Based on its work this year in the fields of cyber security and financial crime, BAE Systems Applied Intelligence and Scott McVicar, its Managing Director of Cyber Security, offer these top five predictions for the digital crime landscape in 2015:
Fragmentation of cyber criminal activities will pose new challenge to detection and investigation
The past five years have seen an increasing industrialization of the cyber criminal marketplace. Specialisms such as malware authoring, counter-AV testing, exploit kits, spamming, hosting, money-muling, and card cloning are becoming miniature markets of their own. Crime as a service is a reality, lowering the barrier to entry for budding criminals and fueling the growing threat, year after year.
Law enforcement action has done well to date by focusing on the big problem sets and causing significant disruption to these activities. In 2015, BAE Systems Applied Intelligence anticipates these efforts will cause a fragmentation in the market as criminal actors split into smaller units using newly developed and more resilient capabilities. We believe this will present a greater challenge for the security community. We also see the need for law enforcement to find ways to drive efficiency and automation into their intelligence collection and analysis work streams. This should enable them to ramp up the number of simultaneous investigations and make disruption a “business as usual’ activity.
We will enter a period of “hyper regulation”
In the context of millions of dollars in fines, financial institutions now have an imperative to actively search out criminals such as money launderers, rather than simply being compliant with regulatory guidance. We believe more organizations will hire more big hitters from the law enforcement and national security world to show they are serious about stopping the criminals.
Organizationally, we will see continued efforts to remove silos between Risk, Compliance and Information Security departments, a continuing move towards these departments to work more closely together, and requirements for combined detection capabilities. From an operational perspective, joining-up investigative capabilities to develop a single intelligence platform across the enterprise will be increasingly key. This will be combined with the deployment of integrated case management for all forms of financial crime across all financial institutions.
The arrival of the next industrial revolution will be accelerated by building in security from the start
One of the most disruptive forces in the coming generation will be the growth in interconnectivity of machines, data, and people. Known as the “Internet of Things” (IoT) or the “Internet of Everything” (IoE), this disruption is expected to bring us the next industrial revolution whereby automation and orchestration of many tasks in manufacturing, retail, transport and the home lead to greater efficiency and massive productivity gains. Little stands in the way of this advance in technology; however security professionals are already voicing concern about both the systematic risks of greater connectivity, as well as the risks to life with machines such as cars and medical equipment becoming part of the connected world.
We anticipate that 2015 will see increased focus on building in security-from-the-start for the next industrial revolution; security professionals will be tasked with finding solutions for protecting critical systems and national scale infrastructure. They will look at techniques such as segmenting high value systems away from high risk activity whilst retaining connectivity and trusted data flows. With a broader attack surface we expect that criminals, activists, and spies will continue to penetrate networks. Limiting potential impact whilst enabling the myriad of advantages connectivity brings will be key to realizing the benefits. Rather than being an impediment, we expect that good security can actually speed up the realization of this next industrial revolution.
The art of attribution will be impacted by deception efforts
Cyber threat reporting and public whitepapers have grown in regularity and prominence during 2014. One of the key parts to a contemporary threat report is attribution – the small details in the code and attack behavior which give away clues as to the perpetrators of attack campaigns. What should be a scientific process is still more of an art, with technical indicators mixed in with contextual information and cultural references providing hints which are picked up by researchers. Attackers read the resulting public reports as well, we can see evidence of this from the shifts in behavior which occur immediately afterwards.
In 2015, we anticipate that attackers will go to greater lengths to improve their own operational security and increase their use of deception – that is, the placing of false flags to throw off researchers and hamper attribution. This runs the risk of undermining the art of attribution and casting a shadow over the field of threat intelligence. Researchers will need to adopt practices from the professional intelligence community and tread more carefully when drawing conclusions about who is ultimately behind cyber attacks.
2015 will be crunch time for Big Data
We’ve seen the rise of “Big Data’ in recent years with technologies such as Hadoop moving from niche projects to mainstream workhorses. Businesses in sectors such as telecoms, banking, and technology have shown most interest and many have already invested in big data technologies. We are now entering a maturing phase of the lifecycle, with competing platforms, support services, and a strong market for developers, data scientists and administrators. However, business leaders who’ve funded the investment are increasingly asking their technology teams to show value from their implementations.
We anticipate 2015 to be crunch time for Big Data crunching – where those who are still running at the prototype phase are expected to deliver more towards specific business use-cases to justify continued investment. This will focus minds from “getting more data in’ to “getting more out of existing data’. There will be a shift from technologies which enable storage and basic reporting to those which enable meaningful intelligence to be extracted. Use-cases such as network monitoring, fraud-detection, and security analytics will be popular – driven by the increasing overlap between cyber threats and other risks and more focused board-level attention on managing cyber security across the business.