17 May 2017
•
The data threat landscape is hotting up, says Darktrace
"We need to change the way we approach security," says Peppa Wise
The IoT, machine learning and a doubling-down on public-facing ransomware are all on the IT threat horizon, enterprise immune system firm Darktrace has warned.
The overriding issue in the modern landscape, explained Darktrace's cyber security executive Peppa Wise, is how fast malicious actors are now able to work.
"Rules and signatures mean we're always one stage behind an attacker, because we're having to patch, create rules and signatures as soon as we've seen an attack, and they're not letting us put ourselves in front of the attacker and protect against attacks we've never seen before," said Wise, who was speaking at Computing's 2017 Big Data and IoT Summit.
"We've also seen a big change in the types of threats that are out there. It's no longer just data being stolen for financial gain that we need to be worrying about - trust attacks are a massive thing that we're seeing q lot more of at the moment."
Wise flagged compromised data to reputational damage "for sabotage", rather than the more traditional acts of stealing critical financial information for financial gain.
"Data compromise and loss of data integrity can be a lot more scary than that data just being stolen in the first place.
"If we considered an attacker from the inside changing records in a hospital, say altering blood types on a system, and then that hospital having no idea which blood types or which persom had been changed, yopu can imagine the absolute chaos that would cause for our NHS - it's much scarier than that data jjust being taken off the network in the first place," said Wise.
Wise said the industry should also expect an increase in attacks "flagged up on devices we're able to access," a given example being ATMs, or payment points in shops.
"These are attacks that could see the public pressuring an organisation to pay up in a ransomware attack, or take quick action."
Wise also flagged a rise in insider attacks ("Yes, that's your employees") who may be either stealing records for their own ends, or simply trying to work at home easier.
Finally, AI and machine-learning-driven attacks are a major upcoming threat, said Wise.
"We've seen examples of this with polymorphic malware and ransomware - created specifically to evade detection from security tools, to be able to hide in networks and strike when the time is right."
"This is worrying, and show we need to be changing the ways we approach security, and probably taking it a lot more seriously," said Wise.
