January 15, 2019 • Zane Pokorny
One of the biggest challenges we face in the cybersecurity realm is deciding how to prioritize our limited resources. The possible threats out there are too multifarious for any one organization to respond to comprehensively — we all need some context to decide what to focus on and what to ignore.
Forrester tackles this problem in a new report that lays out their predictions for the top cybersecurity threats to expect in 2019. Their approach is partly based on researching recent trends in both attack vectors and where markets are headed (for example, the significant growth in the area of internet-of-things devices) to determine what we’re likely to face this year.
Here, we’re taking a quick look at the five trends Forrester expects we’ll see, as well as a few of their recommendations for best security practices to follow — including the central role that threat intelligence should play in any security operations moving forward. The full report goes into much greater detail, providing clear and actionable recommendations for each threat, as well as detailed charts and figures that further expand on their research.
Forrester reached out to a few organizations that run “bug bounty” programs (crowdsourced penetration tests that offer a reward) to see what kind of web application vulnerabilities threat actors are most commonly exploiting right now.
The top result was cross-site scripting (XSS) attacks, a form of code injection where malicious code is inserted into the scripts of otherwise trusted websites. These attacks pose a huge threat in part because they allow attackers to steal information that sites use to authenticate user sessions, giving them almost complete control over a user’s private information on sites that otherwise appear to be secure. XSS attacks account for around 21 percent of submitted web application vulnerabilities, this research found, and that trend will likely persist this year.
Cost is a major reason why it’s so important to find defects in your applications before they go live — it’s noted in the report that remediation becomes up to 100 times more expensive once a product launches. Threat intelligence helps you find which vulnerabilities present in your network are actually being targeted by threats so that you know what to prioritize, saving time and money.
The internet of things (IoT) is an exploding market. Some predict that it will be a business worth hundreds of billions of dollars within the next few years, with especially fast and widespread adoption of internet-connected devices being seen in industrial settings.
This is a big problem for security. Manufacturers of these devices often don’t bother to regularly update their software, and many of these products don’t come on the market with rigorous security measures implemented in the first place. That means they provide easy access points to a network — as it’s put in the Forrester report, “To an attacker, IoT devices play a similar role to that of rabbits in the food chain: they are there to be eaten.”
IoT devices are likely targets for botnets, particularly for mining cryptocurrency as the costs of mining continue to go up. For some coins, the electricity bill generated from mining them on most devices is higher than the value of the coin itself. But if you’re mining on someone else’s dollar, who cares?
Crypto has had its ups and downs in 2018, but it still plays a major part in the underground economy. We should expect the IoT to continue being a major pressure point in the near future. The number of endpoints in a network that security professionals have to keep track of is growing rapidly, requiring automation (for example, through threat intelligence platforms that integrate well with the other security solutions you already use) to effectively monitor them all.
A password is only as secure as the person who knows it, and there are some unique challenges associated with trying to mitigate risks from people within your own organization. Attackers have a few different ways to get at individuals in your organization, like spearphishing or social engineering techniques, but it can also be as simple as a threat actor enticing a disgruntled employee with a big payoff in exchange for access to your network.
Organizations can try to stay on top of these kinds of threats, not only by keeping their employees happy and informed about how to spot these kinds of attacks, but also by closely monitoring their internal networks for any suspicious activity. One complication that Forrester found in their research was botnets using credential stuffing attacks to obfuscate insider attacks. With widely distributed botnets generating a large number of failed logins, it becomes harder to pinpoint the suspicious activity that actually did the damage and gives an insider plausible deniability.
The report also notes that a major source of risk for insider attacks (depending on your definition of who’s an “insider”) comes from compromised third parties. As we share information with partners, vendors, and other organizations more freely, our security becomes only as strong as their security. For example, a spearphishing email may be much more convincing if it looks like it’s coming from someone you work closely with.
We can expect this attack vector to continue to be used in 2019. Some threat intelligence solutions offer third-party risk monitoring, helping you stay on top of threats that may not target your organization, but still affect you indirectly.
Distributed denial-of-service (DDoS) attacks are still big, and they’re going to stay big in 2019. It’s noted in the Forrester report that these attacks are “easier than ever,” with the average attack size increasing 37 percent since a vulnerability in servers using Memcached (an open source, distributed memory caching system that’s used to speed up database-driven websites) was publicly disclosed by Cloudflare in early 2018. Exploits targeting this vulnerability provide a huge amplification factor to DDoS attacks on systems running Memcached.
Looking at the question of what motivates many DDoS attacks, it’s stated in the Forrester report that it doesn’t really matter in an era where crimeware-as-a-service is a growing industry in the criminal underground — the ones operating the botnets are oftentimes selling their services to threat actors who are less technically capable, so the people “pulling the proverbial trigger” on these attacks are motivated by money more than anything else and are indiscriminate in their targets. As the report says, “The one truth with DDoS is that you are at risk because the capability exists.”
Threat intelligence solutions that automatically gather data from sources across the open and dark web can provide you advance notice of an attack, giving you precious time to prepare.
Some of the risks presented by IoT devices also exist in the use of personal mobile devices in the workplace — like IoT devices, smartphones and tablets represent easy access points to a network because they just aren’t subjected to very rigorous security practices.
This is especially true for Android devices, many of which may be running outdated versions of their operating system. The report notes that according to Google’s developer website, over half of all Android devices are still running Marshmallow (released in 2015) or an even older version of Android.
What can be done about it? Smartphones are nearly ubiquitous these days, and relatively few people in any given organization will always be following cybersecurity best practices. Trying to restrict the use of personal devices in the workplace is problematic and likely will reduce productivity, and any company policy that dictates the installation of mobile device management software controlled by the company’s IT department will probably raise privacy concerns among employees. Forrester’s report suggests providing company-wide access to anti-malware solutions that are managed externally.
Each of these threats represent serious challenges to any organization’s security — enough that Forrester recommends fundamentally rethinking the “perimeter-centric” cybersecurity paradigm that has historically prevailed but is increasingly understood to be seriously flawed and outdated. Nearly every industry today functions at least in part in the digital realm, meaning their attack surfaces have ballooned out of proportion to any security approach that involves building walls to keep enemies out.
Instead of walls, we should build watchtowers. In environments where security professionals have “far less control over networks, endpoints, IoT devices, apps, and people,” Forrester advocates for a “Zero Trust” approach to security. The core tenets of Zero Trust are to:
One of their core suggestions for developing a successful security program based on these tenets is to “embrace threat intelligence as the lifeblood of your security operations.” The right threat intelligence solution should allow you to automate your data collection and analysis across security functions, giving visibility into vast quantities of data from both open and closed sources and providing context on which you can take action against risks and threats.
As the report says, “Threat intelligence provides key outcomes for your organization, ranging from strategic mitigation based on understanding the threat landscape to tactical prioritization of alerts that align with known actor tactics, techniques, and procedures.”
To learn more, download your free copy of Forrester’s “Top Cybersecurity Threats in 2019” report today.