How the Threat Landscape Will Change By 2020

McAfee Labs' five year look ahead attempts to predict how the types of threat actors will change, how attackers’ behaviors and targets will change, and how the industry will meet these challenges over the next five years.

Below-the-OS attacks. Attackers could look for weaknesses in firmware and hardware as applications and operating systems are hardened against conventional attacks. The lure would be the broad control attackers can potentially gain through these attacks, as they can conceivably access any number of resources and commandeer administration and control capabilities.

Detection evasion. Attackers will attempt to avoid detection by targeting new attack surfaces, employing sophisticated attack methods, and actively evading security technology. Difficult-to-detect attack styles will include fileless threats, encrypted infiltrations, sandbox evasion malware, exploits of remote shell and remote control protocols, and the aforementioned, below-the-OS attacks targeting and exploiting master boot records (MBR), BIOS, and firmware.

New devices, new attack surfaces. While there has not yet been a surge in IoT and wearable attacks, by 2020 we may see install bases of these systems reach substantial enough penetration levels that they will attract attackers. Technology vendors and vertical solution providers will work to establish user safety guidance and industry best practices, as well as build security controls into device architectures where appropriate.

Cyberespionage goes corporate. McAfee Labs predicts that the dark market for malware code and hacking services could enable cyberespionage malware used in public sector and corporate attacks to be used for financial intelligence-gathering and the manipulation of markets in favor of attackers.

Privacy challenges, opportunities. The volume and value of personal digital data will continue to increase, attracting cyber thieves, and potentially leading to new privacy regulations around the world. Concurrently, individuals will seek and receive compensation for sharing their data, a market will develop around this “value exchange,” and the environment this market shapes could change how individuals and organizations manage digital privacy.

Security industry response. The security industry will develop more effective tools to detect and correct sophisticated attacks. Behavioral analytics could be developed to detect irregular user activities that might indicate compromised accounts. Shared threat intelligence is likely to deliver faster and better protection of systems. Cloud-integrated security could improve visibility and control. Finally, automated detection and correction technology promises to protect enterprises from the most common attacks, freeing up IT security staff to focus on the most critical security incidents.

“Keeping pace with, anticipating and preempting adversaries requires that we match the intelligence exchange, cloud computing and delivery power, platform agility, and human resource assets that cybercriminals regularly leverage,” said Vincent Weafer, vice president of Intel Security’s McAfee Labs. “To win battles against future threats, organizations must see more, learn more, detect and respond faster, and fully utilize all the technical and human resources at their disposal.”
Net-security: http://bit.ly/20Zlcpq

 

 

« Artificial Intelligence Could Drive Human Inequality
Low-tech Coppers in the UK »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ExaGrid Systems

ExaGrid Systems

ExaGrid provides Tiered Backup Storage with a unique disk-cache Landing Zone, long-term retention repository, and scale-out architecture.

DNV

DNV

DNV are the independent expert in assurance and risk management. We deliver world-renowned testing, certification and technical advisory services.

Totaljobs

Totaljobs

Totaljobs is the UK’s largest hiring platform. We have over 280,000 live jobs adverts on our site, helping you to find any type of job in any industry, including cybersecurity.

Recovery Point Systems

Recovery Point Systems

Recovery Point is a leading national provider of IT secure and compliant infrastructure and business resilience services.

US Secret Service

US Secret Service

The US Secret Service has a pivotal role in securing the nation’s critical infrastructures, specifically in the areas of cyber, banking and finance.

Nordic Cyber Summit

Nordic Cyber Summit

Nordic Cyber Security Summit addresses a wide range of technological issues from the IT Security spectrum and also provides a wider perspective from all aspects of the industry.

Gytpol

Gytpol

Gytpol is a leader in Endpoint Configuration Security (ECS) solutions, providing validation, remediation & securing of IT Policies and IT Infrastructure on-premise and in the cloud.

astarios

astarios

astarios provide near-shore software development services including secure software development (DevSecOps), quality assurance and testing.

Diateam

Diateam

Diateam is an R&D company specializing in computer security. Diateam develops highly innovative cyber range platforms and Industry-leading systems for cybersecurity training and testing labs.

Brookcourt Solutions

Brookcourt Solutions

Brookcourt Solutions delivers cyber security, network monitoring technologies and managed security services to help secure and protect your organisation’s critical infrastructure.

Datastream Cyber Insurance

Datastream Cyber Insurance

DataStream Cyber Insurance is designed to give SMB’s across the US greater confidence in the face of increasing cyber attacks against the small and medium business community.

HiSolutions

HiSolutions

HiSolutions is a renowned consulting firms for IT governance, risk & compliance in Germany, combining highly specialized know-how in the field with profound process competence.

MIS Solutions

MIS Solutions

MIS Solutions is a managed cloud and IT security partner making technology work for you.

Dapple Security

Dapple Security

Dapple Security is creating cutting edge technology utilizing responsible biometrics that protects people and privacy through a first-of-its-kind passwordless platform.

VeriBOM

VeriBOM

VeriBOM is a SaaS security and compliance platform that helps protect you and your customers through automation, documentation, and transparency for every software application you build or run.

Nothreat

Nothreat

Nothreat has revolutionized how businesses like yours protect themselves from damaging cyber attacks. Our tech learns and adapts in real time, protecting clients from even zero-day attacks.