Security in 2015 - should you be afraid?

Based on its work in the fields of cybersecurity and financial crime, BAE Systems Applied Intelligence has issued the following top five predictions for the digital criminality landscape in 2015.

1. Fragmentation of cybercriminal activities

BAE said the past five years have seen an increasing industrialisation of the cybercriminal marketplace. Specialisms such as malware authoring, counter-AV testing, exploit kits, spamming, hosting, money-muling and card cloning are becoming miniature markets of their own. Crime as a service is a reality, lowering the barrier to entry for budding criminals and fuelling the growing threat, year after year.

“Law enforcement action has done well to date by focusing on the big problem sets and causing significant disruption to these activities,” said Scott McVicar, managing director, Cyber Security, BAE Systems Applied Intelligence. “In 2015, BAE Systems Applied Intelligence anticipates these efforts will cause a fragmentation in the market as criminal actors split into smaller units using newly developed and more resilient capabilities. We believe this will present a greater challenge for the security community.

“We also see the need for law enforcement to find ways to drive efficiency and automation into their intelligence collection and analysis work streams,” he added. “This should enable them to ramp up the number of simultaneous investigations and make disruption a ‘business as usual’ activity.”

2. A period of ‘hyper regulation’

McVicar said that in the context of millions of dollars in fines, financial institutions now have an imperative to actively search out criminals such as money launderers, rather than simply being compliant with regulatory guidance. He said more organisations will hire more big hitters from the law enforcement and national security world to show they are serious about stopping the criminals.

“Organisationally, we will see continued efforts to remove silos between Risk, Compliance and Information Security departments, a continuing move towards these departments to work more closely together, and requirements for combined detection capabilities,” said McVicar.

“From an operational perspective, joining up investigative capabilities to develop a single intelligence platform across the enterprise will be increasingly key. This will be combined with the deployment of integrated case management for all forms of financial crime across all financial institutions.”

3. IoT needs security from the start

McVicar said that one of the most disruptive forces in the coming generation will be the growth in interconnectivity of machines, data and people - the Internet of Things, or IoT. This disruption is expected to bring us the next industrial revolution whereby automation and orchestration of many tasks in manufacturing, retail, transport and the home lead to greater efficiency and massive productivity gains.

McVicar added that little stands in the way of this advance in technology; however, security professionals are already voicing concern about both the systematic risks of greater connectivity, as well as the risks to life with machines such as cars and medical equipment becoming part of the connected world.

“We anticipate that 2015 will see increased focus on building in ‘security-from-the-start’ for the next industrial revolution; security professionals will be tasked with finding solutions for protecting critical systems and national-scale infrastructure,” said McVicar. “They will look at techniques such as segmenting high-value systems away from high-risk activity whilst retaining connectivity and trusted data flows.

“With a broader attack surface we expect that criminals, activists and spies will continue to penetrate networks. Limiting potential impact whilst enabling the myriad of advantages connectivity brings will be key to realising the benefits,” he said. “Rather than being an impediment, we expect that good security can actually speed up the realisation of this next industrial revolution.”

4. The impact of deception efforts

“Cyberthreat reporting and public white papers have grown in regularity and prominence during 2014. One of the key parts to a contemporary threat report is attribution - the small details in the code and attack behaviour which give away clues as to the perpetrators of attack campaigns,” said McVicar.

“What should be a scientific process is still more of an art, with technical indicators mixed in with contextual information and cultural references providing hints which are picked up by researchers,” he added. "Attackers read the resulting public reports as well, we can see evidence of this from the shifts in behaviour which occur immediately afterwards."

McVicar forecasts that in 2015, attackers will go to greater lengths to improve their own operational security and increase their use of deception - that is, the placing of false flags to throw off researchers and hamper attribution. This runs the risk of undermining the art of attribution and casting a shadow over the field of threat intelligence.

He said that researchers will need to adopt practices from the professional intelligence community and tread more carefully when drawing conclusions about who is ultimately behind cyber attacks.

5. Crunch time for big data

“We’ve seen the rise of big data in recent years with technologies such as Hadoop moving from niche projects to mainstream workhorses,” said McVicar. “Businesses in sectors such as telecoms, banking and technology have shown most interest and many have already invested in big data technologies. We are now entering a maturing phase of the life cycle, with competing platforms, support services and a strong market for developers, data scientists and administrators.

“However, business leaders who’ve funded the investment are increasingly asking their technology teams to show value from their implementations,” he added.

“We anticipate 2015 to be crunch time for big data crunching - where those who are still running at the prototype phase are expected to deliver more towards specific business use-cases to justify continued investment. This will focus minds from ‘getting more data in’ to ‘getting more out of existing data’,” he said.

“There will be a shift from technologies which enable storage and basic reporting to those which enable meaningful intelligence to be extracted,” said McVicar. “Use-cases such as network monitoring, fraud detection and security analytics will be popular - driven by the increasing overlap between cyberthreats and other risks and more focused board-level attention on managing cybersecurity across the business.”

Image courtesy Dennis Skley under CC