Cybersecurity trends and forecast for 2017Offer and demand market of cybersecurity professionals...

The information provided in this document is the property of S21sec, and any modification or use of all or part of the content of this document without the express

written consent of S21sec is strictly prohibited. Failure to reply to a request for consent shall in no case be understood as tacit authorization for the use thereof.

© S21sec Portugal, S.A.

C-Days 2016Cybersecurity National Centre

Date: Set 2016

Cybersecurity trends and

forecast for 2017

2SLIDE 2

PUBLIC WITH AUTHORIZED CIRCULATION

15 years experience in

the security

business

Incident

prevention

and response

24x7

Protection against all types

of cybersecurity threats

Comprehensive

Security Management


SLIDE 3

*

Motivations

Analysis vectors

Trends and Forecast

Table of Contents


SLIDE 4

Make everyone who reads this more aware of cyber risks

Help professionals direct their career to where they can be of most value

Provide insights that help companies (re-) align cyber security

MotivationsThis presentation and overall S21sec posture

Cybersecurity will have an increasing impact in the life of all of us

Awareness and visibility is fundamental to cyber risk avoidance

Cybersecurity National Centre has/will have a fundamental role in the Portuguese society …

… and it needs all the help all of us can provide

Conte

xt

Go

als


SLIDE 5

*

Motivations

Analysis vectors

Trends and Forecast

Table of Contents


SLIDE 6

ContextChanges in the world

(geopolitical, technical, etc.)

CrimeChanges in the way criminals are conducting their activities

MarketOffer and demand market of cybersecurity professionals

Regulation

Changes in regulation related to cybersecurity

Analysis vectorsWhat vectors were considered in this analysis?


SLIDE 7

Trends and Forecasts - Analysis vectorsHow were trends and forecasts matched?

Co

nte

xt

• Facts and trends that are relevant are listed in

the darker rows…

The forecast is presented here as a deduction,

induction, correlation, simple evolution, etc., of

the facts and trends on the left

Cri

me

• … organized by category …

Ma

rket

• Sometimes, some of the categories are not

relevant …

Re

gu

l.

• … for specific forecasts and the rows are shown

in a lighter tone.


SLIDE 8

*

Motivations

Analysis vectors

Trends and Forecast

Table of Contents


SLIDE 9

ATM and PoS networks will be targetedTrends and Forecasts

Types of Attacks (with confirmed data breach)

Source: Verizon, Data Breach Investigations Report, 2015

Insider Misuse 129

ATM/POS Intrusions 419

Cyber-espionage 290

Payment Card Skimmers 108

Web App Attacks 458

Physical Theft/Loss 35

Crimeware 287

Miscellaneous Errors 11 2006 2007 2008 2009 2010 2011 2012 2013 2014


SLIDE 10



SLIDE 11


Co

nte

xt • ATM and PoS data is not only financial but also

behavioral, being “monetized” in multiple ways

• ATM and PoS systems are prone to be short-of-

patch for long periods of time

Sophisticated attacks on ATMs

(and PoS) will increase

Attackers are increasingly using

advanced techniques to infect ATM and

PoS devices, using inside information

(systems and networks) and, additionally,

knowledge regarding operational

procedures.

Banks will accelerate use of ATM and

PoS protection technologies

(hardening solutions)

Cri

me

• Attacks on ATM and PoS networks have

increased in the recent years

Not applicable

Not applicable


SLIDE 12

Smartphones will be increasingly targeted (Android mostly)Trends and Forecasts

Note: study from Cambridge University


SLIDE 13

Smartphones will be increasingly targeted (Android mostly)Trends and Forecasts

Co

nte

xt • Smartphones are being sold by the millions

• People use smartphones for everything

• Independent app stores became common

• Most stores do not check app’s security

Smartphones will be increasingly

targeted

Common people will become afraid of

using smartphones for financial

operations.

Use of MDM solutions by organizations

will become critical.

Cri

me

• Financial institutions are implementing Digital

Transformation programs, as a response

towards the rise of FinTechs

• Publishing “malware apps” in app stores has a

successful track record

Not applicable

Not applicable


SLIDE 14

Critical Infrastructures will be under attackTrends and Forecasts

Co

nte

xt • Geopolitics are heating up (Trump, Putin, UK)

• APTs are getting more sophisticated

• Time-to-infect is getting shorter

Critical Infrastructures will be more

targeted

However, due to the fact that APTs are

becoming quicker-to-infect and stealthier,

there won’t be many reports about it.

Difficulties in pushing protection on these

organizations might arise due to the

“there are no evidences of it happening”

effect.

Cri

me • Cyber terrorism and Cyber sabotage, including

the “supposedly” state-sponsored, have

increased in the recent years

Not applicable

Not applicable


SLIDE 15

Cybersecurity will have a legal push-down from Companies’ BoardTrends and Forecasts

Co

nte

xt • C-Level Execs are becoming increasingly aware

of the relation of cybersecurity and privacy and

the overall impact of all cyber-things on the

Operational Risk Framework

Data Privacy Officers will become

common (2017 onwards) and pushed

to accumulate cybersecurity roles

However, there might be the temptation

to make it a “legal” position (cheaper,

due to availability of resources) rather

than a technical-savvy one.

Top organizations will understand that

what is needed is a cyber-security

professional with legal education or

vice-versa

Not applicable

Ma

rket

• Data Privacy Officers will be a “must have” for a

large number of organizations

Re

gu

l.

• GDPR is here and it is to stay


SLIDE 16

Analytics will become “the” hot-topic in intrusion and APT detectionTrends and Forecasts

Co

nte

xt

• Company information is on high demand, for all

the typical reasons (privileged information,

intellectual property, etc.).

Organizations will have to use

analytics to identify suspicious

behavior.

Instead of identifying malware, these

systems will flag as “incident” situations

in which credentials were used to

access a system for the first time, from

an unknown device at a new location

outside usual hours, e.g.

New solutions will pop-up from both

established companies as from startups

Cri

me

• Credentials are becoming the more

“monetizable” asset on the block

• Criminals are attacking companies without the

use of malware. They rather use stolen

credentials and “old-school-scams-on-techroids”

Not applicable

Not applicable


SLIDE 17

Attacks to health institutions Trends and Forecasts

12 other Hospitals are part of a investigative report

that can be read at

http://www.healthcareitnews.com/slideshow/ransomw

are-see-hospitals-hit-2016


SLIDE 18



SLIDE 19


Co

nte

xt • Health is a big business in some countries

• Health systems are increasingly online

• Health institutions do not invest in cybersecurity Attacks to health institutions

(hospitals, mostly) will increase

Several health-related technologies are

increasingly online and are lacking

security controls.

Hospital hacks will be delivered through

business partners (suppliers,

maintenance companies, etc.)

Cri

me

• Recent attacks to hospitals (ransomware) had

huge paybacks

Not applicable

Not applicable


SLIDE 20

Malware-as-a-service replaces isolated and proprietary hacks Trends and Forecasts


SLIDE 21

Malware-as-a-service replaces isolated and proprietary hacks Trends and Forecasts

Co

nte

xt

• Eastern-Europe countries are very tolerant with

cyber-criminals, as long as they don’t target their

own countries

Malware-as-a-service will fuel

low-end criminals who will push

ransomware even further

The business model of the “elite

cybercriminals” is quick in adapting to

economical standards and is pushing

models as the “pay-as-you-grow”.

Therefore, a very long tail of low-end

criminals will be created.

Cri

me

• Malware-as-a-service infrastructures are getting

highly sophisticated

Not applicable

Not applicable


SLIDE 22

Cyber risk ratings will become mainstreamTrends and Forecasts

A large international company


SLIDE 23


*Verizon 2015 Data Breach report

Yahoo Mail accounts breached

through third-party database hacking

Lesson from the Google office

hack: Do not trust third-parties

Third-party vendor behind possible

Lowe’s data breach

Third-party Vendor source of breach

at the Home Depot

Target credential theft highlights

third-party vendor risk

BREACH ORIGIN

DirectThird-Parties


SLIDE 24


Co

nte

xt • Cybersecurity is becoming relevant in all of the

Operational Risk framework

• Suppliers risk was traditionally only focused on

availability and SLA (not any more)

Maybe not in 2017 but pretty soon

cyber risk ratings will be

mainstream.

Organizations are not able to properly

monitor the cybersecurity posture of all

its suppliers and partners and,

therefore, must depend on someone

else to do it properly, in a cost-effective

manner.

Cri

me

• Criminals are hitting organizations indirectly, via

its business partners

Not applicable

Not applicable (yet … I believe cyber-risk insurances will

be mandatory in a few years)


SLIDE 25

Cybersecurity will become more expensive (and sometimes with less quality)Trends and Forecasts


SLIDE 26


UK Cybersecurity Breaches Survey, 2016


SLIDE 27


Concern about cyber risk continues to grow The “Regulation Cycle”

Regulators become defensive regarding

financial impact “on the system” and citizen’s

(i.e. political impact) personal data loss and

push regulations

Regulated entities become defensive

regarding fines and penalties and converge

to the regulation, making it become a

commodity

When present regulations are

commodities, regulators tend to strengthen

new versions of the regulations


SLIDE 28


Co

nte

xt • Cybersecurity is becoming relevant in all of the


• Cybersecurity is at the top-of-mind of everyone,

including the C-Level

Offer and demand market will push

prices up on the cybersecurity arena.

Specialized staff is in high-demand and

salaries are raising quicker. Portugal

has a severe shortage of these

professionals, in all cybersecurity

domains.

As a corollary, not so specialized

professionals will assume functions that

are not prepared to assume and the

delivery won’t be up to the standards.

Not applicable

Ma

rket

• Lack of cybersecurity professionals worldwide,

specially in Europe and critically in Portugal

Re

gu

l. • GDPR is here and it is to stay

• EBA regulations are strict and hard

• Critical Infrastructures are on the go as well


SLIDE 29

Outsourcing will be on the riseTrends and Forecasts

Co

nte

xt

• Cybersecurity is becoming relevant in all of the


• Awareness of C-Level is increasing

Organizations will start using

outsourced cybersecurity services

across the board

It will be impossible for a normal

organization to have in its staff all the

capabilities required to manage and

operate information security in a cost-

effective manner.

Trust in service providers will be key

Not applicable

Ma

rket

• Lack of cybersecurity professionals worldwide,

specially in Europe and critically in Portugal

Re

gu

l. • GDPR is here and it is to stay

• EBA regulations are strict and hard

• Critical Infrastructures are on the go as well

Cybersecurity trends and forecast for 2017Offer and demand market of cybersecurity professionals...

Documents

Transcript of Cybersecurity trends and forecast for 2017Offer and demand market of cybersecurity professionals...