Network Security: In May 2017, the WannaCry ransomware attack infected over 230,000 computers in over 150 countries in the space of 24 hours. Many large corporates across different countries worldwide were hit, from car manufacturers, to telecom and technology firms to healthcare facilities across the world. Closer home, the state governments of Gujarat, Maharashtra, Kerala and West Bengal were affected apart from the police department in the state of Andhra Pradesh. In fact, India was reportedly one of the worst hit nations by the ransomware with more than 40,000 local computers compromised. In total, estimated losses around the world amounted to $4 billion.
WannaCry wasn’t an isolated incident. In late July, HBO was hacked by the Petya ransomware and roughly 1.5 terabytes of information was stolen from the company – including scripts and unaired episodes of hit TV show Game of Thrones. In India, restaurant search and delivery service Zomato revealed that 17 million user records had been stolen from its database earlier this year.
As the world rapidly transforms driven by a strong digitalisation push, the prospects of new technologies like Artificial Intelligence, Machine Learning, Big Data Analytics and the Internet of Things, there’s also increasing risk of confidential data being maliciously collected, stored and disseminated. This risk is further exacerbated in countries like ours, where the cybersecurity ecosystem is still nascent. Very few countries have implemented national cybersecurity strategies, and most organisations aren’t equipped to keep up with ever-evolving threats and regulations.
What will 2018 bring for Network Security?
Higher cybersecurity budgets
Corporates seem to recognise the increasing cyberthreats and are allotting more budget dedicated to cybersecurity. This investment is poised to carry on into 2018. Palo Alto Networks ‘The State of Cybersecurity in Asia-Pacific’ report revealed that 82% of Indian organisations are devoting up to 15 percent of their company’s total IT spend to cybersecurity. Following this, 92.4 percent of Indian organisations surveyed said they were intending to raise cybersecurity spending in the next financial year.
However, organisations must understand that simply investing more money into cybersecurity does not magically make the threats disappear. According to the same survey, 79 percent of respondents indicated their organisation place more importance on detection and response of cyberthreats than prevention. But data breaches remain costly – 41 percent of respondents revealed they have lost at least ₹64,55,500 (US$100,000) in financial year 2016-17 due to such breaches. This raises question around the effectiveness of responding to threats only after incidents are detected, rather than taking a preventive stance.
The increasing importance of Automated Threat Response (ATR)
Cyberattacks are no longer spearheaded by human assailants, but by droves of automated bots. IT teams manned by humans simply cannot deal with the sheer amount of sustained, intensive attacks and will need to employ an equally powerful and effective component of cybersecurity incident response to in order to combat incoming threats.
This solution comes in the form of Automated Threat Response – which is essentially the process of automating the action taken on detected cyber incidents, particularly those deemed malicious or anomalous. For each type of incident, a predefined action for containment/prevention are utilised to bring incidents of interest to the surface. Such technologies help automate detection and prevention of cyberattack, reducing the burden of IT security teams and shortening response time. In 2018, ATR is expected to be increasingly integrated in cybersecurity strategies of organisations while it reaches production-level maturity. We predict that ATR will start being deployed by leading operators of Industrial Control Systems in critical infrastructure and manufacturing environments first, before being adopted by other verticals as awareness and importance of ATR increase.
Machine learning based-cybersecurity
Cybersecurity has some very compelling applications for machine learning. Traditionally, organisations protect themselves from cyberattacks with signature-based security products at the endpoint, on the network and in the cloud. Cyberattackers figured they could beat signature-based security by automating the creation of unique malware and that marked the end of pure signature-based malware detection. Enter machine learning. Today’s advanced endpoint protection systems already use machine learning as one of the methods to identify malicious files with a very high degree of accuracy. On the network, behavioural analytics could utilise machine learning to “learn” the expected behaviour of users and devices and then detect behavioural anomalies indicative of attack. As we head into 2018, cybersecurity is very well-positioned to benefit from machine learning advances.
Blurring of lines between personal and corporate security due to IoT devices
IoT and personal devices are and will become more commonplace. Together with the increasing trend of working remotely, we predict that there will be an increase in employees accessing work-related information using their personal devices – in fact a large 71 percent of employees are already accessing work networks, applications and emails using their personal computers and mobile.
The extension of an organisation’s network to personal devices exacerbates cybersecurity risks that an organisation face. Not all personal devices have built-in security and are potentially vulnerable to being compromised unless regular risk assessments and security audits are performed. As more devices gain access to the corporate network, cybercriminals are equally presented with more options to gain access to these networks. Moving forward, CISOs will need to be more involved in managing the security of personal devices as part of their overarching cybersecurity strategies. Education is imperative in implementing proper cyber hygiene and ensures employees do their part in preventing successful cyberattacks, through their personal devices.
Dedicated cybersecurity talent and upgradation of skillsets
95 percent of Indian organisations were found to have a team / department dedicated to IT security – a high percentage compared to the rest of the APAC region, according to the Palo Alto Networks ‘The State of Cybersecurity in Asia-Pacific’ survey. Despite this, breaches are still occurring and continues to be imminent, which highlights the importance of both automated threat prevention capabilities, and qualified cybersecurity talent who will be able to handle higher level threats. The ever-evolving industry requires professionals to continually upgrade themselves with new skills in areas such as data classes and data governance. This need will be compounded by the influx of data that is being generated every single day. Adaptive skills in new areas like data science and analytics will be key for the next phase of cybersecurity.
The writer is Regional Vice President – India and SAARC, Palo Alto Networks.