Adrian Taylor, Regional VP of Sales for A10 Networks, discusses how to approach the latest rise in ransomware
Last year ransomware made a comeback, as worldwide mobile operators made aggressive strides in the transformation to 5G, and GDPR achieved its first full year of implementation. The industry saw some of the largest fines ever given for massive data breaches experienced by enterprises. As the spike in demand for ransomware-as-a-service tools in underground forums, coupled with the anonymity offered by the dark web, the surge in these types of cyberthreats should not be a surprise.
This year ransomware will continue to garner more international attention as a host of the not new, like the continued rash of DDoS attacks on government entities and cloud and gaming services, to the new and emerging.
Slow Adoption of new Encryption Standards
Although TLS 1.3 was ratified by the Internet Engineering Taskforce in August of 2018, we won’t see widespread or mainstream adoption: less than 10 percent of websites worldwide will start using TLS 1.3. TLS 1.2 will remain relevant, and therefore will remain the leading TLS version in use globally since it has not been compromised yet, it supports PFS, and the industry is generally slow when it comes to adopting new standards. Conversely, Elliptical-curve cryptology (ECC) ciphers will see more than 80 percent adoption as older ciphers, such as RSA ciphers, are disappearing.
Decryption: It’s not a Choice Any Longer
TLS decryption will become mainstream as more attacks leverage encryption for infection and data breaches. Since decryption remains a compute-intensive process, firewall performance degradation will remain higher than 50 percent and most enterprises will continue to overpay for SSL decryption due to lack of skills within the security teams. To mitigate firewall performance challenges and lack of skilled staff, enterprises will have to adopt dedicated decryption solutions as a more efficient option as next-generation firewalls (NGFWs) continue to polish their on-board decryption capabilities.
Cyber-attacks are now the new norm. Each year brings new threats, data breaches and operational challenges, ensuing that businesses, governments and consumers must always be on its toes. With the transformation to 5G mobile networks and the dramatic rise in IoT, by both consumers and businesses. The potential for massive and widespread cyber threats expands exponentially. Let’s hope that organizations, as well as security vendors, focus on better understanding the security needs of the industry, and invest in solutions and policies that would give them a better chance at defending against the ever-evolving cyber threat landscape.