In its predictions for the year ahead, jointly compiled with experts from Raytheon, the company said security professionals would be best served by viewing these two distinct areas "as two halves of an integrating whole: although they both may remain different, they are no longer separate".
The predictions were grouped in two broad categories: macro events driven by larger forces, and those positioned primarily in the digital world.
Forcepoint said cyberspace had now become as important an area for defending as physical boundaries. Hackers could launch false flag attacks and try to implicate innocent countries, and as more and more nations gained the ability to launch cyber attacks, more resources would have to be expended in guarding against these attacks.
|
|
"Millennials represent a cultural shift that may prove challenging to workplace cybersecurity policies. They are accustomed to sharing their personal information and using their own digital devices, apps, etc.
Forcepoint principal security analyst Carl Leonard.
"They also tend to have an elevated trust of technology and a tendency to embrace new connected devices that too often lack sufficient security to protect their data and privacy. Finally, with their multiple social media accounts, millennials present hackers an expanded attack surface," the report said.
It added that the way around this was for organisations "to get ahead of the millennial security curve by adopting technology that puts context around employee behavior to distinguish between harmless or accidental behavior and risky or malicious employee activity".
The report said 2017 would be the last year before data protection harmonisation came into force, citing the case of the European Union's general data protection regulation that would become law in May 2018.
This would probably cause business costs to rise and companies would be compelled to offer protection for personal information that they collected. Global companies would be forced to create separate silos for information based on where it came from, due to data protection legislation.
Citing the case of Wells Fargo, where employees secretly created accounts for customers in order that the bank could earn fees from them, the Forcepoint report said it was likely that more such cases would come to light.
"It won’t be just from financial or banking institutions, either. The opportunity to generate revenue from taking advantage of millions — if not hundreds of millions — of customers personally identifiable information may prove to be too tempting for large organisations in other spaces to resist," it said.
And, given the fact that control of the Internet has now passed from American to international control, it was likely that individual countries would draft new laws to fight such occurrences.
The report said 2017 was likely to see a convergence of security firms, with bigger companies acquiring their smaller counterparts. "As a result of vendor consolidation, those that are not a part of industry convergence or that aren't receiving additional venture capital will be more likely to exit the industry.
"We will see the beginnings of 'dotbomb 2.0' emerge in this ever expanding and over-populated industry," the report said, adding that security training and products aimed at increasing security resources could be the next big wave to use consolidated cybersecurity products.
As more and more companies moved their computing to the cloud, Forcepoint predicted that hypervisor technology would come under increasing attack. Cloud providers could also face increasing denial of service attacks and this would mean that untargeted clients could be victims as they were operating in the same cloud.
The report said as voice platforms and command sharing became more common, user behaviour and expectations would change. Ultimately, this would lead to a diminishing of user autonomy, taking choice away from humans.
"The creators of AI interfaces will become powerful influencers of not just how we interact with machines, but also the slant of the information toward which the machines will be programmed to steer us. For example, which news channel will your AI interface, by default, send you to: CNN, BBC, RT or FNC?" the report asked.
This trend towards AI would lead to the rise of more and more autonomous hacking machines, in turn creating a rush for autonomous patching. "Weaponised autonomous hacking machines may greatly impact global stability by either preventing national defence protocols being engaged or by triggering them unnecessarily," the report warned.
Ransomware was seen as increasing markedly in the year ahead. "Unethical organisations may fill their need for technological innovation and development by hiring ransomware hackers to obtain specific information from competitors. At the same time, ransomware hackers may offer to sell ransomed critical data to the highest bidders while collecting ransom payments from their victims. Why collect just one paycheck when you can collect two, or perhaps many more, from the same hack?" the report pointed out.
Abandonware was the final point covered in the report. Forcepoint has already released a detailed study on this class of software threat, and added, "We expect to see more legacy, end-of-life abandonware vulnerabilities leading to data breaches. This will occur both in the consumer and commercial spaces and, to the consternation of IT professionals everywhere, in the cybersecurity space as well."
In response to queries from iTWire regarding mitigation, Forcepoint principal security analyst Carl Leonard said: "Users, vendors and implementers of technology have a shared responsibility to adopt good security practice. By embracing new technology trends, whilst at the same time bearing in mind the possible security ramifications, it is possible to thrive in our highly connected, rapidly changing digital world."
Asked whether it would be better to slow down the headlong rush into automation and AI until people got a better handle on what the actual security situation was, Leonard replied: "Often times the enthusiasm to release products to market takes priority over security. Vendors then find themselves applying retrospective updates to mitigate issues discovered after the deployment of technology.
"That is to be expected given the complexity of any new technology but can only be supported if the infrastructure has been designed to accommodate; think over-the-air updates that permit large-scale fixes."
When it was put to Leonard that human greed could make people continue with this headlong rush into a world where security is sacrificed for convenience, his response was that "the very human drive to push the boundaries and shape the world in which we live will always push the envelope in terms of safety, security and implications of deployment. Security needs to move at that same pace or faster".
Asked why many devices that did not need to be connected to the Internet were being hooked up, Leonard said: "As we deploy more connected devices a balance must be achieved between security and convenience. Businesses should take into account the risks that arise after a decision to deploy a new technology bearing in mind that sometimes it is more damaging to not make a decision."
He said that deploying technology, "particularly artificial intelligence embedded into devices, should take into account the issues around privacy, the likelihood of attack, and ethics".
"A relevant lesson can be learned from people's enthusiasm to install apps on their mobile phones without taking heed of the permissions these apps require; to install software without reading the terms and conditions, and to connect devices without considering the implications. Our world is changing, our digital and physical worlds are converging and our view of security must change with it," Leonard said.
