2017 was a very busy year for Portnox, yet throughout we aimed to address cybersecurity trends through our product offerings – Portnox CORE and Portnox CLEAR. With the highest number of ransomware attacks on record in 2017, we introduced a Rapid Ransomware Response and Control feature to our on-premise NAC solution, Portnox CORE, as well as the ability to see and control Internet of Things (IoT) devices through the IoT Visibility Radar. Portnox CLEAR, our cloud solution for network access control and risk management, was introduced to the market, and with its features for ensuring business continuity and securing the mobile workforce. The ability of our products to adequately address 2017 received commendation in the form of various industry awards and recognitions from leading publications and security experts.
Looking forward to 2018, the security landscape will shift and focus more heavily on IoT security, blockchain trends, automation and workforce mobility.
Here are some of our insights on what the 2018 cybersecurity landscape will look like:
- Extension of Automation: Together with AI and machine intelligence trends, automation will likely take center stage in 2018 as the leading security trend. Microsoft recently announced that it will begin automated anti-virus updates through its Windows Defender, which means that users and organizations will no longer have a choice when it comes to patching endpoints and software. This is good news, because it ensures that more actors have adequate security postures, and it makes sense for modular devices (like IoT) that present difficulties when it comes to firmware upgrades. Yet automation also creates challenges, namely for industries dependent on older versions of software, firmware and operating systems, such as healthcare and finance. Automated security updates could put the business continuity of these organizations at risk, and with potentially life-threatening and economically risky consequences. In addition, automated security updates across the board could actually make it easier for hackers to carry out large-scale attacks that will affect a larger number of endpoints.
- Blockchain and the Hacking of Applications: While many believe that the blockchain is “unhackable”, in the last year we have seen an increase in the number of attacks against blockchain-based applications. The vulnerabilities do not arise from the blockchain itself, but rather the applications that run on the blockchain. Social engineering will be used to extract private keys. Another possible blockchain hack, which has already been proven possible, is through other blockchain technologies such as Ethereum, which is an organization that’s committed to being open source for third-party applications. This creates a vulnerability because almost all applications have bugs can be manipulated by hackers as an attack surface.
- DDoS Ransomware: Creating a new and more pungent form of blackmail, DDoS and ransomware are joining forces to topple enterprise progress in digital transformation, while reaping monetary benefits. These attacks are made possible by using botnets, or large groups of “zombie” devices – which often happen to be Internet of Things devices, such as webcams – to funnel traffic to a malware-infected web address that, in turn, extract data from the accessing endpoint and demand ransoms for the return of that encrypted data. These attacks are often called “sinkhole” attacks because the DDoS traffic is being directed to sites that contain dangerous malware. With the wide adoption of Internet of Things devices in the enterprise, and the rise in ransomware demands, it’s likely that we’ll be seeing more of these attacks in the next year.
- Growing Regulation of IoT Security: Regulations governing IoT security features are beginning to be drafted, but there is still not enough demand from the consumer side to warrant manufacturer investment in security features. This begs a major question in 2018 of whether governments, in similar fashion to the US and EU, will begin issuing security regulations on IoT device manufacturers that protect consumers and companies from digital risk. Together with GDPR and other compliance regulations, we are likely to see more governments and industry authorities stepping up to enforce privacy, safety and security regulations on IoT manufacturers.
- Mobility of the Workforce: With more employees working remotely, organizations are enjoying a significant drop in their capital expenditures (many have even given up on the physical office space), while directing operational expenditures at digital transformation trends such as cloud and BYOD. Workforce mobility is a good thing for companies’ balance sheets, but the technological flexibility it affords results in more areas of cybersecurity vulnerability for the enterprise network. Companies that are set on accommodating mobile workforce trends will be investing in more endpoint, network and cloud security solutions that protect access and assets across a variety of locations and in various connected environments.
At Portnox, we will continue innovating our access control offerings to provide solutions to 2018 security trends and challenges, providing our customers with valuable, holistic solutions to protect their networks.
Here’s to a great 2018!