The year is drawing to a close and for cybersecurity professionals. 2017 has been intense. When the WannaCry ransomware outbreak occurred in the early part of the year, I had a suspicion that 2017 was going to be another big year for the cybersecurity world. News of data breaches and cybersecurity incidents were plentiful and as 2017 draws to a close, it is haunted by the biggest data breach yet: Equifax. While the incident may seem like old news to some, there are still some people that have yet to learn about the incident. This incident has many lessons that the cybersecurity field can take away. Failure to patch security vulnerabilities, failure to check that patches are in place, failure to notify in a timely manner, and failure to have something in place to properly notify those impacted. There are so many negatives in this situation. So many people’s lives have been impacted and the way the company handled the situation is disappointing. Leadership is a redeeming quality that sets you apart from all the others. In this situation, Equifax was not a leader. They were however a great example of what not to do in an incident response scenario.
As a community we can learn from their mistakes. It may seem easy to cast judgment when not in their situation, but it is important to be prepared in the event that fate ever befalls your company. After all, it is not possible to be 100% risk free. There is always some level of acceptable risk that has to be taken to continue business functions. The risk we accept should be balanced out with extra monitoring and attention to those areas to ensure any suspicious activity is handled quickly. While the number of cybersecurity positions continues to outgrow the number of people to fill them, how can we ensure that we can continue to stay ahead of the adversary? While so many people are fearful of artificial intelligence, I predict that we will begin to embrace it in our field and use it to our advantage. Automation can help cut down on tedious tasks that help save us time to focus on more important tasks such as threat hunting.
As the number of campaigns grows, the landscape will be taken over by the more advanced threat actors. Competition for victims will push the adversaries to become more creative and more evasive. Perhaps it is just wishful thinking, but with competition between the adversaries, it would be nice if they focused on taking the other adversaries out with their malware and other tactics instead of focusing on companies trying to conduct business. I suppose it is better for the threat actors to work in competition than with each other. In 2017 we have seen a lot of cyber criminals get taken down. Advancements in the work on the dark web have helped shut down top cyber black markets. We have also experienced a lot of digital currency loss in 2017. News of digital currency hacks and miners seems to increase every day. What can we do in 2018 to anticipate these events continuing to grow?
It is no doubt that end user awareness about cybersecurity has continued to grow this year. Yet, many end users do not have the knowledge to protect or defend themselves at all times. Perhaps they are safe at work with the help of their security operations team, but what about at home? The end users are hungry for information, but our field is so short handed that one of our best tools, the end user, can’t be “configured” as a defense/weapon. We have one month a year for Cybersecurity awareness in October. We need to find a way to make this a monthly process. Get involved, volunteer at a local high school and talk about ways to analyze information and determine if something is malicious. If we can arm one other person with the knowledge to defend themselves from being a victim, that is one less system that could be used in a botnet. They may not be fit to be an expert, but equipping them with basic knowledge is a step in the right direction.
My last comment for consideration going into 2018 is that we need to think about why, in a field that has tremendous growth and need, attackers are choosing the “dark side”. What can we do to make this field more enticing so that we get those skilled with finding vulnerabilities in a position to help as opposed to using them against us? One less black hat could be one more person on our side helping to stop the spread of cyber malice. A lot of these topics for discussion going into 2018 are very optimistic, but they are great ideas to consider and develop. While there are more bug bounties than ever before, what other ideas can we bring to the table to provide more motivation to be on our side of the cyber war? How can we make 2018 the year that we are the victors? It starts with you. You can help make the difference.