February 2, 2017

2017 Security Predictions and Directions

The Employee at the Center of Compromise
Paul Calatayud, Chief Technology Officer – FireMon – Overland Park, Kansas, USA

While 2015 was the year the data breach became commonplace, 2016 revealed the value of the CISO. 2017 will be the year of the employee. Cyber attacks are shifting towards targeting internal employees as cyber defenses are built up, and it becomes more difficult for attackers to attack machines.

Brief Biography
Paul is the Chief Technology Officer for FireMon. He leverages 15 years of experience leading security teams along with his real-world insights on the FireMon platform to help deliver strategic solutions to enterprise customers.
Important Issues:
  • The skills shortage will continue to rise – cyber personnel will become a rare commodity like we have never seen before.
  • There will be new and exciting innovations and adoption of philosophies such as DEV-SEC-OPS
  • Managing the risks as organizations increase their adoption from basic non-regulated data to more regulated data.
Direction for CSOs and Decision Makers:
  1. CSOs will need to ensure they renew focus on basic security strategies such as employee awareness.
  2. CSOs will also need to go beyond by developing defense and detection strategies in support of insider threats.
Cryptzone secures the enterprise with dynamic, context-aware security solutions that protect critical services, applications and content from internal and external threats. For over a decade, enterprises have turned to Cryptzone to galvanize their Cloud and network security with responsive protection and access intelligence. More than 450 public sector and enterprise customers, including some of the leading names in technology, manufacturing and consumer products trust Cryptzone to keep their data and applications secure. For more information, visit www.cryptzone.com or follow us @Cryptzone.
The cloud as an attack vector will grow
Daniel Alejandro Nocella, Chief Executive Officer – Bank Columbia – Buenos Aires, Argentina

Organizations migrating to the cloud, their already vulnerable environments, will find limited security benefits without proper preparation because the foundation that allows virtual machines to run could be under attack.

Organizations believe that by simply migrating to the cloud they are already intrinsically safe, but carrying the data out will not exempt organizations from their responsibility to ensure them, and best practices will remain important. The end result of rushing to take cloud computing without these considerations could translate into an inadequate security stance for many companies in 2017.

Brief Biography
Daniel is the Chief Information Security Officer (CISO) for Bank Columbia, one of the most important bank in Argentina, leads the overall corporate information security strategy. Cumulating 30 years of IT experience in government, financial, health and oil industries in Latin America. Daniel holds an MBA and information systems degree. At the past, he held positions as CISO in YPF S.A. And Swiss Medical Group and was manager in Price Waterhouse Coopers.
Weaponized IoT will cause a major data breach
Sol Cates, Vice President of Technology Strategy – Thales e-Security – Portland, Oregon, USA

2016 has been quite the year for cybersecurity. This past year proved that taking control of hundreds-of-thousands of devices can be used for massive DDoS attacks. In 2017, it will be confirmed that the on-ramp to a massive data breach that appeared to be from an insider was actually from a hacker group gaining access, behind the perimeter protection, through what was thought to be “a simplistic IoT device.”

Brief Biography
Sol Cates is the Vice President of Technology Strategy for Thales e-Security and formerly Vormetric’s Chief Security Officer. As VP of Technology Strategy, Sol and his team focus on bringing new innovations to market focused on the “underlying problems” of the industry, to bring security solutions to the security professional to help them become successful in today’s challenging environment which they often have very little control over. As a former CISO and CIO, Cates has a unique perspective on how technology, people, process, and governance impact how successful security teams can solve real world problems.
Important Issues:
  • Ransomware
  • Connected Car Security
  • AI and Machine Learning in Banking Industry
Botnet of Things
Amichai Shulman, Co-founder and CTO – Imperva – Redwood Shores, California, USA

Most connectivity growth is related to the Internet of Things (IoT): surveillance cameras, fitness wearables, smart devices of all types, and other connected appliances. Along with their embedded computing and communication abilities coupled with relatively high mobility, they are devoid of professional system or software management. And since default passwords are rarely changed by end users, the devices are ripe for compromise. Mirai-controlled surveillance cameras and ancillary recording devices presented the opportunity this past year.

Depending on the adoption pace of IoT, we expect to see two distinct types of trends.

First, we’ll see a surge in botnet numbers and sizes. From a research perspective, we consider botnets to be on par with residential routers, as most IoT devices sit within home networks and aren’t directly exposed to the web. That said, we’ll likely see a few internal incidents that will ultimately be traced to a compromised IoT device having been (inadvertently) brought within the range of the compromised network.

Secondly, we’re going to see even more botnet for hire activity. Sophisticated botnets are easier to rent than ever before; prices are dropping and sizes are increasing. Being so readily available, anyone can launch a fairly sophisticated attack without having any hacking expertise whatsoever. Where there’s opportunity for mayhem, it happens. We’re not expecting to see improvement in the security of IoT devices, so whatever type of new IoT devices penetrate the market in 2017 are likely to be the next botnet platform.

Brief Biography
Amichai heads the Imperva Defense Center, the internationally recognized research organization focused on security and compliance. Under his direction, the Imperva Defense Center has been credited with the discovery of serious vulnerabilities in commercial Web application and database products including Oracle, IBM, and Microsoft. Amichai has appeared on CNN, in the New York Times, USA Today, Washington Post, BBC, and Sydney Morning Herald. Amichai served in the Israel Defense Forces, where he led a team that identified new computer attack and defense techniques. He has B.Sc and Master’s Degrees in Computer Science from the Technion, Israel Institute of Technology.
Important Issues:
  • Hackers upping are their game with all signs pointing to more threats, not less.
  • Enterprises will try to improve usage of their existing security arsenal in 2017 and smarter organizations will rethink their strategy in general.
  • The end of defense in depth – the past five years have been a tremendous challenge for security teams; they’ve continually deployed more systems and technologies, only to grow increasingly frustrated by new risks and attack vectors.
Direction for CSOs and Decision Makers:
  1. The abundance of botnet for hire increases the need for DDoS protection. Compromised IoT devices are going to surface as a new vector for internal compromise, raising the need for an insider threat protection strategy.
  2. Develop a comprehensive plan to address your specific business threats rather than the full array of current attack vectors, and finally dispose of dated technologies.
  3. Place more emphasis on timely incident detection. Take a fresh look—don’t let great be the enemy of good. Organizations don’t have to constrain themselves to real-time detection to shorten threat discovery times.
Mobile fraud will increase faster than use of mobile devices
Christian Vezina, Chief Information Security Officer – VASCO Data Security – Oakbrook Terrace, Illinois, USA

With the percentage of transactions originating from mobile devices increasing, attention to mobile devices will grow at a faster rate, but not only from the good guys. Mobile will become even more the object of fraudsters’ seemingly endless creativity. As more and more malicious apps and mobile-specific exploits and vulnerabilities will surface, organizations will start feeling the increased risk from this trend. The number of frauds and breaches will keep growing until organizations properly manage the risk stemming from the use of, and establish trust in mobile devices and their users.

Brief Biography
As Chief Information Security Officer (CISO) for VASCO, Mr. Vezina’s role is to lead the overall VASCO corporate information security strategy. Cumulating 30 years of IT experience in government, financial, manufacturing, engineering and technology environments, Mr. Vezina has dedicated the last 15 years to information security and data privacy. Mr. Vezina holds a Bachelor’s degree in Information Systems Management, as well as multiple audit, information security and privacy related professional certifications, including CISSP, CISA, CISM, CIPP/US and CIPT. Most recently, he held positions as Director of Information Security at eSignLive, Dessau, and Bombardier Aerospace.
Important Issues:
  • Hacking of Things, mobile fraud and ransomware. 2016 was a great year for data breaches. Now watch 2017.
Direction for CSOs and Decision Makers:
  1. Assess your mobile device risk. Establish a strategy to limit your exposure by establishing and maintaining digital trust for your key applications.
Better and easier-to-use, industrial strength security will be an imperative
Bill Horne, Vice President and General Manager – Intertrust Secure Sysetms (whiteCryption) – Sunnyvale, California, USA

Last year, we saw connected car hacks, point-of-sale attacks, and ransomware and other threats to hospitals and medical devices that opened eyes to what might lead to an even scarier year ahead. We saw one of the most brutal DDoS attacks ever. Even home routers and consumer cameras made international news as they became vulnerable to hackers. And at least one security expert warned congress that IoT could kill people.

With an estimated 26 billion installed devices projected to be in service by 2020, the opportunities for creative hackers to cause problems, if not turmoil, will undoubtedly rise. And with this, the need for better and easier-to-use, industrial-strength security for IoT applications and systems will be an imperative, not an option.

Brief Biography
Bill Horne is the VP and GM of Intertrust’s Secure Systems division. Prior to joining Intertrust, he was the Director of Security Research at Hewlett Packard Enterprise, a researcher at Intertrust from 1997 to 2002 and at NEC Research Institute from 1993 to 1997. Horne is the author of over 50 peer-reviewed publications in the areas of security and machine learning, and holds 33 granted patents and 44 patents pending. Horne received a B.S. in Electrical Engineering from the University of Delaware, and an M.S. and PhD in Electrical Engineering from the University of New Mexico.
Important Issues:
  • Protecting non-secure apps with easy-to-deploy, inexpensive and flexible security solutions
  • App security for the Smart Home and Smart Cities
  • Embedded security for healthcare and medical – from mobile apps to smart wearables
Direction for CSOs and Decision Makers:
  1. Examine software security over hardware for less expensive, more agile solutions
  2. Understand the application touch points – inside and outside of the organization
  3. Make sure security meets government standards
Security industry must think about the present and future problems
Rohyt Belani, Co-Founder & CEO – PhishMe – New York, NY USA

Ransomware and business email compromise (BEC) exploded in 2016, and almost 100 percent of the instances were a result of successful phishing attacks. These will continue to be preferred attack methods for malicious actors because they work and can cause immediate and lasting damage to organizations. But, there’s something surprising happening in the security industry. With the rise of the Internet of Things (IoT) and the proliferation of internet-connected devices, many organizations and security experts have turned their head to the shiny new object that could have major implications for the industry in the future. While I don’t discount that we certainly need to be thinking about how the explosion of IoT within our society will affect security, there is a large problem that needs to be addressed now – phishing. As everything becomes more connected and hackers get smarter, the potential for tried and true methods like phishing to cause damage on a massive scale through those devices increases. The security industry will start to realize in 2017 that we need to think about the biggest problems we face now so that they don’t affect the future, especially as more industries like healthcare start to be targeted by ransomware and phishing attacks – and then it’s not a matter of getting data back, but of life or death.

Brief Biography
Rohyt Belani is an industry veteran with over 14 years of experience in technical and senior management roles at leading cyber security companies. At PhishMe, Rohyt has led the company’s growth from concept to a company with over 250 employees, serving almost half of the Fortune 100. During his tenure, PhishMe has established itself as a global leader in phishing defense and secured $60 million in equity capital from reputed investors like Paladin Capital Group, Bessemer Venture Partners, and Aldrich Capital Partners.
Important Issues:
  • Phishing and ransomware are not going away any time soon
  • Ransomware will continue to expand to vertical markets like healthcare and education
  • The security Industry will need to think about the biggest problems we face now so that they don’t affect the future
Direction for CSOs and Decision Makers:
  1. Educate your employees on the dangers of phishing
  2. Make sure employees are conditioned to identify and report phishing attempts
  3. Empower employees to be more resilient and vigilant against targeted cyberattacks
Enterprises move focus to data protection and real-time prescriptive responses
Steve Wilkes, Founder & CTO – Striim – Palo Alto, California, USA

As the impact of Phishing on the recent election has shown, your perimeter is only as safe as its weakest link – people. If it’s not a question of if, but when will your perimeter be breached, enterprises should consider all their data and systems at risk through stolen credentials. Any on-disk data should be encrypted or obfuscated, and care should be taken to also encrypt data on the wire – even within the enterprise. While data protection may mitigate data loss or theft, systems may still be vulnerable. It is essential to also spot and deal with intrusions more proactively. Traditional black box security products and after the fact forensic analysis will give way to the growing field of security analytics. Real-time security systems taking feeds from all devices and logs throughout the enterprise, coupled with pattern matching, machine learning and predictive analytics will be able to spot many different types of unusual behavior and deal with them instantly in a proactive fashion. What is true in the enterprise is also true in the home, and, once perfected, smart gateways will be able to similarly protect the growing number of domestic devices and spot when they are being taken over or held to ransom.

Brief Biography
Steve Wilkes is a life-long technologist, architect, and hands-on development executive. Prior to founding Striim, Steve was the senior director of the Advanced Technology Group at GoldenGate Software. Here he focused on data integration, and continued this role following the acquisition by Oracle, where he also took the lead for Oracle’s cloud data integration strategy. His earlier career included Senior Enterprise Architect at The Middleware Company, principal technologist at AltoWeb and a number of product development roles, including Cap Gemini’s Advanced Technology Group. Steve holds a Master of Engineering Degree in microelectronics and software engineering from the University of Newcastle-upon-Tyne.
Important Issues:
  • Perimeter security techniques will be augmented with technologies focused on data protection. Real-time monitoring and correlation across multiple security silos, coupled with analytics will lead to the successful prevention of breaches and fraud.
  • As Home and Enterprise IoT goes into overdrive, dumb routers will give way to smart gateways laden with analytics that can detect and prevent remote access, data theft, ransom-ware and other malicious attacks.
  • Current practices that dump raw log files with unknown and potentially sensitive information into Hadoop will be replaced by systematic data classification, encryption and obfuscation of all long-term data storage.
Balkanization of the internet, leading to a global collections threat
Aaron Shelmire, Principal Threat Researcher – Anomali – Pittsburgh, Pennsylvania, USA

Many countries are focusing inward rather than on open-border and free-trade strategies. This includes recent advances in tax-policy, where previous approaches to multi-national corporate governance are under the microscope. Further initiatives are expanding in internet realms, with new operating systems being pursued to remove dependency upon foreign software, and foreign hosted SaaS offerings being excluded from other countries, such as the Russian LinkedIn Ban. Additionally, governments are enhancing their surveillance initiatives, such as the Russian government’s requirement to hold all cryptography keys to decrypt Internet traffic. We believe this will continue resulting in an increasingly balkanized and separated internet. Therefore, governments are likely to require that their country’s data stays within their own law enforcement’s reach, rather than relying upon Mutual Legal Assistance Treaties for data access.

As the nation states balkanize the Internet, internet border collections systems will be enhanced. This will take forms similar to the Great Dam in China. Russia has publicly announced efforts that can only be realized through these types of systems. Corporations and activists will become even more sensitive to the implications of bulk traffic interception, decryption and collection. Confidentiality concerns will become a mainstay threat to both corporations and threat actors alike. Threat Actors will subsequently encrypt more C2 channels by default.

As nations draw inward and leave drawback free-trade, we expect that diplomatic solutions to prevent nation states from preying on corporate entities will falter. This will bring nation states back to the front and center of threats.

Brief Biography
Aaron Shelmire, Principal Threat Researcher at Anomali, has been in the security field for over ten years. Aaron began in the industry after machines he was responsible for were compromised in the 2004 Stakkato Intrusions. Following this incident, he decided to attend Carnegie Mellon Universities Heinz College for Information Assurance, where he currently holds an adjunct position teaching Network Security Analysis. He has been a security researcher at the Software Engineering Institute’s CERT/CC initiative and Dell SecureWorks, with a focus on responding to and analyzing threat intelligence.
Important Issues:
  • Balkanization of the Internet
  • Cloud Services and Cloud Vendor Compromise
  • Mobile or IoT Ransomware
Direction for CSOs and Decision Makers:
  1. Renew emphasis on protecting the confidentiality of your organization’s data.
  2. Be prepared with solutions in place to protect against new threats, such as the potential for nation states to prey on corporate entities.
  3. Establish an intelligence based cyber initiative for your organization.
User & Entity Behavior Analytics (UEBA) tipping point will occur
Adam Laub, SVP Product Marketing – STEALTHbits Technologies – Hawthorne, New Jersey, USA

Market consolidation will continue but won’t yield better results. UEBA platform vendors have not only taken a similar approach to Security Information & Event Management (SIEM) in trying to apply UEBA technology to a vast number of data sources simultaneously, but they actually rely on SIEM itself as the mechanism for getting the data. Given the reliance on SIEM for a large contingency of UEBA platform providers and the competitiveness of the SIEM space itself, it only makes sense that we’ll see more acquisitions of UEBA providers by the bigger (and maybe even smaller) SIEM players. But until SIEM solves its data-quality problem – which is largely outside any SIEM vendor’s control – the effectiveness of any UEBA technology on top of SIEM will be limited.

UEBA as a feature will prevail. The cybersecurity vendor landscape is incredibly rich with specialized solutions. Many of these specialized solutions have access to data and other environmental contexts that event logs don’t, making it impossible for SIEM and their UEBA plug-ins to see or take advantage of data that doesn’t exist in their world – data that’s critical to their ability to produce quality output. As the mindset among consumers has become more and more security focused, so have the product road maps of these specialized solutions. The result is a new breed of specialized solution providers leveraging the same UEBA technologies and techniques as the big UEBA players, but with higher quality data and deeper domain expertise.

Brief Biography:
Adam Laub is responsible for setting product strategy, defining the corporate roadmap, driving strategic sales engagements, supporting demand generation activities, enabling the sales organization and all aspects of product evangelism. Since joining STEALTHbits in 2005, Adam has held multiple positions within the organization, including Sales, Marketing, and Operational Management roles.
Important Issues:
  • Cyber Security skills shortage – the hiring gap. With approximately 1 million unfilled cybersecurity jobs, being able to train and retain top security talent within organizations is going to continue to be critical.
  • Sensitive Data – being able to discover, classify, and set the appropriate security levels for your sensitive data—and monitoring access and changes in real-time— so that adversaries (insider or external) can’t exploit or steal your data & credentials.
  • EU GDPR and other regulatory compliance standards – gearing up for the change in how we protect our data and the massive fines that could be assessed if we do not do so appropriately.
Direction for CSOs and Decision Makers:
  1. Go back to the basics – ensure your foundation is structurally sound by implementing basic security policies and protocols. Then, actually enforce them. Verify critical security configurations in Windows. Monitor the proper usage of privileged accounts.
  2. Focus on what matters most – every attacker is after the same two things; credentials and data. Securing credentials and data is the most logical and most pragmatic way to reduce an attacker’s opportunity to carry out a successful breach.
  3. Make Security Part of Doing Business – take the time to invest in your employees and get them to incorporate security into their everyday mindset. To educate employees, companies must create their own security awareness programs and start with basics.
Security will need to account for growing enterprise mobility movement.
Yuval Scarlat, CEO and Co-Founder – Capriza – Palo Alto, California, USA

Demand for enterprise mobile apps continues to surge and according to Gartner, enterprise mobile demand will outstrip IT’s capacity to deliver by a factor of 5 through 2018. Google just introduced App Maker to help non-technical professionals build mobile apps on top of Google G Suite applications. These factors are important for CSOs to consider, due to the expense and scarcity of mobile design and development talent. Next year, low-code and no-code technology will pave the way for non-technical professionals to create production-ready mobile apps. With the development paradigm shifting, the security protocols and solutions enacted by CSOs and CISOs will have to shift to mirror this change and account for the rise of mobile “citizen developers”.

Brief Biography
Yuval is a former executive and officer of Mercury Int. In his 15+ year tenure at Mercury, Yuval served as SVP Products, GM of Applications Delivery (the company’s largest business unit), President of Managed Services and other customer and product leadership roles. Yuval is on the board of Apptio (privately held), Nolio (recently acquired by CA) and advising with passion stem cell research companies (KadimaStem, KDST).
Important Issues:
  • Some workers will shift from mobile-first to mobile-only, presenting new security challenges.
  • Geosecurity will go mainstream.
  • Remote workers will impact organizations’ security strategies.
Direction for CSOs and Decision Makers:
  1. Make sure mobile security is top of mind when implementing security strategies.
  2. Mobility efforts that sacrifice user experience for security will fail.
  3. Ensure that employees in the field that need access to sensitive data have a safe and secure method to obtain it.
Cybercriminals will enhance socially engineered attacks using machine learning
Vincent Weafer, Vice President – Intel Security’s McAfee Labs – Santa Clara, California, USA

There will be an increase in the use of machine learning, data aggregation and data analytics on the attacker side to create broad based, but highly custom attacks. When expertly applied, machine learning has the potential to solve important, complex, tangible business problems. Regression algorithms can be used to predict values, clustering algorithms expose structure in datasets, and anomaly detection algorithms can be used to find abnormal data points. The mathematics behind these algorithms are advanced enough to be inaccessible to many.

We believe that cybercriminals are leveraging machine learning to target victims. Tools to perform the complex analysis behind target selection are readily available, and there are a plethora of public sources of data (including stolen data) to help build and train malicious machine learning algorithms. We expect that the accessibility of machine learning will accelerate and sharpen social engineering attacks in 2017.

Brief Biography
Vincent Weafer is vice president of Intel Security’s McAfee Labs where he manages more than 350 researchers across 30 countries. He’s also responsible for managing millions of sensors across the globe, all dedicated to protecting Intel Security customers from the latest cyber threats. Vincent’s team is dedicated to advancing the research and intelligence gathering capabilities required to provide the latest protection solutions in malware, host and network intrusion, email, vulnerability, regulatory compliance and web security.
Important Issues:
  • All organizations must address the full threat defense lifecycle with their security infrastructure.
  • Reduce asymmetry of information between defenders and attackers, what we know about them versus their knowledge of us.
  • We will see a lot more of attacks exploiting the weaker security of IoT devices, and given their sheer number, their influence on shaping the overall threat landscape will grow significantly in parallel to the growth of devices.
Direction for CSOs and Decision Makers:
  1. Increase implementation of predictive analytics
  2. Improve security visibility with both organizational assets and decentralized data
  3. Detect and protect without dedicated agents
In 2017 we will see the rise of Security Analytics
Nitin Agale, Senior VP of Product – Securonix – Addison, Texas, USA

Organizations will look for security solutions that use techniques such as machine learning, statistical analysis, and artificial intelligence to counter advanced threats. Traditional solutions will look to incorporate an analytics approach into their products, while new age security analytic companies will continue to grow in prominence and lead the innovation in this space.

Brief Biography
Nitin has over 12 years’ experience serving organizations in information security, risk management, and compliance. He specializes in the domains of Data Protection, Insider Threat, Identity Management, Cyber Threat Management, PCI DSS Compliance and Third Party Risk Management and frequently speaks on these topics. As an information security professional, Nitin has served several global clients across industry verticals on engagements ranging from information security strategy development, risk assessments, to detailed design & deployment of enterprise security solutions. Prior to Securonix, Nitin has worked for Deloitte & Touche, Washington Mutual, Vaau, and Global Tele-Systems.
Important Issues:
  • Security analytics
  • Focus on cloud security
  • Growth of big data security
Direction for CSOs and Decision Makers:
  1. Look for security products that utilize the open model enable sharing of security data and use cases across various stakeholders in the organization (e.g., security, fraud, and legal, among others).
  2. As the gap in availability of security skills grows, organizations must deploy security tools that can automate deployment and configuration of the tool, so that the security professionals can focus on investigating and responding to real threats.
  3. False positive fatigue will continue to grow as attacks become more complex and the number of security tools deployed grows, you will need security tools that are self-learning and can adapt their risk scoring and detection logic based on previous input.
ICS will be the new buzzword for traditional security vendors
Galina Antova, Co-founder, Chief Business Development Officer – Claroty – New York, NY USA

Remember when 2014 became the year of Threat Intelligence? At the RSA Conference, every security vendor, regardless of whether they did anything useful with Threat Intel, included it as a new marketing bullet on their booths. That’s exactly what is about to happen between 2017/18 with industrial control systems (ICS) cybersecurity. You’re going to see the industry move hard in this direction. Traditional vendors will repackage solutions with an ICS label – we have already seen a number of vendors move in that direction. But the ICS/operational technology (OT) domain requires solutions designed for these unique network environments. These networks include a long list of unique and proprietary network protocols, legacy devices that are easily disturbed when actively queried and different uptime/availability requirements that will require purpose-built solutions. For example, implementing a traditional IDS system in an OT network is like showing up to a United Nations meeting and not using the translation headphones. You can hear a lot of noise, but will not understand the conversation or its meaning. Organizations will require tools that fully understand the unique language of OT networks.

Despite the marketing push that you’ll see from the industry writ large, companies with solutions specifically architected for these unique environments, like Claroty, will break out. We will likely see one of the main line security vendors take a more aggressive stance on industrial security through an acquisition of one of the pioneers in the space.

Brief Biography
Galina Antova is the Co-founder and Chief Business Development Officer at Claroty. Prior to co-founding the company, she was the Global Head of Industrial Security Services at Siemens providing comprehensive services for the protection of industrial customers against cyber attacks. Previously, Galina was with IBM Canada in various roles in the Provisioning and Cloud Solutions business. She holds a BS in Computer Science from York University in Toronto, and an MBA from the International Institute of Management and Development (IMD) in Lausanne, Switzerland.
The increasing use of voice biometrics to secure call centers
Steve Williams, Vice President, Business Strategy – Verint Systems, Inc. – Austin, Texas, USA

Voice biometrics have improved to protect both consumers and companies that operate call centers, creating a positive impact for both groups. Passive voice biometrics operate in the background and validate a caller’s identity during the course of normal call, eliminating the need for tedious security questions that can annoy callers. Callers are identified by their unique “voiceprint,” and fraudsters can be identified in the background during a call so that appropriate action can be taken. Companies can also collect voiceprints of known fraudsters and use them in the future to protect their customers. Voice biometrics technology reduces frustration and saves time and costs, making a positive impact on security, efficiency and a company’s bottom line. Voice biometrics can be used by call centers in a variety of industries and by companies of different sizes, and it will be deployed in more and more call centers as the year progresses.

Brief Biography
Steve Williams is the Vice President of Business Strategy at Verint Systems. He is a 20-year technology veteran, creating solutions for fraud, identity and business process improvement. Steve has held senior management positions in startup and emerging technology companies, and has practical experience in process analysis and design. Steve’s industry experience includes government agencies and Fortune 500 companies. He is an honors graduate of Hardin Simmons University and holds an MBA from the University of Texas at Austin.
Important Issues:
  • Identity authentication
  • Fraud prevention
  • Voice biometrics
Direction for CSOs and Decision Makers:
  1. Deploy solutions that go beyond traditional defenses of siloed products, such as firewalls and antivirus software, and select technology that works to disrupt assaults across the entire attack chain.
  2. In addition to cyberattacks, pay attention to more low-tech channels that fraudsters may use, such as calling into a call center and trying to access or use someone else’s account or credit card.
  3. Make sure that the security solution that you deploy includes command and control and lateral movement, as they are essential for a thorough understanding of complex threats.
State-sponsored cyberattacks will dramatically increase in 2017
Tim Erlin, Director, Security and IT Risk Strategist – Tripwire – Portland, Oregon, USA

With the changing political climate in both the United States and Europe, a further polarized world will resort to increased cyber attacks. We will see more press and coverage of state sponsored activities, as well as increasing confusion around attack attribution and response.

Brief Biography
Tim Erlin is a Director, Security and IT Risk Strategist at Tripwire, responsible for the Solutions and Strategy. He previously managed Tripwire’s Vulnerability Management product line, including IP360 and PureCloud. Erlin’s background as a Sales Engineer has provided a solid grounding in the realities of the market, allowing him to be an effective leader and product manager across a variety of products. His career in information technology began with project management, customer service, as well as systems and network administration. Erlin is actively involved in the information security community. His contributions include blogging, podcasts, press, speaking and television.
Important Issues:
  • Dealing with the shortage of cyber security talent
  • Emphasis on simple and scalable tools and processes
  • Protecting enterprises against cyberattacks along with continuous compliance and operational efficiency
Direction for CSOs and Decision Makers:
  1. Deploy strong foundational controls and comprehensive strategy around people, processes and technology.
Cybersecurity products will require minimal on-going human resources to operate
Nicole Eagan, Chief Executive Officer – Darktrace – San Francisco, California, USA

After decades of AI winters and short bursts of innovation, AI has finally advanced to the point where it’s consistently generating concrete benefits for businesses and consumers alike. From self-driving cars to virtual assistants to better weather forecasting, AI has become a part of our daily lives.

But AI won’t just be used for good. As with every other technological achievement, the bad guys will find a way to use it for harm. In the coming year, cyber-criminals will arm themselves with sophisticated, AI-powered cyber-attacks.

At Darktrace, we’ve already seen the first glimpses of this new attack type. Modern cyber-attacks now move at machine-speed and without human oversight. Increasingly, they’re polymorphic too. That is, they can change their signature mid-attack to evade internal security. And the most advanced attacks can hide amid the noise of the network by learning typical user and network behavior. Then, from the shadows, they can manipulate data, steal sensitive files, or activate a kill-switch.

Intelligent attacks like these represent a new kind of challenge for the cyber security world. But advances in AI and machine learning have also led to a series of breakthroughs in cyber defense. By leveraging machine learning security, organizations can get ahead of the threat and bolster their defenses before AI attacks arrive in full force.

Brief Biography
Nicole Eagan is Chief Executive Officer at Darktrace, where she has led the company since 2014, and rapidly grown it into a global leader in cyber defense. Winner of ‘Woman of the Year’ award at The Cyber Security Awards 2016, Ms. Eagan has an extensive career in technology leadership with over 25 years of commercial and marketing expertise, turning fundamental ideas into real world products and helping companies scale. Under Nicole’s leadership, Darktrace’s machine learning and mathematical approach to cyber defense has won over 50 awards including World Economic Forum Technology Pioneer.
Important Issues:
  • The rapidly evolving threat landscape has outpaced traditional security tools
  • Automated, machine-based attacks have already begun to exhibit signs of intelligence
  • It’s no longer a question of if AI attacks will go mainstream, but when
Direction for CSOs and Decision Makers:
  1. Prepare your organization for AI attacks before they arrive.
  2. Keep a finger on the pulse of the threat landscape.
  3. Automated security is the only way to fight back against automated attacks.
Microlearning will make its mark on the employee awareness industry
Steve Conrad, Managing Director – MediaPro Holdings LLC – Bothell, Washington, USA

The popularity of microlearning will continue to grow in the security awareness space as one of the most viable approaches to combatting the forgetting curve, or the tendency of learned material to be forgotten over time.
Put simply, microlearning is the practice of delivering small bits of learning content over short periods of time. The theory behind microlearning presumes that learners have relatively short attention spans and will not learn anything sitting through hours of training at a time.

In practice, microlearning can be built into an organization’s employee training deployment strategy to deliver training when it is most needed. Say, in the security awareness space, an employee saves a sensitive document to an unsecured location, you could deploy a unit of microlearning (like a short video) to get them back on track. In this way, microlearning can bring a great amount of flexibility to an overall learning structure, in terms of both training content length and delivery.

In response to this trend, awareness vendors will be expected to be able to deliver learning content of varying lengths to fit the varied learning styles of users.

Brief Biography
Steve Conrad is the founder and CEO of MediaPro. He works with companies at the strategic level to determine how organizations can effectively leverage learning programs to improve performance and lower costs. He has worked with MediaPro to produce hundreds of innovative and high-quality information security, privacy, and corporate compliance initiatives for a variety of industries. Steve has a BA in Finance from Central Washington University, and his past experience includes various management and leadership roles at Oracle, Comshare, and Electronic Data Systems (EDS).
Important Issues:
  • Complex social engineering schemes will snag more vendors
  • Security awareness efforts will need the ability to shift to address emerging threats
  • Internet-of-Things attacks will increase, but will bring about higher awareness of risks
Direction for CSOs and Decision Makers:
  1. Arm your people with the cybersecurity knowledge they need to keep your organization secure.
  2. Embrace an awareness training approach with the ability to address emerging risks.
  3. Ensure all your people take cybersecurity awareness seriously.
AI will conquer dynamic analysis, adding the detection of running
Paul Shomo, Sr. Technical Manager, Strategic Partnerships – Guidance Software – Pasadena, California, USA

In 2016 Artificial Intelligence (AI) went mainstream with its ability to detect malware binaries on the disk, including the polymorphic variants missed by signatures. In 2017 AI will conquer dynamic analysis, adding the detection of running and injected processes to its accomplishments.

Brief Biography
Paul is a cybersecurity and forensics subject matter expert. He currently develop strategic partner opportunities, manage technology integrations, and write for Dark Reading. A veteran of R&D, he was recruited into Guidance Software’s new product research team in 2006, which launched the industry’s first incident response solution. He spent the past 8 yrs managing EnCase R&D teams.
Important Issues:
  • Using file hashes to correlate malware samples into known families and for attribution, will become old fashion.
  • In 2017 we’ll see the rise of Security Orchestration products, allowing InfoSec to coordinate, automate and make sense of their many tools.
  • Detecting today’s malware requires a grab bag of tools leveraging threat intelligence, sandboxing, analytics and artificial intelligence. After detection, additional forensic tools must determine how far an adversary progressed.
Direction for CSOs and Decision Makers:
  1. InfoSec requires a shotgun approach: threat intel is used for known bad, sandboxing, analytics and artificial intelligence are used for advanced malware. Then forensic tools determine how far an adversary progressed.
  2. In 2017 InfoSec will finally demand an answer to the question, “Where does our sensitive data actually reside?” For too many years the industry has employed security professionals to cutoff breaches before adversaries reach privileged data.
InfoSec will give up on perimeter security, adopting data-centric security
Vishal Gupta, Chief Executive Officer – Seclore – Mountain View, California, USA

Data is flowing through and outside of organization at an unprecedented speed, and it will only continue to accelerate in 2017, especially with the growing adoption of outsourcing, a global/mobile workforce, and the use of innovative (but perhaps non-IT sanctioned) technologies such as Enterprise File Synch and Share. These trends means that the security of infrastructure and the devices that are storing sensitive data became far less important, as information is likely present on multiple systems/devices and shared via numerous routes, many of which lead outside traditional corporate perimeter.

The free flow of information will warrant a paradigm shift in the InfoSecurity Community, who will be unable to assure the security of data as it moves across and outside of corporate boundaries. Instead, the InfoSecurity teams will shift their focus to securing the data itself, striving to achieve persistent security throughout solutions that control granular usage policies regardless of where the information resides.

Brief Biography
As the CEO and founder of Seclore, Vishal has lead Seclore from a niche Indian start-up to a global player in the Enterprise Digital Rights Management (EDRM) space, with over eight thousand companies in 29 countries using the solutions every day. Seclore partners with leading Silicon Valley tech giants, including an OEM agreement for Citrix’s ShareFile.

Vishal is an IIT Bombay graduate and a specialist in biometric security systems. His ideation in fingerprint imaging led to the development of core technology behind Hearld Logic 2000. The company enjoyed a 220 percent compound annual growth rate, spreading to Singapore, Australia, UK.

Important Issues:
  • 2017 will be a historic year for US Cybersecurity Legislation
  • Organizations will be more stringent on the security of their third-party vendors and collaboration partners
  • InfoSec teams will give up on perimeter security, and instead adopt a data-centric approac
IoT will be the next Trojan Horse
Ofer Amitai, Chief Executive Officer – Portnox – New York, NY, USA

IoT devices bring vulnerability to the network, and hackers will continue to take advantage of this. IoT-driven attacks have been common in cars and homes, but as we have recently seen, enterprises will have an increasing problem with IoT security too, as all devices including everything from thermostats and security cameras to laptops and more are integrated on to the enterprise internal network. One of the challenges with IoT devices is that by default they are open and available to the Internet and come protected with default passwords.

While convenient for users, it’s a nightmare to corporate security. Every advanced persistent attack (APT) includes a “command & control” center, IoT devices begin so vulnerable, unmanaged in the network and usually unmonitored are the perfect candidate for such. Hacker will gather from them information about the network, find weaknesses, exploit those, and steal valuable information. Because most users don’t know how or that they even need to change the security controls on their devices, these standard regulations devices come with make it an easy portal to the network for hackers. In fact, hackers can integrate malware into networks through IoT devices as easily as they could through Windows.

Brief Biography
Ofer Amitai is the CEO & Co-Founder of Portnox. Previously, he served as Microsoft Regional Director of Security and has founded several cyber security companies over the past decade. Ofer was also formerly Commander of the Israeli Air Force’s first information security team.

Ofer established Portnox in 2007; the company is market leader for network access control and management solutions that scale from small to medium businesses through to large-scale government and enterprise organizations. By spanning the diversity of network technologies and devices in-use, Portnox platforms allow companies to grow, optimize and evolve their infrastructure while ensuring security and compliance.

Important Issues:
  • IoT Security
  • Increased regulations
  • More automation
Direction for CSOs and Decision Makers:
  1. Take a layered approach to protecting your network.
  2. Use VLAN assignment based on device type to create micro segmentation.
  3. Deploy automatic and manual on boarding processes for new devices.
IoT standards will diverge into silos before they converge
Lancen LaChance, Vice President, IoT Solutions – GlobalSign – Portsmouth, New Hampshire, USA

As IoT takes off, many solutions will follow the path of proprietary or closed system approaches for security implementations in attempts, either to capture value by locking in solutions or for path of least resistance.

However, as adoption accelerates and ecosystems grow, customers will show greater interest in standards based solution as interoperability and compatibility with a broader ecosystem becomes an important driver. There will be a similar trend in trust models for IoT ecosystems where first generation solutions revolve around a closed trust model, but as partners and connected devices diversify, practitioners will move towards broader trust models around identity provisioning and issuance relying on trusted third-parties and systems to maintain strong trust relationships.

Brief Biography
Lancen LaChance is vice president of product management, IoT Solutions and is responsible for driving overall IoT product strategy, partnerships and roadmap.
Banks Will Suffer Largest Economic Losses of Any Industry
Moshe Ben Simon, Co-Founder & VP Services and Trapx Labs – TrapX Security – San Mateo, California, USA

Many statistics focus on the number of records stolen – not the direct theft of cash or cash equivalents through fraud. Using this metric, healthcare has moved to the forefront based upon the value per patient record. However, attackers directly target banks in order to siphon off cash. Attackers have pilfered hundreds of millions of dollars in attacks targeting the SWIFT financial network, ATM networks and online banking. For financial services and the banking industry, 2017 will be the year that they see the biggest economic losses – mitigated only by the large number of banks globally that do not share data on internal attacks.

Brief Biography
An expert in cybersecurity, malware, and other security topics, Ben-Simon was formerly CEO at Injection Security, head of the security consultant department at Ness Technologies, and information security senior consultant at Comsec. While he served in the Israeli Air Force, Ben-Simon worked in the Network and Security Department. Ben-Simon is a graduate of Ort Braude College, where he studied electronic engineering and networking.
Important Issues:
  • Securing internal networks.
  • Securing internet of things devices.
  • Securing mobile devices.
Direction for CSOs and Decision Makers:
  1. Ransomware attacks will continue and grow to unprecedented levels in 2017 – find a solution to detect and remediate these attacks Before they lock up your data.
  2. If your network is compromised, and an external attacker penetrates your internal networks, have technologies and a plan to find them.
  3. Attacks will Surge on Internet of Things (IoT) Devices – have technologies and a plan to detect attackers moving laterally from within these devices.
Cybersecurity will increasingly pervade into all that we do
Simon Wood, Chief Technology Officer – GlobalSign – United Kindom

Today we face an unprecedented rate of change, the rise of open access, interoperability, phenomenal increases in compute power, decreases in response time and unheard of transaction rates. We have engineered the perfect storm.

In as much as these advances can be directed and targeted to systems of our choosing, when it comes to security, it will always be ourselves who are the weak link in the chain.

Cybersecurity itself has been and will always be, quite literally, an arms race; nation states, organized crime syndicates, disgruntled individuals attacking nation states, enterprises, high profile organizations with the mass populous, both human and device, ready for weaponization at any time.

Ahead of us, it’s a Pandora’s Box of superlatives! From the board rooms to the shop floor, the impact of the unfolding landscape will both drive and be driven by continually evolving threats of growing sophistication.

No one technology, system or solution will be king. Cybersecurity must be both a ‘first class citizen’ and ‘by design’ and considered and applied holistically to people, processes, systems, devices and environments.

The tangible future of cybersecurity? Beyond certainty it will see an increase in mindshare and budget and increasingly pervade into all that we do.

Brief Biography
Simon Wood is Chief Technology Officer of GlobalSign. In his role, Simon is responsible for developing the overall technology vision for the company, product architecture, standards development, compliance and overseeing the engineering and operations organization.
Important Issues:
  • Encryption and mutual authentication will be more prevalent inside the protected perimeter in defending against threats from within organizations
  • Identities for things will outpace identities for users
  • More national ID programs and banks will become trusted identity providers (IDPs) with high assurance levels
Direction for CSOs and Decision Makers:
  1. Look at security vendors that can offer flexible and scalable solutions that meet your needs
  2. Follow industry standards development, especially around IoT security standards and frameworks. These will provide you with the blueprints to properly implement security
  3. Remember recent high profile attacks and where the originated from. Understand your weaknesses both internally and externally and execute the measures to ensure security
Cyber Moves to the Top of the Agenda Within Boardrooms
Brian Stafford, Chief Executive Officer – Diligent – New York, NY USA

In 2017, boards will need to strongly consider adding individuals with CIO/CISO experience. In addition, boards will need to make it a priority to enhance public-private partnerships and utilize third party providers to leverage the cumulative cyber-knowledge of its whole network.

Brief Biography:
Brian Stafford is Chief Executive Officer of Diligent Corporation. Brian assumed the role of CEO in March 2015 and is responsible for all day to day operations with a focus on accelerating global growth and incorporating scale into the business in order to seamlessly manage the growth. Brian previously served as a Partner at McKinsey & Company, where he founded and led their Growth Stage Tech Practice. While there he concentrated on helping Growth Stage Technology companies scale faster and did extensive work with SaaS companies, focusing on growth strategy, sales operations and strategy, pricing, international growth strategy
Continued major breaches and an increase in compromised credentials
Byron Rashed, Vice President of Global Marketing, Advanced Threat Intelligence – InfoArmor, Inc. – Scottsdale, Arizona, USA

Breaches will become more complex and frequent resulting in exfiltrated personal, IP and other data from almost every industry. Many organizations will face the daunting task to preserve their reputation and be judged in the court of public opinion. Investment in security operations, policies and employee training will be of the utmost importance for organizations to mitigate risk and improve their security posture. Many organizations are not prepared technically and do not have the expertise to prevent network infiltration and data exfiltration.

Brief Biography:
Byron Rashed has over 20 years of industry experience spearheading global marketing and public relations programs in various B2B organizations that target IT security solutions to enterprise and OEM markets.

As Vice President of Global Marketing, Advanced Threat Intelligence for InfoArmor, he is directly responsible for all global marketing and public relations strategies and tactics to develop brand awareness, product positioning and communications for the ATI unit.

Mr. Rashed holds a Bachelor of Science degree in industrial engineering from New York University – Polytechnic, and is pursuing a graduate certification in marketing and communications from the University of California, Irvine.

Important Issues:
  • Vendors must deliver comprehensive solutions and be able to position their solutions in a layered security environment. Scalability and ease of use/integration will be a challenge as these threats become more complex.
Direction for CSOs and Decision Makers:
  1. Be prepared, it’s not if you get breached, it’s when! Ensure your risk is reduced by performing comprehensive penetration testing and add layered security to your IT infrastructure.
The Growth of Crowdsourced, Actionable Threat Intelligence
Stephen Gates, Chief Research Intelligence Analyst – NSFOCUS -Santa Clara, California, USA

Although threat intelligence is still in its infancy, it won’t be for long. Soon, the industry, governments and influential institutions will heavily encourage crowdsourced TI data. All cyber defenses will be fully capable of consuming TI in real-time, acting upon the intelligence gained, and also delivering upstream crowdsource capabilities. All organizations, devices, applications, operating systems, and embedded systems will soon be fed TI and in turn, feed it to other organizations.

Brief Biography:
Stephen Gates is the Chief Research Intelligence Analyst at NSFOCUS. Stephen has 25+ years of computer engineering, networking, and IT security experience with an extensive background in the deployment and implementation of next-generation security technologies.

With a Masters of Science in Information Management, Security, and Assurance, Stephen is a leading industry recognized expert on DDoS attack tools and methodologies including latest attack motivations and industry accepted DDoS defense approaches.