Ideas fresh off the wire

Client Experts on the Future of Security

IoT, AI, Offense and (Cyber)Insurance

We are in the midst of a thrilling time in which many of our technological aspirations, from autonomous cars to highly advanced computing devices that fit comfortably in our pockets, are a practical reality. But along with the enhanced capabilities offered to businesses and individuals, comes increased risk.

For instance, IoT technology has helped create devices reminiscent of HAL 9000—but, much like the film character, it can be subject to major flaws. Fortunately, direct physical harm hasn’t been caused yet, but 2017 will surely be the year that cybersecurity stops being a news novelty to becomes a well-understood norm by all. The year to come is the year “cybersecurity” becomes just “security,” for even those outside the industry.

Taking from our all-star security client lineup, here’s what our experts are expecting in the year to come.

 

Affecting Trust

The savviest attackers are moving away from just data theft to targeting data integrity. Longer standing, reputational damage is becoming more common, especially in cases where the involvement of a nation-state is suspected. We’ve already seen these kinds of attacks in M&A scenarios with the Yahoo breaches and during the presidential election.

This kind of attack will continue to gain traction, especially within industries that rely on public confidence like medical facilities and financial institutions. Governments may also fall victim to attacks to spur on distrust in national institutions and processes (e.g. alleged Russian involvement in the presidential election).

Cyber Insurance Matures

Amid the slew of unmanageable threats, organizations will likely continue to increasingly take advantage of cybersecurity insurance. As the underwriting market responds, we can expect the due diligence requirements for underwriting to bolster greater spending on security controls. As such, we can expect security product purchasing decisions to be driven by cyber-insurance companies.

Expect cyber-insurance organizations to develop short lists of vendors and products that must be deployed to be compliant for insurance. CSO/CISOs will be asked by CFOs for these products and purchases may be directed top down if they’re lacking. We can also expect more vendors to offer guarantees and/or their own insurance offerings.

 

Finally Sifting Through Troves of Data

Machine learning and AI have recently come to the forefront across industries for good reason. Human’s cannot parse and make sense of all the data being generated today. Human’s simply can’t scale, work as long or be as detailed oriented like a well crafted and intelligent program, so expect further investments in neural networks and smart technology.

A caveat is that machine learning and AI will also be used for nefarious purposes. Hackers often mimic the same models as their targets for unlawful tools and distribution, often protected by the anonymity of the dark web. Just like machine learning algorithms sift through threat alerts, criminals will start using it to parse the troves of data they steal. Moreover, smart strains for malware (e.g polymorphic and metamorphic) have already entered the scene, capable of intelligently evading detection and even changing is composition to do so.

What do you think we have in store for the year to come?

If you’d like to here more from our experts, join us at Highwire’s third annual RSA Happy Hour—this time in conjunction with the Christian Science Monitor’s security vertical, Passcode, which will conducting live podcast interviews with some our experts.