Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.
Top 10 Cybersecurity Predictions for
2016 and Beyond
Matthew Rosenquist
Cybersecurity Strategist,
Intel Corp
March 2016
More of everything will massively increase the number of potential targets.
The growing cyberattack surface
The ease and cost of developing connected things is dropping fast, leading to
an explosion of new products, many without a...
Chain Reactions Drive Cybersecurity Evolution…
10 Evolving Challenges in Cybersecurity
1. Government’s roles expand
2. Advances in nation-state cyber-
offense affects everyone
3. Life safety and cybersecurity
...
Public demands their governments be
more actively involved in preventing and
responding to cyber threats, major
hacking ev...
Government’s Roles Expand
Result:
1. More regulations, to raise security
standards
2. Better policing and collaboration
3....
Nation-State Cyber-Offense Affects Everyone
Broad adoption by many nations of cyber-
offense capabilities.
Governments inc...
Nation-State Cyber-Offense Affects Everyone
Result:
1. Trickle-down effect gives advanced
technology to criminals and atta...
Life Safety and Cybersecurity Intersect in
Products
Industrial and consumer products are
being connected to the internet a...
Life Safety and Cybersecurity Intersect in
Products
Result:
1. A slow wake-up call for the
transportation, healthcare, and...
Attacks on automobiles will increase sharply in 2016 due to the rapid increase
in connected automobile hardware built with...
Top 10 Healthcare breaches of
2015, affected almost 35% of
the US population
Healthcare
Critical infrastructure systems not designed with outside access in mind will
become vulnerable to low-incident, but high-...
Rise in Digital Theft and Fraud
More opportunities to steal, extort, and commit
fraud. Greed principle prevails
Attackers ...
Rise in Digital Theft and Fraud
Result:
1. More ways to successfully commit financial
fraud and theft
2. Number of attacks...
Industry currently fails to measure the systemic impact
and long term costs
New interest to understand the overall costs:
...
Result:
1. Understanding impacts will begin to shift
the industry perspectives
2. Evolving from tactical treatment of
recu...
6. Cybersecurity Expectations Increase
Market demands more connectivity, devices,
applications, and services
Enterprise pe...
Cybersecurity Expectations Increase
Result:
1. Expectations rise, but resources and
capabilities will not keep pace, causi...
7.
Attackers are nimble, opportunistic, cooperative,
skilled and relentless
Their motivation, resiliency, and creativity d...
Result:
1. Dark markets and services grow to enable
2. New data breach targets emerge
3. New uses for personal, health, bi...
Cybercriminals, competitors, vigilante justice seekers, and nation-states
will increasingly target cloud services platform...
Attacks on all types of hardware and firmware will continue. The market for
hardware attack tools will expand. VMs will be...
8. Trust and Integrity are Targeted
Attackers leverage trust mechanisms for their
goals: Digital certs, Identity and, Encr...
Trust and Integrity are Targeted
Result:
1. Digital certs misuse allows access and
malicious sites/software to proliferate...
A significant new attack vector will be stealthy, selective compromises to the
integrity of systems and data. In 2016, we ...
9. Security Technologies Improve but Remain
Outpaced and Outmaneuvered
Execs get serious on managing cyber risks
Holistic ...
Security Technologies Improve but Remain
Outpaced and Outmaneuvered
Result:
Near-term cyber protection capabilities
Availa...
The security industry will develop effective weapons to protect, detect, and
correct many attacks, but the arms race will ...
Threat intelligence sharing among enterprises and security vendors will grow
rapidly.
Sharing threat intelligence
 Legisl...
10. Lack of Talent Hinders the Industry
Lack of qualified talent will greatly restrict the
growth and effectiveness of sec...
Lack of Talent Hinders the Industry
Result:
1. Salaries continue to rise until demand is
met
2. Headhunting and retention ...
Conclusion
As always, cybersecurity represents risks and
opportunities
Much of what was seen in 2015 will continue, but
ne...
Prochain SlideShare
Chargement dans…5
×

Top 10 cybersecurity predictions for 2016 by Matthew Rosenquist

3 671 vues

Publié le

Cybersecurity is a difficult and serious endeavor which over time strives to find a balance in managing the security of computing capabilities to protect the technology which connects and enriches the lives of everyone.
Peering into the future of cybersecurity provides valuable insights around the challenges and opportunities. The industry is changing rapidly and attackers seem to always be one step ahead. Organizations must not only address what is ongoing, but also prepare for how cyber-threats will maneuver in the future.
The 2016 Cybersecurity Predictions presentation showcases the cause-and-effect relationships and provides insights and perspectives of the forthcoming challenges the industry is likely to face and how we can be better prepared for it.

Publié dans : Technologie
  • Very in-depth research done. Thanks for the detailed information. Great presentation!!
       Répondre 
    Voulez-vous vraiment ?  Oui  Non
    Votre message apparaîtra ici

Top 10 cybersecurity predictions for 2016 by Matthew Rosenquist

  1. 1. Top 10 Cybersecurity Predictions for 2016 and Beyond Matthew Rosenquist Cybersecurity Strategist, Intel Corp March 2016
  2. 2. More of everything will massively increase the number of potential targets. The growing cyberattack surface
  3. 3. The ease and cost of developing connected things is dropping fast, leading to an explosion of new products, many without adequate security protection. New Device Types
  4. 4. Chain Reactions Drive Cybersecurity Evolution…
  5. 5. 10 Evolving Challenges in Cybersecurity
  6. 6. 1. Government’s roles expand 2. Advances in nation-state cyber- offense affects everyone 3. Life safety and cybersecurity intersect in products 4. Rise in digital theft and fraud 5. Realistic impacts of cybersecurity emerge 6. Security expectations increase 7. Attackers evolve, adapt, & accelerate 8. Trust and Integrity are targeted and undermined 9. Security technologies improve but remain outpaced and outmaneuvered 10. Lack of security talent hinders the industry Cybersecurity is Rapidly Evolving
  7. 7. Public demands their governments be more actively involved in preventing and responding to cyber threats, major hacking events, fraud, and digital crimes, yet not infringe upon individual’s privacy. Government’s Roles Expand1.
  8. 8. Government’s Roles Expand Result: 1. More regulations, to raise security standards 2. Better policing and collaboration 3. More laws for prosecution actions 4. Friction around technology privacy and government access
  9. 9. Nation-State Cyber-Offense Affects Everyone Broad adoption by many nations of cyber- offense capabilities. Governments incorporate cyber into their defense apparatus with clear objectives and deployable systems. 2. i 29countries Have formal cyber warfare units i 63countries Use cyber tools for surveillance i $19billion US 2017 proposed budget for cybersecurity
  10. 10. Nation-State Cyber-Offense Affects Everyone Result: 1. Trickle-down effect gives advanced technology to criminals and attackers 2. Reverse engineered code is reused by other threats 3. Attackers don’t need to invest in developing high-end exploits, instead they harvest what governments create
  11. 11. Life Safety and Cybersecurity Intersect in Products Industrial and consumer products are being connected to the internet and to each other Vehicles, appliances, power stations, medical devices, and billions of other devices are gathering data and exerting a level of control in our lives Risk of catastrophic impacts as our reliance and trust increase 3.
  12. 12. Life Safety and Cybersecurity Intersect in Products Result: 1. A slow wake-up call for the transportation, healthcare, and industrial sectors as risks emerge 2. As IoT devices explode in number and function, so will the potential misuse 3. Remote devices, cameras, and drones become more concerning to safety and privacy. Expect more regulations
  13. 13. Attacks on automobiles will increase sharply in 2016 due to the rapid increase in connected automobile hardware built without foundational security principles. Transportation
  14. 14. Top 10 Healthcare breaches of 2015, affected almost 35% of the US population Healthcare
  15. 15. Critical infrastructure systems not designed with outside access in mind will become vulnerable to low-incident, but high-impact events as they become connected to the Internet. Critical infrastructure
  16. 16. Rise in Digital Theft and Fraud More opportunities to steal, extort, and commit fraud. Greed principle prevails Attackers are organized, share methods and tools Threats not limited by geography Financial, social, and geopolitically motivated 4. i ~$450billion Cyber-crime impact globally i 200%increase In cyber-crime in the last 5 years i 32%reported Organizations reporting cyber-crime
  17. 17. Rise in Digital Theft and Fraud Result: 1. More ways to successfully commit financial fraud and theft 2. Number of attacks increase, externals and internals, from across the globe 3. Higher cost incidents, millions-billion dollar attacks 4. Rising: Ransomware, CEO Fraud, transaction tampering 5. Continuing: DDOS & data breach extortion, Tax, Credit & banking fraud, skimmers, ATMs
  18. 18. Industry currently fails to measure the systemic impact and long term costs New interest to understand the overall costs:  Security products/services spending, staffing, audit/compliance, and insurance  Incident response and recovery costs  Secure product development, innovation and sales friction, related opportunity costs Realistic Impacts of Cybersecurity Emerge5.
  19. 19. Result: 1. Understanding impacts will begin to shift the industry perspectives 2. Evolving from tactical treatment of recurring symptoms to strategic interdiction of the systemic condition Realistic Impacts of Cybersecurity Emerge i $3trillion Aggregate innovation impact of cyber- risks by 2020 -McKinsey & World Economic Forum i $90trillion Potential net economic benefit drained from global GDP, worst case thru 2030 -Zurich & Atlantic Council
  20. 20. 6. Cybersecurity Expectations Increase Market demands more connectivity, devices, applications, and services Enterprise perspectives shift to accept the reputation and market risks Consumers expect security “their way”: Safety with access anywhere to anything
  21. 21. Cybersecurity Expectations Increase Result: 1. Expectations rise, but resources and capabilities will not keep pace, causing friction and opportunities for attackers 2. Strategic insights are needed to manage risks and seize opportunities 3. Leadership will be key to find the ‘optimal’ balance of security
  22. 22. 7. Attackers are nimble, opportunistic, cooperative, skilled and relentless Their motivation, resiliency, and creativity drives great adaptability Acceleration in their methods, tools, and targets (technology, people, processes) Attackers Evolve, Adapt, and Accelerate
  23. 23. Result: 1. Dark markets and services grow to enable 2. New data breach targets emerge 3. New uses for personal, health, biometric, and login data is explored by attackers 4. Research follows quickly into new areas of technology 5. Ransomware and “CEO email” tactics rise 6. Integrity attacks spear-headed by pros for huge gains – will drive new security solutions Attackers Evolve, Adapt, and Accelerate
  24. 24. Cybercriminals, competitors, vigilante justice seekers, and nation-states will increasingly target cloud services platforms to exploit companies and steal confidential data. Cloud services
  25. 25. Attacks on all types of hardware and firmware will continue. The market for hardware attack tools will expand. VMs will be successfully attacked through system firmware rootkits. Hardware Equation Group – HDD and SSD firmware reprogramming malware First commercial UEFI Rootkit
  26. 26. 8. Trust and Integrity are Targeted Attackers leverage trust mechanisms for their goals: Digital certs, Identity and, Encryption implementation Integrity attacks continue to escalate, altering data instead of stealing it. This begins a whole new game.
  27. 27. Trust and Integrity are Targeted Result: 1. Digital certs misuse allows access and malicious sites/software to proliferate 2. Vulnerabilities in devices, encryption, and code force changes in product design 3. Integrity attacks emerge as a devastating new strategy, targeting financial, communications, and authentication transactions
  28. 28. A significant new attack vector will be stealthy, selective compromises to the integrity of systems and data. In 2016, we will witness an integrity attack in the financial sector in which millions of dollars will be stolen by cyber thieves. Integrity
  29. 29. 9. Security Technologies Improve but Remain Outpaced and Outmaneuvered Execs get serious on managing cyber risks Holistic and strategic views take hold Cloud gets more secure Malware detection and forensics improves Hardware is the new trust foundation Incident Response capabilities and services achieves professional standing
  30. 30. Security Technologies Improve but Remain Outpaced and Outmaneuvered Result: Near-term cyber protection capabilities Availability/Denial of Service Confidentiality/Data Breach Integrity/Trust of Transactions iEXCELLENT iGOOD iLACKING
  31. 31. The security industry will develop effective weapons to protect, detect, and correct many attacks, but the arms race will continue. The security industry fights back Security industry to-do list:  Behavioral analytics to detect irregular activities  Threat intelligence, shared to deliver faster and better protection  Cloud-integrated security to improve visibility and control  Automated detection and correction to protect more devices with fewer security professionals
  32. 32. Threat intelligence sharing among enterprises and security vendors will grow rapidly. Sharing threat intelligence  Legislative steps will make it possible to share threat intelligence with government.  We will see an acceleration in the development of best practices for sharing emerging threat information.  Threat intelligence cooperatives between industry vendors will expand. STIX/TAXII will be the standard by which they share information.  Metrics for success will emerge, allowing enterprises, security vendors, and governments to quantify protection improvement.
  33. 33. 10. Lack of Talent Hinders the Industry Lack of qualified talent will greatly restrict the growth and effectiveness of security Academia is working to satiate demand, but it will take time. i 1.5-2million Unfilled positions by 2017 i 12xgrowth Compared to the overall job market i 70%understaffed Organizations report lack of staff
  34. 34. Lack of Talent Hinders the Industry Result: 1. Salaries continue to rise until demand is met 2. Headhunting and retention of top talent is ruthlessly competitive 3. Leadership and technical roles in greatest demand 4. Outsourcing to MSSP’s and security consulting firms increases
  35. 35. Conclusion As always, cybersecurity represents risks and opportunities Much of what was seen in 2015 will continue, but new vectors will emerge to supplant legacy tactics The fundamentals remain but the details and specifics remain chaotic and unpredictable New threat vectors will emerge as advanced technology is integrated Leaders with insights to the future have the best opportunity to align resources and be prepared

×