This has been another eventful year in the realm of cyber security—with a number of high-profile data breaches that affected large numbers of people and technological developments that promise to impact the market for years to come.
Here are some of the more notable developments, according to security and IT executives.
DNS incident shuts down internet sites
In late October, many organizations across the internet including some of the largest Web sites disappeared after an attack was launched against Dyn, an infrastructure provider offering managed DNS services.
The distributed denial-of-service (DDoS) incident affected users in most of the East Coast of the United States as well as data centers in Texas, Washington, and California. According to statements from Dyn, tens of millions of IP addresses hit its infrastructure.
[ MORE LOOKING BACK: 2016: A reflection of the year in cybercrime ]
“The DNS attack was interesting in that it made all levels of [our] company aware that security-driven changes to our DNS and internet access were made in order to avoid such denial of service,” says Barr Snyderwine, director of information systems and technology at Hargrove.
“It also made all users aware that security is important,” Snyderwine says. “Users have to be aware that every device is a potential risk and that it can impact their own jobs. Our security phishing training we provided just the previous month is serious business. In fact, many people said it helped them at home and work.”
Artificial Intelligence (AI) gains ground
This was a year in which AI seemed to become a lot more mainstream. Machines are getting smarter, with AI capabilities being embedded in a growing number of devices.
Companies are using machine learning techniques to train robots to have greater functionality and take on more complex tasks. Advances in data analytics and the analysis of visual data are also adding new dimensions to AI. And enhancements in the machine learning algorithms used for language processing are making it easier for people to communicate with machines.
All of this has significant implications for security.
“AI has come a long way with machine learning technologies now capable of performing intelligent analysis of data and situations,” says Erkan Kahraman, CSO at Planview. “It’s also making an impact on the security industry, where we see more tools and solutions with AI capability, such as network intrusion detection with AI or advanced data analytics and behavior analysis powered by AI. Everything will be plus-AI in the future.”
Blockchain in the spotlight
This year also saw lots of activity with regard to blockchain, a public ledger of all the Bitcoin transactions that have been executed. The digital ledger of transactions, which can be shared among a distributed network of systems, is constantly growing as blocks are added to the blockchain in a linear, chronological order.
A blockchain uses cryptography to enable each participant to manipulate the ledger in a secure manner without the need for a central authority.
“Blockchain itself is a technology with potential to transform our lives significantly, “ Kahraman says. “It’s regarded as a ‘secure’ way to perform decentralized, peer-to-peer transactions due to the inherent transparency and availability it provides. This is great for public data or data which is meant to be seen by others. But we are only just exploring how to secure ledgers and transactions when it comes to proprietary and sensitive information in private blockchains.”
Ransomware attacks on the rise
Ransomware attacks became more common in 2016 across all industries. But healthcare was easily the biggest target of the assaults. With the success of a number of high-profile attacks on hospitals, cyber criminals increasingly took aim at healthcare providers.
[ ALSO ON CSO: The history of ransomware ]
“There is a significant increase in ransomware overall, but we¹re also seeing the bad guys hone in on important operations like healthcare and fine tune their pricing to make it more cost effective for the victim to pay rather than fight,” says James Beeson, CISO and IT risk leader at GE Capital Americas.
Yahoo confirms massive breach
In what some reports were calling the biggest data breach of all time, internet news and search site Yahoo announced in September that a recent investigation by the company confirmed that user account information had been stolen from its network in late 2014.
The account information might have included names, email addresses, telephone numbers, dates of birth, and other data, according to a statement by Yahoo CISO Bob Lord. Based on the investigation, Yahoo suspected that information associated with at least 500 million user accounts was stolen.
Apart from the number of records, what makes the Yahoo incident stand out is that the company was in the midst of being acquired by communications provider Verizon for $4.8 billion. News of the breach led to speculation about the potential impact on the transaction.
“Clearly it's become a major sticking point in the negotiation and serves to remind us all of the financial magnitude an account breach can have on a company,” Beeson says. “I suspect it's also impacted the cycle time of the deal, which also costs both companies money.”
Emergence of Robotic Process Automation (RPA)
Demand for robotic process automation (RPA) tools, which use software "robots" to replicate the actions of human workers such as data entry, is on the rise. Organizations can configure RPA software to capture and interpret the actions of existing business applications.
The software can automatically manipulate data, communicate with other systems and process transactions as needed. As with other new technologies that come on the scene, there are implications for security.
“Where RPA is most effective is with standing up a center of excellence [COE] to assess and execute automation opportunities,” says Christina Critzer, senior vice president, Enterprise Shared Services as SunTrust.
“By its very nature the COE has the ability to cut across applications and teams to automate activities,” Critzer says. “This challenges typical security models, which emphasize segregation of duties.”
Computers operated by the Democratic National Committee (DNC) were hacked, leading to speculation about possible Russian involvement in the attack and raising concerns about the impact on the U.S. presidential election. In addition, Wikileaks published thousands of emails that were stolen from the DNC.
[ RELATED: Q&A: The myths and realities of hacking an election ]
The incident shows “that an attack exposes old emails and that nothing is truly private,” Snyderwine says. “That made our company aware that we do not want all emails potentially exposed, so we were able to change some policies to reflect tighter email training.”
In addition, Hargove will be updating its email archiving and deleting policies. The hacking incident led all levels of management “to take the message of potential risks to the user base,” Snyderwine says.
Security issues were also raised at state levels. For example, the Colorado Department of State architected election systems “with security built-in and spent a lot of time thinking about threat mitigation,” says Deborah Blyth, CISO of Colorado.
“The uphill battle was providing assurances to the general public that the systems were secure, despite the constant attention and focus on threats of nation states and the fear of cyber-attacks against the election systems,” Blyth says.
In the weeks and days leading up to the election, “we spent a lot of time monitoring for and responding to threats, rumors and fictitious claims while continuing to provide assurances to our leadership that things were under control and the systems were secure,” Blyth says.
Insider threats grow
Dealing with threats from inside the organization have long been a concern of security executives, but the emphasis seems to be growing.
“Over the past year I have seen a development and emphasis applied toward Insider threat monitoring programs,” says Robert Schadey, CISO and director of infrastructure services at 1901 Group. “The frequency and risk of employees as an insider threat—intentional or unintentional—has been a real and unrecognized danger that we must grow to understand, as we focus and learn more about the issues.”
In the past year organizations have only just broken the surface of monitoring behaviors and identifying malicious actions to mitigate this type of threat, Schadey says. “The ability to identify the issues will require momentum in better behavior-based analytic tools to help us move from a reactive to proactive insider threat monitoring capability."