VP and Chief Security Officer, EMEA of Palo Alto Networks, Greg Day shares his cybersecurity predictions for the future. Beyond his work there, Greg also sits on the UK National Crime Agency steering committee
Cyber adversaries will extend further into ransomware, OT systems and cryptocurrencies. In recent years we have seen ransomware used for profit. However, RanRan is an example that used concepts of ransomware, not just for profit, but also to identify information that could be used to blackmail victims. While continuing to be financially focused, I believe ransomware will also start to do more data analysis, which means we could see ransoms based on data value, rather than being generic, plus more of both targeted ransomware attacks and those being used for other motives, such as blackmail.
The Dyn DDoS attack leveraged IoT devices to attack traditional computer systems. The volume of OT (operational technology) is growing at pace, whether that is factory systems or automated drones delivering medical supplies in countries like Africa and we have yet to see the impact of such systems coming under direct attack. However, the value to criminals of stealing medical goods will surely mean that they look to break into the IoT or OT system to redirect the goods and this highlights the challenge we are likely to face. The growing commercial utilisation of IoT and OT systems means that, for the adversary, the value of breaching and controlling these types of systems is increasing.
Finally, with the growing popularity of digital currencies, more commonly known as cryptocurrencies, we can expect to see more malware focused on stealing account information to empty these next-generation accounts. The second payment services directive (PSD2) requires payment processors to open access to third parties and as discussions continue around blockchain digital ledgers, it feels as if the financial industry is moving further towards the digital money space. The question is whether adversaries are prepared for this transition – evidence would suggest they are already looking at it.