Get best of the week

Key trends in the cybersecurity and information security market 2020-2021 versus forecast 2019-2020

Hello everyone, my name is Alexander Dvoryansky, Iā€™m the Director of Communications at Infosecurity. Today I will consider the main trends and vectors of cybersecurity development, both global and Russian, which in my opinion will be relevant in the very near future. This year there are only 10 of them compared to 12 in the past , so please do not immediately blame the author for excessive laziness. In the second part, we compare today's forecast with the previous one.

I must say right away that there are absolutely no references to hype topics in this text: cortonovirus, the fundamental reasons for the growing demand for buckwheat and toilet paper. Also, unfortunately, or fortunately, there are no ā€œexpertā€ discourses on the financial situation of the country.

Well, now let's figure it out in order.


Trend No. 1. Targeted Attack Defense




In the context of cybersecurity, the year 2019 was marked by complex APT attacks, both for the attacking side and for the defending one.

In early 2019, several cyberattacks were launched against large industrial companies. Aluminum producer Norsk Hydro manually switched over part of the work processes and suspended several plants due to a cyber attack that led to file encryption in the infrastructure of the company's plants and branches around the world. In the first three quarters of 2019, phishing was used in 83% of attacks on industrial companies, and malware was used in 89% of attacks. The main goal of cybercriminals in attacks on industrial and energy companies remains espionage: hackers seek to gain a foothold in the company's infrastructure and gain control not only over IT systems, over key computers and servers, but also over a technological network with industrial equipment.
But in the financial industry, the goal of cybercriminals still remains the withdrawal of funds and the compromise of highly sensitive data.

The most striking confirmation of this is the Darkweb market, where a lot of prohibited goods and services are sold, including hacking tools and access to already hacked infrastructures. In addition, criminals continue to use the illiteracy of users in matters of ensuring their own security. APT groups actively exploit the latest vulnerabilities, act very quickly, and most importantly - often change tools and tactics.

According to Grand View Research, the cybersecurity market will reach $ 9.88 billion by 2025, with an average annual market growth rate over the forecast period (CAGR) of 29.7%. The driving force behind the market will be the demand for increased privacy. It is expected that increased government efforts to enforce strict rules to limit the amount of data collected by IoT devices in industries such as BFSI (Banking, financial services and insurance), retail, and healthcare will boost the market for cybersecurity solutions.

According to Positive Technologies, more than 60% of attacks in 2019 were targeted.

habr.com/en/company/softline/blog/439130

Trend No. 2. Internet of Things Security




The security risk from IoT devices was seriously discussed back in 2016, after a massive DDoS attack by the Mirai botnet, which included hundreds of thousands of infected devices.
The ability to organize a botnet of this magnitude is associated with a low level of security for such devices: in addition to the initially weak passwords ā€œby defaultā€, many also have critical vulnerabilities.

The list of types of devices is constantly updated: home routers and web-cameras, various sensors and components of a smart home, medical and industrial equipment.
In recent years, interest in vulnerabilities in the software of cars, smart speakers, etc. smart devices has also increased. We all remember the story of a hacker terrorizing a young mother threatening her with the help of a radio nanny.

Since every year the amount of equipment connected to the Internet is only increasing, we predict a significant increase in the number of incidents related to this area.

Attacks on unmanned vehicles and personal data.

Modern cars are driven by massive amounts of data. So, almost every car is equipped with a variety of GPS devices, sensors, platforms for driving, which makes it vulnerable to attack by attackers. Hackers can obtain data such as an email address, as well as gain access to personal data, including bank accounts, etc. ... This has become possible through the use of data storage in the cloud.

Trend No. 3. Cloud SOC versus on premise






On the Russian market, only the lazy is not talking about SOC now. For developers, this is a deep market, for customers it is an opportunity to qualitatively improve the overall level of information security of the company and build a comprehensive defense in depth.
However, if earlier we were more and more observing the picture of building our own SOC at the customerā€™s site, today more and more market participants give their preferences to the service model of connecting to IS monitoring and event processing centers or do it in the next 2 years, rather than take up the construction of your own. This is primarily due to the significantly lower cost of the solution and a faster return on investment. Also, the customer does not need to form and maintain a team of analysts, who, by the way, are quite expensive today.

Confirmation of the interest of the professional community in the subject of SOCs and everything related to them is clearly demonstrated by the last SOC-Forum 2019, the entry line could compete with the lineup at the legendary McDonald's on Pushkinskaya 25 years ago.

Trend No. 4. Services model MSSP (Managed Security Service Provider)




More and more large and medium-sized organizations are discovering managed services provided by service providers to provide information security services on a commercial basis.

What is the value for customers and why is the near future for MSSP?

Firstly, it is a reduction in costs, since there is no need to buy specialized software and equipment, in addition, payment is made exclusively for services actually provided to the client.

Secondly, the services are provided by professionals who, based on their own experience, will help you quickly and competently respond to incidents and cope with other difficulties.
You, in turn, have to concentrate on the main business and forget about information security, or just control and optimize the services provided by the service provider.
In Russia, the MSSP is only just beginning to gain momentum, although, of course, it is still far from world indicators. More and more customers are starting to trust service providers, outsourcing key IT and information security processes.

Trend No. 5. KII and GosSOPKA




If you are a subject of KII, no matter what class, you are obliged to report all incidents to the State SOPKA. The punishment for failure to fulfill or improper fulfillment of the requirements of the law is severe up to criminal. Therefore, all subjects of KII, state, commercial, up to private entrepreneurs (if he suddenly provides such services) must and will carry out activities to comply with legal requirements.

According to the law, CII entities must:

  • carry out the categorization of KII objects;
  • to ensure integration (integration) into the State system for detecting, preventing and eliminating the consequences of computer attacks on the information resources of the Russian Federation (GosSOPKA);
  • take organizational and technical measures to ensure the safety of KII objects.

And the connection to the State SOPCA requires from the KII subjects the following:

  • inform the FSB of Russia about computer incidents, as well as the Central Bank of the Russian Federation, if the organization operates in the banking sector and other areas of the financial market;
  • assist the FSB of Russia in detecting, preventing and eliminating the consequences of computer attacks, establishing the causes and conditions of computer incidents.

Finally, the notion of GosSOPKA means appeared, formulated in the orders of the FSB No. 196, 281, 282. They describe the tools that the GosSOPKA center should use. In addition, specific requirements were published for the subjects of the State SOPKA, and these are not recommendations, but binding documents. The practice of holding accountable under Art. 274 of the Criminal Code (ā€œViolation of the rules for the operation of means of storage, processing or transmission of computer information and information and telecommunication networksā€), but so far only for obvious things: they are punished for attacks on subjects of KII and for serious violations of job descriptions.

Trend No. 6. Machine Learning and Machine Learning




Machine learning has been used in the environment of manufacturers of security equipment for a long time, allowing you to build more flexible and adaptive threat detection techniques.

Currently, there are trends to build this competency not only on the side of the defenders, but also among hackers.

For the most part, cybercriminals use machine learning to develop malware that bypasses signature-based detection methods, creates phishing emails that are almost indistinguishable from regular mail, and look for vulnerabilities in application code.

Do not forget that machine learning can be used in terms of working with company algorithms. As soon as fraudsters gain an understanding of how the algorithm was trained, they will immediately have leverage to manipulate it.

Trend No. 7. Training and raising IB awareness




Awareness raising is one of the eternal trends in information security.

If the company does not train its employees in information security rules, violation of these rules is simply a matter of time: you cannot observe what you do not know. An external threat is fraudsters - social engineers. To get valuable data, they parasitize on human weaknesses - curiosity, credulity, fear of sanctions from the authorities. Complex technical solutions are no longer needed: why create a virus, trojan or spyware if you can bring information on a silver platter?

From all this it follows that employee training is an indispensable means of protecting the assets of any company. For training to be effective, you need to conduct it regularly and make it as interesting as possible. With the first, everything is usually not bad, but the second is often forgotten. Several avarness trends come to the aid of IS heads:

  • We train remotely - employees must view materials on different types of devices at a convenient time for them;
  • We use a personal approach - different target audiences need different formats;
  • We introduce micro-learning - information is supplied in small blocks, at the end of each block there is a practical task;
  • Do not forget about gamification - game elements are added to the training (fascinating stories and characters, awards and achievements, the gradual complication of tasks).

ā„– 8.




For 2019, about 67550 messages and publications on the topic of Schooling (Columbine) were found in the most popular social networks. The statistics of the attacks committed are even more horrifying: over the past 5 years there have been totally 5 attacks on schools, in which about 90 people suffered and 25 people died. Of course, this is not the only threat. In addition to joking, the topic of suicidal tendencies among adolescents is still relevant. It would seem that the history of the ā€œBlue Whaleā€ ended more than 2 years ago, however, over the past year, groups of ā€œPsychological Assistanceā€ have been gaining more and more popularity among teenagers on social networks, the introduction of this kind of community has clearly shown that there is no question . Also in the regions the ideology of A.U.E. is growing. (ā€œThe Arrest Way of Unityā€),which is undeniably associated with the growth of crime and violence in the teenage environment. Some of the above threats spread with high speed, due to the fact that the Internet has deeply taken root in the lives of adolescents, so yesterday unknown trends are becoming popular today. The above dangerous trends require new technical solutions, therefore, government agencies are increasingly looking for effective solutions on the market.

I think that soon these decisions will become automated systems for monitoring and warning threats that will help to identify dangerous trends in a timely manner, determine their criticality level and identify people at risk.

Also, those systems whose work algorithms will allow not only to respond to already formed trends, but also detect only emerging ones, will have a huge advantage.

It is already impossible to manually process such a large amount of information, therefore the platforms will perform primary filtering automatically, filtering information that is irrelevant, which will undoubtedly allow experts to focus exclusively on urgent threats.

Trend No. 9. Phishing, high-level social engineering, cyber espionage




Social Engineering (BEC fraud).

You can predict an increase in the number of incidents in the SMB sector related to BEC fraud (business email compromise) - social engineering using existing accounts of company employees, including management. The threat is especially relevant for companies that regularly make large money transfers to counterparties, partners, as attackers can - allegedly on behalf of a proxy - ask authorized employees of the victim company to transfer funds at the front details. That is, here we have a hacking scheme through a chain of trusted suppliers.

In the last year, mail phishing attacks on enterprises initiated by the MIM principle (man in the middle) have become widespread. The essence is this: attackers get information about a deal being prepared. Using an insider or in another way, they wedge into the correspondence of counterparties, register domain names similar to the domain names of counterparties and communicate with each of them on behalf of the target company.

In fact, in the modern world, electronic correspondence is usually carried out in the form of a chain of letters, and the addresses of senders are hidden behind the names from the address book, the victim may not notice in time that he is communicating with the attacker. According to the results of the correspondence, scammers send fake payment details to the victim and expect money to be transferred, unfortunately, the identification of such schemes often occurs after the transfer of money transfer.

Targeted extortion.

Attackers will continue to carefully approach the choice of the victim and attack those companies that, in their opinion, are capable of paying significant amounts for information recovery. Today on the darknet market for selling corporate servers "encryption" is flourishing. Also, ciphers and erasers will not go anywhere, hello old Petya.

Trend No. 10. Attacks on users' personal devices




Individuals cannot be ignored: attacks on personal devices of users will never lose their relevance, since for most people the convenience of working with the device is much more important than the security of personal data. Most likely, attackers will combine attacks on gadgets with classical methods of social engineering (for example, with fraudulent phone calls in order to receive payment data).

Mobile threats and the development of deep fake The

ability to recreate the fingerprint in 20 minutes was enabled by the Tencent Security application, which can reconstruct the fingerprint even from fragments taken from several items, as well as an engraving machine worth $ 140.

The bulk of modern mobile banking applications allows you to use biometrics (fingerprint, face, voice cast) to enter. It must be remembered that this is simplified authentication - simplified for both the user and the attackers. In this case, the application is forced to store all authentication data snapshots on the device itself.

Distribution through advertising applications and programs

Free software products with advertisements placed in them, as before, not only annoy the user, but also carry a clear threat. At the global level, adware is the most common malware infection, accounting for more than a quarter of all infections. Since adware programs are very common in mobile app stores, this type of attack is a serious threat especially for unsuspecting mobile device users.

Whatsapp

Where without him. Attackers can use remote access to sneak a password in a mobile bank or perform some actions on behalf of the victim. In 2019, Google took a big step towards securing the popular mobile apps on Google Play. Now, through the Google Play Security Rewards Program, researchers can receive payments for the vulnerabilities of any Android application with the number of installations from 100 million. Such a measure is expected to lead to improved security for popular Android applications, but not as fast as we would like.
Much has been written about the protection of mobile applications, even too much, but this does not stop users from neglecting basic security rules, which means that attackers will not have less work.

On this the first part ends



Part 2: did not take off


What kind of strategist am I if I donā€™t admit my mistakes, below are a few trends that I identified as key ones a year ago, but something went wrong, well, it happens.

Like it was a year ago.

Another predictable trend, and it is already number 8 - biometrics




On July 1, 2018, Law No. 482- on the biometric identification of citizens came into force in Russia, providing for the creation of a single database of biometric data for all residents of the country. Consequently, all organizations, one way or another related to this law, will need to use the specialized software and hardware complex to provide reception, storage, and, most importantly, secure transmission of user biometric data.

At this stage, the implementation of the Biometric System will greatly facilitate the lives of bank customers by simplifying the process of processing financial products. Now, to determine the identity of the client, it is not necessary to require a passport - it is enough to compare the voice and the person with the entries in the database. A bank client can execute any of its products - for example, a deposit or a loan - anytime, anywhere by phone or in the Internet bank. Banking services will become more accessible to people from remote regions where the choice of banks is limited or completely absent.

And for banks, in turn, connecting to the EBS will help to fulfill the requirements of the law, in terms of the security of data transmitted and received from the Unified Biometric System.

Conclusion:

Well, it didnā€™t take off, the main market players reported on the connection and inclusion of biometric identification in their portfolio, however, the mass service did not become. Players are also not in a hurry to invest any serious funds in an advertising company. And if you go to any major bank and on the scoreboard of electronic tickets for bank services, itā€™s not so easy to find biometrics.

Trend # 7 of the coming couple of years - cyber risk insurance




In general, the cyber-risk insurance market is only gaining ground now, but by 2023, according to experts, the size of insurance premiums in the Russian market will amount to 1 billion rubles.

An important factor from the point of view of deciding in favor of insurance of cyber risks is the state policy on this issue. Thus, the Ministry of Finance issued a letter according to which it allowed organizations to take into account the loss from cyber attacks as an expense and thereby reduce the basis for calculating income tax, but for this it is necessary to report the attack to law enforcement agencies, which, if there is expert opinion, should initiate a criminal case . However, if you refuse to initiate criminal proceedings for any reason, you will not be able to lower the tax base.

Consequently, any attack by attackers in this case will entail not only financial losses for organizations, but also additional reputational risks. And customers and counterparties will be able to draw the appropriate conclusion about the reliability of the organization.

At the same time, the use of a cyber risk insurance policy, on the contrary, demonstrates the organizationā€™s desire to protect and secure customers from malicious acts.
I want to emphasize that preventive measures to organize data security are still the most logical and effective tool to reduce the likelihood and possible damage from cyber attacks.

Conclusion:

Iā€™m also fixing my mistake, the service didnā€™t take off, we did not see any major public case of cyber risk insurance in the media, on the sidelines, in specialized communities. Explicit advertising or any other service promotion is also not noticed.

And what are the trends of the near future for cybersecurity in your opinion? Perhaps we can work together to expand or narrow the list.

More articles:


All Articles