From WannaCry and NotPetya to the Yahoo and Equifax breaches, 2017 was truly one for the books. In the coming year, cyberthreats will not only persist but flourish, with ransomware, nation state attacks and mega breaches continuing to make headlines. Here’s what I see happening in the cybersecurity industry:
In the face of fake news, the industry will develop a reputation management scheme that will allow individuals to verify their identities through an operation that records an interaction only a person can have. This reputation scheme will be universal and follow an individual across platforms, domains and online venues, even if the person wishes to remain anonymous.
You sitting in front of a computer reading this, then discussing it with someone in the office might be a factor or unit you could record. The more units a person has applied to the scheme, the more likely the account is tied to a real human versus a bot or ad page. If a scheme has a lower score, the account and its content are less likely to be viewed as trustworthy. The biggest issue with this approach, however, is that people will try to game it. Given this, it has to be created in a way that can’t be manipulated.
Think about Twitter verification – that’s portable and might even move in a blockchain.
We’re heading toward a serious increase in percentage of security operations (SecOps) tasks that get automated. As part of this trend, there is a shift towards individuals within security operations centers (SOCs) verifying decisions made by machines versus the other way around. This is important because malware is getting ever more sophisticated, and we need ways to operationalize the kill chain.
In our current threat landscape, we can’t rely solely on endpoints and routers, but instead need to detect anomalies in a programmatic, automated way. Cyber infrastructure used to be defined as a hard crunchy shell – the firewall – and a soft chewy middle – the corporate LAN. With little standardization, automation was difficult.
In recent years, these barriers have dissolved, and we’re consuming new data and creating new indexes on the fly. Moving towards 2018, security tools will be built to automate, and we’ll see normalization for automation within SOCs.
We’ve been walking a fine line balancing how to protect national security while simultaneously upholding personal privacy. What does that mean when it comes to terrorism, backdooring data and crypto export issues? In our data-rich world, it’s crucial that we protect the user’s right to have personal conversations and raise the bar on user privacy.
As we close out 2017, I predict the debate over when to compromise personal privacy in the name of the greater good will only heat up. Turnkey tyranny is there – the only thing stopping it is a policy, and I wouldn’t be surprised if we see something similar to the UK’s Investigatory Power Act of 2016 passed in the U.S. in 2018. It will only become harder to protect user privacy, and I only hope we as an industry can evolve quickly enough to keep up in the years to come.