Red Sky Alliance has roughly 200 accounts issued. Approximately 10% are issued to Wapack Labs analysts, leaving ~190 accounts. Out of those, an average of 73 people (38%) participate weekly and about half of those participate daily. Those are staggering numbers in any information sharing environment. Add to that the idea that in nearly four years, only three Red Sky Alliance members have left, and those left because of one member was divested and then dissolved. Another transferred and rejoined after the move. The third, an intelligence manager, took another job in the company and the intelligence team went with another service. Our customer satisfaction remains high. The intent of the Alliance was never to serve the needs of all, rather allow companies who really want it an opportunity to crowdsource questions, and share intelligence and analysis. The price has remained stable for the last two years –significantly lower than others, with the intent of users being ecstatic at the amount of value that they receive as members. We’re not into politics. We don’t drive national policy. We want standards but participate in those national level discussions only tangentially. We author intelligence and provide it to the members. We stick to our core competency and charge a fair price; and our members seem to love that.
- Key loggers aren’t anything new but they’re taking hold in a largely automated way. I’d mentioned in presentations (twice this year), when I followed a consultant who talked about cracking passwords that passwords don’t mean a thing when there’s a keylogger involved. And it seems the number of pieces of malware with key loggers built in are increasing dramatically. Not a rocket science prediction. Common sense.
- We witnessed what we believe are the early indications of a movement from confidentiality motivated attacks (meaning, espionage) to integrity motivated attacks. This year will be the year of data manipulation. This is a high probability, high damage risk prediction. Companies everywhere will lose the ability to depend on their computing systems to deliver trusted results. This has already proven true in engineering focused industries, but now, enterprise resource management systems, are becoming targets of opportunity, allowing access into any of the multitude of services they connect to.
- Customs offices in several countries were witnessed by Wapack Labs as compromised. One European country’s Visa office was included in that last. This is a major risk to governments everywhere. My prediction? We’ll see key government organizations in the US and elsewhere get compromised in places that vet foreign visitors. Documentation will be generated and delivered. The overarching theme? Fraud is intersecting with information security. Cyber is simply another tool and the Visa offices are not exempt.
- Resilience has become the name of the game. Leading edge companies are learning to live with untrusted networks, and as 2016 unfolds, we’ll see several key companies focusing on their efforts on resilient networks. We don’t believe that Chief Information Security Officers will be replaced with Resilience officers, but taking the role to the next step means ensuring organizations can survive, operate successfully while under massive attack.
- Service accounts aren't getting enough love... but they will. A service account connects two systems not normally accessed by a human. I.e.: One database connecting and querying another requires credentials, but because the process is automated, it will not require human interaction... so credentials are written into the code or query so human interaction is not required. If one database queries another, and the credentials required either do not change, or may not be changed (because they're built into the code), they become highly coveted targets. Many of the larger companies have already addressed this problem. Many of the smaller companies don't have the ability to act on this enormous risk... and the bad guys know it. In industry, think supply chain. In personal accounts, think interconnections between various social and cloud based tools. If you can log into a system, and query using a social media login, or have your home thermostat connected to your iCloud account, you've created a service connection --and it can be exploited.
- Systemic risk is the phrase of the year. Systemic risk means that attackers will find singular points to attack, (probably as a result of staticly credentialed service accounts systems). Need an example? OPM was a wonderful target from systemic perspective. Compromised in such a way that new tech with new thinking was required to identify the breach (math based behavioral anomaly detection), in a target that held such immense importance that nobody would be spared the possibility of targeting. Brilliant! I wish I'd have thought of that when I was in that business.
2016 is going to bring some big things for Red Sky and the Lab. We're hosting our first Threat Day of the year in January in DC, and we expect to debutCyberwatch® with our membership. Beyond that, if this works, it's going to transform the way executives look at information security and cyber. So standby. 2016 is going to be transformative... and I can't wait!