Rich Campagna is the CEO of Bitglass. He previously served as senior director of product management at F5 Networks. Beneath everyday web traffic, there’s a fierce battle raging for the security of the Internet. On one side are the villains; cyber criminals ranging from thrill-seeking amateurs to nation states. On the other side are the cybersecurity professionals, including researchers and analysts, all of whom seek to protect data.
The odds of either side scoring a decisive blow and ending the long-running battle for security is quite low. As with all battles, both sides are racing to develop new technologies that will give them the upper hand. While much of the conflict takes place in unseen digital arenas, organizations and individuals are realizing that their data sits in the line of fire. Recent years have seen the threat become all the more potent in the aftermath of successful attacks on businesses that were previously seen as unassailable.
One thing that is clear is that the battle lines will continue to shift. New tactics will arise and shape the future of the conflict. Here is a preview of what to expect on the frontlines in 2018 and beyond.
Advance: Phishing Targets Cloud
While phishing is a somewhat dated security concern, it’s still highly effective if delivered via the right vector. Over the years, internet users have become much wiser to traditional phishing (typos, unknown senders, mysterious attachments, etc.), so cybercriminals have looked for new avenues. The rise of cloud apps has opened up attack vectors that didn’t previously exist. The 2017 Google Docs attack is a prime example, with legitimate Google sign-in screens used to trick users into granting permissions to a malicious third-party application. The app then harvested information from victims’ contacts and emails. Criminals are increasingly spoofing trusted applications in order to deceive unsuspecting victims into granting permissions or handing over credentials.
Countermove: MFA And Behaviors
There are various ways to protect against phishing techniques. Switching from username and passwords to Multi-Factor Authentication (MFA) is one of the swiftest and most effective methods. MFA’s layered security prevents criminals from accessing user accounts even if they manage to acquire the login. MFA is already in use on many websites, with companies such as Facebook, Apple and Dropbox introducing or enhancing MFA in the last year.
Another way to counter advanced phishing attacks is through smart detection technology, which my company leverages, that can monitor user behavior across multiple cloud apps and detect strange activity, signaling a person is not who they claim to be. If a hacker programmatically accesses or downloads large volumes of data from a cloud app, a smart detection system could automatically flag this as suspicious, or block the transaction outright. Making detection “smart” is a step up from simply looking for a phishing email to understanding and detecting attacks as they unfold. For example, using machine learning to gain a deeper understanding of typical user behavior, and then looking for deviations from that norm can help to detect even the most subtle usage of stolen credentials. Companies have started to apply smart detection for internal threats in quite a few areas. In the User Behavior Analytics space, Exabeam, Securonix and Splunk have all begun using smart detection. In the Data Loss Prevention space, Amazon Web Services is employing smart detection, and companies like Cylance, Carbon Black and CrowdStrike all use it for external threat detection.