In the ongoing, constantly-escalating security arms race, what do new vulnerabilities in our networks and data-centers look like? Doros Hadjizenonos, country manager, Check Point SA offers his predictions.
“The more things change, the more they stay the same.” Jean-Baptiste Alphonse Karr’s famous line resonated back in the 19th century Parisian literary circles, and it resonates today in the 21st century cyber security industry. With every new tool and technology introduced into the business IT environment, new vulnerabilities follow — ripe for cybercriminals and hackers’ hopes of making either a dishonest dollar or cause disruption, fear, uncertainty and doubts in the minds of the general public.
In this ongoing, constantly-escalating security arms race, what do new vulnerabilities in our networks and data-centers look like? Here are Check Point’s predictions for 2018.
Ransomware & Malware Multiply
Ransomware has been a cash cow for criminals, as well as a disguise for more destructive purposes; for example, Petya looked like ransomware but caused damage by locking up data. All types of users – from consumers to corporations – have fallen prey to ransomware, causing reasonable suspicion that it will continue to grow. We can expect to see large, orchestrated worldwide outbreaks along the lines of the early 2017 WannaCry attack. We can also expect to see criminals getting creative in their extortion tactics, tactics such as “if you infect two contacts, we’ll give you your data back at a lower cost.”
Overall, as operating systems beef up their security, we expect to see a decline in the use of exploits to target vulnerabilities, in favor of an increase in the use of human-error driven basic hacking techniques. However, targeted attacks using sophisticated, nation-state sponsored weaponized tools are emerging, and the rate of attack is likely continue to rise.
Utilization of server-less computing and data storage in the cloud is becoming more widely adopted in business. However, it’s worth remembering that cloud technology and the infrastructure that supports it is relatively new and evolving, and that there are still serious security concerns that provide a backdoor for hackers to access enterprise systems and spread rapidly across networks. Misconceptions about the responsibilities and level of security needed operate safely within a cloud environment are common – as are misconfigurations – which leave the door open to breaches.
During 2017, over 50% of security incidents handled by Check Point’s incident response team were cloud-related, and more than 50% of those were account takeovers of SaaS apps or hosted servers. With the increased use of cloud-based file sharing services, data leaks will continue to be a major concern for organizations moving to the cloud. This was seen most recently when a breach at consultancy firm, Deloitte enabled hackers to access confidential records of several clients.
The growing adoption of SaaS-based email such as Office 365 and Google’s G-Suite makes for attractive cybercrime targets, and we expect cybercriminals to ramp up their cloud attacks during 2018.
Mobile devices are part of the business IT fabric everywhere, yet they continue to be rarely, if ever, secured appropriately, in light of the vulnerability risk they present. We’ll continue to discover flaws in mobile operating systems that highlight the need for organizations to take a more serious approach to the protection of their mobile infrastructure and end-point devices against malware, spyware, and other cyber-attacks.
Mobile malware will continue to proliferate, especially mobile banking malware, as Malware as a Service (MaaS) keeps trending upward. MaaS allows threat actors of lower the technical barriers to launching attacks. Cryptominers also gained prominence in 2017, and we can expect to see more cryptomining malware being dropped onto mobile devices to harvest cryptocurrencies for criminals in the near future.
The majority of critical infrastructure networks were designed and built before the threat of cyberattacks. Whether the target involves telephone/mobile phone networks, electrical grids, power plants, or water treatment plants, it speaks to our good luck that there hasn’t been a large-scale, successful attack on critical infrastructure that impacts millions of people… yet. The DDoS attack against domain directory service DynDNS in 2016, which caused an internet outage affecting users of large web businesses such as Netflix and Amazon, provides a glimpse of what is possible in critical infrastructure cyberattack. An attack of this type and scale will happen, and it would not be surprising to see it happen in the next 12 months.
Internet of (Insecure) Things
As more smart devices are built into the fabric of enterprise networks, organizations will need to start using better security practices for their networks and the devices themselves.
The potential attack surface expands with the growth of IoT device usage, and attacks on compromised IoT devices will continue to grow. We will see more variations of the Mirai and BlueBorne attacks coming our way in 2018. Better security practices in IoT will be critical for preventing large-scale attacks – and may even need to be enforced by international regulation.
For every business opportunity that our hyper-connected world is creating, that same hyper-connectivity creates criminal opportunity for cyber attackers. Every environment is a potential target: enterprise networks, cloud, mobile, and IoT connected devices. Defending these networks require proactivity: pre-emptively blocking threats before they can infect and damage. By using threat intelligence to power consolidated, unified security measures, businesses can automatically protect against new and emerging types of attack, across all environments. Proactivity coupled with innovation marks the path to winning the cybersecurity arms race.
How to predict the future
Forecasting the future is about people, not technology, ARTHUR GOLDSTUCK discovers on a visit to the HP Innovation Lab in Barcelona
When HP chief technology officer Shane Wall talks about the world three decades from now, the trends to steers clear of technology. That’s startling, given that he is also global head of HP Labs, the advanced research group within the world’s leading PC and printer manufacturer.
The Labs play host to numerous futuristic technologies, from 3D printing to virtual reality, so one would expect its vision of the future to be all about the gadget. Instead, it’s all about the people who will use the gadgets of the future.
“When we think long term, we try to look 15-20, even 30 years into the future,” he said during the HP Innovation Summit at the HP Innovation Lab outside Barcelona, Spain, last week. “The way we do it is that we don’t start with technology. In HP Labs we invent all manner of incredible things in basic areas like biology, physics, and 3D printing. Those give us an idea, but we’re careful not to extrapolate those into the future, because by extrapolating you miss disruption.
“Instead, we look at people. We’ve done this for a number of years, looking every year at what’s accelerating, what’s gone slower, what’s new. We call these megatrends, that look at humanity rather than technology.
“In 2019 we stood back and took a different look at humanity. Everyone does market segmentation, analysing who the customer is and how they buy things. Instead, we looked at economic segmentation, we looked at where the money is moving in the next 30 years. We conducted numerous interviews with economists.”
The key megatrends identified by HP for the next three decades revolve around rapid urbanisation, changing demographics, hyper-globalisation, and accelerated innovation.
“We’re changing where we live,” said Wall. “People are moving out of rural areas and densifying cities. Cities themselves are getting bigger. In 1991, there were 10 megacities – defined as urban areas with 10-million people or more. By 2013, there were 41, by 2030, there will be over 60. Those cities are changing the very nature of everything we do, from the nature of work to the manner of how we do product development.”
The challenge of how to get goods into cities and waste out of them, he said, will result in a much greater focus on sustainability and energy management.
“That is going to change our go-to-market approach. Currently, we focus on countries as markets. Now we are seeing how important cities are becoming. In Nigeria, you may care about all of humanity, but for sales, you care about Lagos. In China, by 2035 any tier 3 city’s gross domestic product will pass that of the entire country of Sweden.”
The very nature of the population is changing, said Wall. The impact of the post-Word War 2 population boom, resulting in the American concept of “baby boomers”, has now evolved into the “silver spenders”, who are living longer thanks to healthcare advances. They expect technology to address solutions to their toughest problems.
“On the other end of the spectrum, we are seeing a whole new generation, Gen Z, a generation like we’ve never seen, very focused on experiences and values, less focused on purchasing. They are also driving a change in our behaviour as businesses in terms of go-to-market. Understanding them deeply shapes the very nature of the enterprise.”
Wall points out that, because we live in a world that is hyper-connected, we expect things to move at speed of light, while at the same time we expect it to be local. This has given rise to the concept of “glocalisation”.
“It is the expectation that things be both global and local, thanks to connectivity and mobile phones. Startups in emerging markets growing at 20% a year. It will be not only ideas that will move at this speed, but in the near future physical goods will also move at that speed.”
Finally, technology must, by its very nature, play a key role.
“Tech itself is moving faster; it’s not just a perception. It started with Moore’s Law and the doubling of capacity on a transistor every two years. That happened at a systems level, and eventually, it brought artificial intelligence and machine learning into being. The algorithms were invented 10-20-30 years ago, but because of scale we have seen that only now are they becoming usable.”
What does this mean for consumers and businesses? On the one hand, it represents massive opportunity. On the other, even greater challenges.
“Over the next 30 years we will see incredible economic expansion, where the number of haves with the ability to spend on products we sell is going to grow at an incredible rate. The number of have-nots will shrink. But in order to meet that economic growth, we will see a 16% shortage in skilled labour, which means we must drive higher levels of automation to reach that growth.”
A big question is: What can prevent it from happening? The answer is highly relevant to South Africa.
“The challenges lie in basic infrastructure, like roads, buildings, and airports, but one thing at the root of it all is energy. When we look into the future, energy will become the critical piece: how well, how fast, we can build it out to meet those needs. In many economies, it is not being built out in a sustainable way. We need to change the equation.”
One of the solutions lies in 3D printing.
“Products can be designed digitally anywhere, and you can transmit the design on a digital supply chain, perhaps using blockchain and security tech, to cities where they are printed or manufactured on demand using 3D printers. That’s digital manufacturing and it’s already happening in some places today.
“Imagine you go to Amazon, you find a product, you edit it, personalise it, make it yours, and at the push of a button it is printed at a local manufacturing facility and shows up at your door two days later. It’s estimated that we can save 25% of our energy using digital instead of traditional manufacturing. Manufacturing itself takes one-third of energy use the in the world, so it will have a big impact on the world of the future.”
Arthur Goldstuck is founder of World Wide Worx and editor-in-chief of Gadget.co.za. Follow him on Twitter and Instagram on @art2gee
Google launches open-source cloud for enterprises
Vendor lock-in is a thing of the past for Google Cloud users, writes BRYAN TURNER.
A new way for enterprises to use cloud, that prevents lock-in, has been unveiled by Google at its Cloud Next event in San Francisco.
“Cloud Next is held in San Francisco, London, and Tokyo to cater for the various markets,” said Mich Atagana, head of communications for Google Africa. “The event aims to bring together cloud developers to showcase the latest cloud. You can think of it as the Google IO event for executives.”
At a round table, a team of Googlers broke it down for those of us who aren’t cloud developers.
“There’s a lot of technicality in this event, and a lot of the magic could be lost on those who aren’t developers,” said Atagana. “That’s why we’ve assembled our Cloud team to demystify the technicality.”
Shai Morgan, head of Google Cloud Sub Saharan Africa, said: “Cloud Next started four years ago. The first one hosted 3600 attendees, while this year we hosted about 30,000. This shows the way Google moves across the industry and how we address businesses. We’ve seen large growth in our partner ecosystem. It used to be very niche players, and now it’s big players like Accenture and Deloitte using Google Cloud.”
Daniel Acton, regional tech lead for Cloud at Google, said: “We had a new CEO come in [for Google Cloud] and he said it’s all fair and well to talk about the benefits of the cloud, but it’s not always attainable for business.”
This is where Google comes in. It launched new products to assist businesses in customising the cloud, the transition to cloud platforms, and how much must remain on-premise.
First up is Anthos, a management system for hybrid environments.
Acton said: “Anthos addresses the journey to the cloud. Businesses know that this journey doesn’t happen at the snap of the fingers. Executives have to make carefully calculated decisions on how to get there. There’s also lots of friction to get to the cloud, with a big factor being cloud vendor lock-in.”
“One way to move a business to the cloud is through a ‘lift and shift’, which is simply moving all the components of the business off-premise and on the cloud. This isn’t always what a business needs. Anthos deals with “infrastructure modernisation”, which is how we go from what we got to what we need. That’s because not everything should be in the cloud.
“We give businesses that option for hybrid infrastructure. Anthos exists to help customers on their journey to the cloud. We realise this is a multi-cloud environment and provide our customers on-premise, a bridge, and computation on the cloud, for example.”
Morgan expanded on this and said: “It’s a bridge to the cloud and a very well managed bridge at that. For an enterprise customer, it’s complicated to move assets, manage skillsets, all while thinking about lock-in to a cloud vendor. Open source in an enterprise environment prevents lock-in. We work very closely with existing vendors, walking with them in their cloud journey but they can leave at any time.
“Anthos can run on Amazon Web Services (AWS) and Microsoft Azure. That’s the beauty of Open Source, no lock-in. Containerising is a method that’s popular in the cloud developer environment but moving these containers across these environments is not trivial currently. Anthos allows this to happen.”
This brings the second major feature: serverless computing.
Containers and serverless computing go hand-in-hand. Acton explained that containers are like pre-setup computers, where a developer doesn’t have to spend time setting up a virtual environment and can focus on writing code, which ultimately delivers business value. He compared the proliferation of containers to Java, with the “write once, run anyway” phrase.
Serverless computing is split into many levels. At a low level, the Google App Engine allows developers to write code, and it takes care of hosting and handling the load. This is similar to the AWS Lambda service.
The enterprise nature of Google Cloud is not exclusive to large enterprises.
“We address very small businesses as we treat our consumers,” said Morgan “They most likely use Gmail, Drive, Docs, and Calendar because those products are free and very easy to handle. Setting up an enterprise cloud environment is quite complicated.
“If one invests enough time and energy, one can start a business that adds value and has its computing backed by Google Cloud.”