This post is part of an ongoing blog series examining “Sure Things” (predictions that are almost guaranteed to happen) and “Long Shots” (predictions that are less likely to happen) in cybersecurity in 2017.
The endpoint security market will experience some dramatic shifts in 2017. Everything from the disposition of the threat actors to the players in the security vendor space to the nature of endpoints is undergoing significant changes. This will most certainly catch many organisations off guard. But there are options for those security professionals who care to prepare for it. In this post, I will outline four changes that security professionals might see in 2017.
According to the research firm Cybersecurity Ventures, there were more than three dozen vendors and startups in the endpoint security market in 2016. For an evaluator or buyer of security products, that’s too many options, too many disparate approaches, and too much confusion – clear signs of saturation in any market.
Investors also seemed to recognise that the endpoint security market is reaching its saturation point: 2016 marked a slowdown in funding of new security startups, compared to 2015. As fewer (new and existing) startups receive funding, those that cannot deliver enough value to buyers in order to gain a foothold in this crowded market will inevitably die out. Others will be acquired by the traditional antivirus (AV) vendors who recognise the need for rapid retooling of their offerings to stay competitive.
As the pace of cyberattacks continues to increase, so does the pace of this market consolidation. Endpoint security vendors will recognise that they must move fast to keep pace with the threat landscape and the market conditions. These conditions will lead to a rapid, Darwinian consolidation in the endpoint security market.
Recent research from Unit 42, the Palo Alto Networks threat intelligence team, outlined the three main reasons cybercriminals continue to rely heavily on exploit kits:
In other words, exploit kits turn cyberattacks into an automatic, outsourced, and scalable operation for criminals. And with the ability to rent access to any number of exploit kits for a few hundred dollars a month, launching an attack with exploit kits is now far more affordable than ever before.
Information security has always been a “cops and robbers” problem. And with exploit kits, the robbers add automation, outsourcing, and scalability to their side of the equation. This is a trend that will certainly continue to escalate in 2017. The security industry, on the other hand, seems only recently to have recognised that it must match those capabilities or risk losing this battle. Fortunately, there are advanced endpoint protection solutions that already offer these automated, scalable prevention capabilities to forward-thinking organisations.
In March 2016, Unit 42 discovered KeRanger, the first instance of a macOS-based ransomware. Since then, the team has discovered several new types of malware exclusive to macOS. This is not a surprising trend – what’s surprising is that it took so long.
macOS-based systems present cybercriminals with a perfect set of circumstances:
A large and increasing population of enterprise users who practice poor cybersecurity hygiene and do not have automated, sophisticated endpoint security solutions to protect their systems? Sounds like the perfect target for crafty cybercriminals looking for new sources of ransomware revenue in 2017.
The proliferation of the Internet of Things (IoT) is already underway. According to the research firm Gartner, there were an estimated 6.4 billion IoT devices in use in 2016. The firm forecasts that there will be over 20 billion connected IoT devices by 2020. Despite the large number of devices, IoT security still seems to be an afterthought. This is concerning, considering:
The IoT ecosystem is still in its technological infancy. The extent and the impact of existing security flaws may not be obvious yet because of the limited computing and connectivity capabilities of the devices in use today.
This was very likely the same argument used to justify distributing unsecure systems in the automotive industry – until researchers demonstrated their ability to remotely hack a car travelling at highway speeds in 2015.
As the IoT device counts and capabilities continue to increase in 2017, the inherent security flaws that may have been ignored in the past will become more prominent, complex and unnerving. Organisations that develop, produce, and host these devices must make a concerted effort to integrate security into these devices and the networks they operate in. Being the first organisation to deal with the public repercussions of a breach in IoT security is not a “first mover advantage” in any industry.
What are your cybersecurity predictions around endpoint security? Share your thoughts in the comments and be sure to stay tuned for the next post in this series where we’ll share predictions for healthcare.