Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Cybersecurity
2019
Table of Contents
CONTENTS
NExTT framework 3
NECESSARY
Container security 7
Identity-as-a-Service (IDaaS) 10
Behavioral analytics (BA) 12
Software-defined networking (SDN) 15
EXPERIMENTAL
Blockchain security 18
Disinformation defense systems 20
Homomorphic encryption (HE) 23
Zero-knowledge proofs (ZKP) 25
Open-source security 28
THREATENING
Quantum encryption 31
Edge intelligence 33
Firmware security 35
TRANSITORY
Data provenance 37
Autonomous security operations center (ASOC) 39
Cyber insurance 41
TRANSITORY NECESSARY
High
Container security
Identity-as-a-service
rity
Software defined networking
Data provenance
INDUSTRY ADOPTION
Autonomous SOC
Cyber insurance
Quantum encryption
Edge intelligence
Disinformation defense
Zero-knowledge proofs
Homomorphic encryption
Blockchain security
Low
EXPERIMENTAL THREATENING
TRANSITORY
High
Identity-a
Data Security
Network Security
Software defined net
Data provenance
INDUSTRY ADOPTION
Autonomous SOC
Cyber insurance
Edge
Disinformation defense
Emerging Trends In Cybersecurity 3
Open source security
Firmware security
Title of NExTT Framework
NExTT Trends
TRANSITORY NECESSARY
High
TRANSITORY NECESSARY
Advanced driver
assistance
Trends seeing adoption but Trends which are seeing wide-
Telematics Vehicle
where there is uncertainty spread industry and customer
connectivity On-demand
about market opportunity. implementation / adoption accessand
Lithium-ion
Next gen HD where market and applications
As Transitory trends becomemapping batteries AI processor
infotainment
more broadly understood, are understood. chips & software
On-board
INDUSTRY ADOPTION
showrooms
Flying robotaxis
termarket EXPERIMENTAL
Blockchain
verification THREATENING
rvices and
hicle use Low MARKET STRENGTH High
As the number of accidents and malicious attacks rise, the need for
better cybersecurity only becomes more apparent.
Our experimental trends haven’t seen as much traction yet, but early
media interest and proofs of concept suggest these products, services,
and approaches to cybersecurity could become the necessary trends
of tomorrow.
CONTAINER SECURITY
Container security addresses cybersecurity challenges that arise
from using containerization technology to build and run enterprise
applications in the cloud.
Rising demand for remote access to enterprise cloud resources and the
growing number of employee devices mean achieving robust identity
security is increasingly difficult.
Source: Oracle
Note that even with rapid AI advancements BA systems will not replace
human analysts; rather, BA aims to make analysts more effective and
less prone to alert fatigue.
While the concept of SDN has been around for quite some time, adoption
didn’t take off until Facebook introduced the Open Compute Project
(OCP) in 2011. The OCP promotes redesigning hardware technologies
to efficiently support the growing demands on today’s compute
infrastructure.
There are new types of DDoS attacks that exploit SDN infrastructure by
locating specific automatic processes that use a significant amount of
CPU cycles. However, SDNs have the ability to automatically quarantine
parts of a network that have been infected with a malicious code.
Source: DCD
BLOCKCHAIN SECURITY
Securing enterprise blockchain ecosystems and auditing smart
contracts will become more important as institutions incorporate
these technologies into critical business applications.
The DAO attack reportedly could have been avoided if the contract had
been submitted to an auditing service.
Emerging smart contract auditing tools that have come online in the past
year are enabling engineers to fix many of the vulnerabilities that plagued
these systems in the past. However, auditing smart contracts at scale is
expensive and time consuming. Smart contract security weaknesses and
implications are just beginning to emerge.
For example, political bot armies and fake user “sock puppets” are
targeting social news feeds to computationally spread propaganda.
Online, the line between truth and falsehood is becoming less distinct as
AI researchers develop technologies that can produce audio and video
that is nearly impossible to confirm as real or fake.
Information attacks have materialized quickly over the last few years.
The World Economic Forum named the “spread of misinformation
online” the 10th most significant trend to watch in 2014. Today,
events like Russia’s 2016 US election meddling confirm the systematic
state-sponsored deployment of digital information attacks by
foreign adversaries.
Sketch of a Generative Adversarial Network for creating fake images, credit DL4J
For companies, the “holy grail” of data security is being able to operate on
encrypted data without compromising its security.
The enterprise data life cycle consists of 3 elements: data at rest, data
in transit, and data in use. Without a practical homomorphic encryption
scheme, enterprises have only been able to fully secure data at rest and
data in transit.
IBM researcher Craig Gentry, who is credited with the first fully
homomorphic encryption scheme, said the scheme is akin to “one of those
boxes with the gloves that are used to handle toxic chemicals… All the
manipulation happens inside the box, and the chemicals are never exposed
to the outside world.”
In May 2019, Ernst & Young announced project Nightfall, a new set of
protocols for enabling private transactions on the Ethereum blockchain.
ZKP experiments like Nightfall could one day help clients use blockchain
for secure supply chain management, product tracing, and privately
moving data between two or more entities.
Even worse, enterprises that lack a software bill of lading for the
open-source tools they use are not able to patch even the most known
vulnerabilities to block common attacks.
Source: Snyk
QUANTUM ENCRYPTION
Quantum computers threaten to undo all modern forms of
cryptography. They will also be critical to defending the future of
enterprise data security in the coming quantum age.
However, they could also be used to secure data from quantum hacking
— a technique known as quantum encryption.
Cyber criminals are scouring the global internet for IT assets that exhibit
process gaps, policy violations, misconfigurations, and other human
errors that let criminals break in.
Source: IBM
However, firmware security has not always been top of mind for
developers, and is often overlooked. Five out of every 6 WiFi routers in
US homes and offices are at risk of cyberattacks because their firmware
isn’t sufficiently updated for security vulnerabilities, according to
research by The American Consumer Institute.
Source: Wikipedia
DATA PROVENANCE
With the growing need to prevent data manipulation and comply
with new privacy regulations, data provenance systems will become
increasingly important.
Data provenance tools are integral to the future of data security. They
can help determine if a particular piece of information came from a
specific source, what tools were used to create it, and if it was modified
over time.
Today, enterprises need assurances that the data and analytics engines
they rely on for critical business intelligence decisions are fed with
appropriate and reliable data streams.
Data provenance systems will also be used to comply with new data
Machine learning algorithms are far from being able to accomplish the
full lifecycle of an analyst responding to a security alert today.
In the future, analysts will still have to interpret and make decisions for
the best course of action based on the data the system gathers.
Though cyber insurance has been on the market for nearly 2 decades,
today’s offerings are relatively novel compared to general commercial
liability and other business policies. Many cyber insurance carriers lack
claim filing experience, and many brokers lack deep expertise. Products
also vary widely, making comparisons problematic.
When it comes to where startups are playing in the cyber market, there
is growth in investment to startups providing security risk ratings for
cyber insurance — including by insurers. However, these startups aren’t
exclusively cyber insurance-focused and also provide solutions for other
industries including financial services and retail.
While cyber direct premiums written hit just $1.34B in 2016, cyber
coverage is projected to increase from $7.5B to as much as $20B by
2020. The spike in growth could result in insurers jockeying for position
as well as the formation of a host of new startups.