many waves. Even if a breach is detected, since nothing was deleted, moved or downloaded, it's easy for CISOs to write off such incidents as nothing, when in reality, the first stage of a long attack is in progress. The criminal enterprise can then wait weeks or months before performing the real attack, as they now have long-term planning that trumps their desire to cause havoc within a breached system.
As part of this, attacks in the future may drop in number — but the amount of damage they cause will rise dramatically. This fact alone should provide C-level executives with all the impetus they need to form a solid defense against even the smallest of threats.
Within a few years, all enterprises will have to deal with the Internet of Things (IoT), as the benefits provided by connected devices far outweigh the costs. However, with millions of new access points to deal with, the IoT will become a massive headache for InfoSec.
CISOs have to begin discussions on how to deal with all these devices now, so they are not playing catch-up when this inevitability occurs. The complexity here comes from the sheer size of true IoT installations, so CISOs should focus on automation and scalability in order to meet the demands of rapidly growing network footprints.
As a contrast to cybercrime in the past, most modern threats are all about extracting value from the target, rather than causing chaos. The experts consulted in the survey agree the European Union — and by extension the United States, one would presume — will remain a key target due to the combination of its wealth and dependence on the Internet. Cybercriminal organizations know these businesses must have numerous external connections to remain in business, and they know their data is extremely valuable on the black market.
The report also points out that there are hotspots of criminal activity throughout the world, with a major one currently existing in Eastern Europe. CISOs who can track these hotspots can provide additional scrutiny to connections from those areas, but have to remain alert to changing worldwide conditions. Any place where technology and poverty mix can become a prime breeding ground for criminal technological enterprises.
The main takeaway for CISOs from these trends is that the days of random, damaging attacks being the main source of concern are over. Modern threats will come from organized, patient groups looking to steal data rather than cause destruction. Understanding these threats is the first step in building a defense against them and preparing for the future of the CISO position.
In addition to covering these trends, the full Cebr survey provides valuable insight into cybersecurity from a high-level view. If you want more information on how to deal with the changing threatscape, download the full survey.
Photo Source: Flickr