By: Jeff Castillo
Regional Director for Fortinet Philippines
Networks are evolving at an unprecedented rate. Physical and virtual environments, private and public clouds, and a growing array of IoT and endpoint devices are all dramatically expanding the potential attack surface. Protecting highly elastic network environments present cybersecurity leaders with a complex array of security challenges. In part, this is because cyberthreats continue to grow in both scope and severity in order to exploit the growing number of new attack vectors. As a result, the number of recurring high profile breaches, including ransomware attacks and other cyber incidents, continue to grow at a mind numbing pace in spite of billions of dollars being spent on cybersecurity resources.
There are several implications for CISOs and other cybersecurity leaders. These include:
- The digital footprint of businesses and individuals continues to expand dramatically, including new multi-cloud strategies, thereby increasing the attack surface.
- Nearly every device is a target, and virtually everything can be used to instigate a cyber attack.
- Threats are becoming more intelligent and attacks are increasingly automated, making them extremely difficult to detect.
Fortinet recently identified five factors that are driving these changes in the cyberthreat landscape. Each of them makes it increasingly difficult for organizations to protect their networks, data, and communications from malicious actors.
Let’s take a quick look at each of them to understand how and why they are playing a critical role.
- Internet of Things
Much has been written about the Internet of Things (IoT). Predictions pinpoint exponential growth, with estimates that there will be 4.3 Internet-connected devices for every man, woman, and child on the planet by 2020. When we talk about IoT devices, they fall into three buckets. The first is Consumer IoT. These are the devices we are most familiar with, such as smartphones, watches, appliances, and entertainment systems. Users insist on connecting many of these to their business networks to check email and sync calendars, while also browsing the Internet and checking on how many steps they have taken in the day. The list of both work and leisure activities these devices can accomplish continues to increase, and the crossover between these two areas presents increasing challenges to IT security teams.
The other two buckets are comprised of devices most consumers never see. Commercial IoT consists of things like inventory controls, device trackers, medical devices, and manufacturing systems. And Industrial IoT is comprised of things like meters, pumps, valves, pipeline monitors, and industrial control systems. There are enormous advantages and benefits associated with the deployment of devices from these two IoT buckets. The real-time information they provide improve productivity and efficiency, which translates into a competitive edge. And in places like smart cities and critical infrastructures, these tools can save energy, essential resources, and even lives. Which is why businesses are so rapidly embracing IoT. Gartner predicts that more than half of new business processes and systems will include an IoT component by 2020.
But IoT presents some significant security challenges at the same time. Most IoT devices were not designed with security in mind—with little to no security configurability nor authentication or authorization protocols. And since most IoT devices are “headless,” security clients cannot be installed on them, making it virtually impossible to install patches or updates. It is no wonder that experts expect 25% of cyberattacks to target IoT in 2020 as well.
- Cloud Adoption
The cloud is transforming how business is conducted. Over the next few years, as much as 92% of IT workloads will be processed by cloud data centers, with the remaining 8% continuing to be processed in traditional on-premises data centers. As cloud services exist outside the perimeter and sightlines of traditional security solutions, a lack of consistent visibility and control makes them difficult to monitor and manage when it comes to security. Additionally, stewardship and responsibilities for the cloud remain unclear for many organizations, thus further complicating the picture.
The security challenges of the cloud are real. The average enterprise has 76 different cloud applications in use today. More and more organizations are adopting a multi-cloud strategy, with resources and workflows spanning across multiple IaaS and SaaS cloud providers. 49% of enterprises indicate that their adoption of cloud services has been slowed due to the lack of cybersecurity skills in their organization. Even though most cloud providers offer some level of security controls and even service level agreements (SLAs), there are numerous factors that lie outside of these that need to be addressed, such as the ability to see and track data as it moves between cloud environments, consistent policy enforcement, data storage in the cloud, centralized orchestration and policy management, and the ability to respond to malicious traffic that originates within or goes through the cloud environment.
It is rare for a day to pass without ransomware being in the top headlines. The total cost of ransomware topped one billion dollars in 2016, and some estimate that it may double that in 2017. In addition to becoming more malicious and brazen when it comes to ransomware attacks, cybercriminals with virtually no training at all can now participate by taking advantage of Ransomware-as-a-Service through cloud-based “franchises” that provide sophisticated hacking and ransom tools in exchange for a low upfront investment or a share of back-end profits.
With upwards of 4,000 ransomware attacks daily, infecting between 30,000 and 50,000 devices a month, the threat and impact is real. The biggest threat of ransomware, however, is not in the ransom amounts that are being paid, but rather in the downtime. 63% of businesses that reported a ransomware attack last year indicated they experienced business-threatening downtime. It gets even worse. When it happens to healthcare and critical infrastructure providers, downtime can be life threatening. Of those organizations that reported an attack last year, 3.5% said lives were put at risk as a result.
Network traffic is growing exponentially and is beginning to overwhelm traditional security devices. But it is more than just traffic. Much of it is filled with confidential or sensitive data that is being encrypted using technologies such as secure sockets layer (SSL). In fact, according to Fortinet’s Q2 Threat Landscape Report, over half of all network traffic today is encrypted, and that volume continues to grow at an annual rate of 20%.
While SSL encryption protects a lot of data that passes over corporate networks, it is also used by cybercriminals to hide malware, network probes, and malicious traffic. This means that organizations must open and inspect each message and, assuming it isn’t malicious, then repackage it and sent on its way.
Yet, this is easier said than done. Inspecting and repackaging SSL traffic is extremely resource intensive, and can create huge performance and bottleneck issues when security tools can’t keep up. As a result, organizations managing time and latency-sensitive data and applications are electing to either not encrypt critical traffic or inspect their encrypted traffic. Unfortunately, either of these options introduces substantial risk into an already complex threat landscape.
- Cybersecurity Skills Shortage
Just as organizations are being required to tackle increasingly sophisticated and evolving cyberthreat challenges, they are also faced with a global shortage of skilled cybersecurity professionals. A survey conducted by the Information Systems Security Association (ISSA) and analyst firm Enterprise Strategy Group (ESG) revealed that 70% of organizations indicated that the global cybersecurity skills gap has impacted them, with 54% claiming they experienced a security event in the prior year as a result of having insufficient security staff or training. And the problem is going to get worse, with estimates that the shortage will grow to a 1.5 million-person shortfall globally by 2020, up from 1 million today.
Cybersecurity skills shortages are exacerbated by the growth in the number of security software solutions. Organizations have geared up to combat new security threats, adding dozens of security solutions from various vendors across their distributed networks. The problem is that these different technology tools were often never designed to work in transient and borderless environments. And worse, these solutions tend to work in isolation from each other, having separate configuration and management consoles, and requiring manual intervention to correlate data between them in order to detect many threats. Integrating and managing the growing number of these disparate systems consumes valuable time and manpower, something that is already in short supply for most organizations.
Time to Rethink Your Isolated Security Strategy
Each of these challenges is daunting on their own. In aggregate they can be overwhelming. Organizations need to rethink their current strategy of deploying isolated security tools and instead adopt a consolidated approach that integrates and automates traditionally security technologies into a holistic security fabric that can span and adapt to today’s expanding and highly elastic networks, tracking and defending devices and data distributed anywhere across an organization’s ecosystem.