To stay ahead of threats, CISOs will need to enter 2018 in steep learning mode. Their priorities will include integrating artificial intelligence, protecting against increasingly advanced Distributed Denial-of-Service (DDoS) attacks, pressuring IoT vendors to build enterprise-class devices and deciding what blockchain technology may mean to them.
When it comes to leveraging IoT devices for DDoS attacks, the bad guys tipped their hand in 2016 with the Dyn DDoS attack, said Eric Cowperthwaite, managing principal at Citadel Services, a security and risk management consulting company. “There’s way more of that coming—way more,” he said. Broadly speaking, enterprises lack good plans to deal with these types of attacks, he said.
The Dyn attack illustrates two separate issues that CISOs must address. One is the order of magnitude: While the attack is the same type of threat businesses often face, the leveraging of IoT devices amplified the amount of malicious network traffic used in DDoS attacks.
The second challenge isn’t just the operational stability problems such an attack can cause, Cowperthwaite said; it’s also the damage to the company’s reputation when it becomes known that its inadequately secured IoT network enabled the attack.
CISOs need to pressure vendors to add instrumentation to IoT devices entering the enterprise, so that commercial devices are at least hardened from attack and defendable. “If CISOs don’t apply pressure on those vendors, who will?” he asked.
CISOs must be able to monitor their networks so that it’s possible to tell when trusted—or supposedly trusted—devices are behaving appropriately. “If it’s not acting correctly, you should take it off the network,” Cowperthwaite said.
Also high on the CISO’s priority list should be figuring out how to use artificial intelligence to automate event management. “If we don’t figure out how to use AI to deal with the masses of data that we have, we’ll never get ahead,” Cowperthwaite warned. He suggested automating basic security so people aren’t looking at first-level event data. “Why aren’t we taking all that event log data and running it through an AI that will look for anomalies before we do anything else?”
CISOs also can take a page from Agile to tackle other persistent cybersecurity challenges, and move away from security-event firefighting and into more of a business advisory role.
Finally, while blockchain technology may or may not be your friend, it most likely will be more than a passing acquaintance by year’s end. CISOs need to learn about distributed trust systems as well as the technologies and tools that help ensure transaction integrity, irrefutability and nonrepudiation. CISOs then can consider business risk when it’s time to establish governance for the new players on the block.