Based on its work this year in cyber security and financial crime, BAE Systems Applied Intelligence experts have made their top five predictions for the digital criminality landscape in 2015.
First, fragmentation of cyber criminal activities will pose new challenges to detection and investigation, BAE systems cyber experts say.
The past five years have seen an increasing industrialization of the cyber criminal marketplace, company officials say. Specialized cyber crime activities such as malware authoring, counter-AV testing, exploit kits, spamming, hosting, money-muling, and card cloning are becoming miniature markets of their own.
Cyber crime as a service is a reality, BAE Systems experts warn. This will lower the barrier to entry for budding criminals and fuel the growing threat, year after year.
Law enforcement is doing well by focusing on big problems and disrupting these activities. In 2015 these efforts will fragment the market as criminal actors split into smaller units using newly developed and more resilient capabilities, BAE Systems experts say.
Fragmentation will complicate the security community, and law enforcement must find ways to drive efficiency and automation into intelligence collection and analysis work streams, officials say. This should enable them to increase the number of simultaneous investigations and disrupt ore cyber attacks.
Second, the cyber security market will enter a period of hyper regulation. In the context of millions of dollars in fines, financial institutions must search out cyber criminals like money launderers, rather than simply complying with regulations.
Organizations will hire more big hitters from the law enforcement and national security world to show they are serious about stopping cyber attacks and cyber crime, BAE Systems experts predict.
Organizations will continue trying to remove silos between risk, compliance, and information security departments and combine detection capabilities. Blending investigative capabilities to develop one intelligence platform across the enterprise will be key, BAE Systems experts say.
Related: DARPA picks six companies to define enabling technologies for U.S. cyber warfare strategy
Third, the arrival of the next industrial revolution will be accelerated by building in security from the start, BAE Systems cyber experts say.
One of the most disruptive upcoming forces will be the growth in interconnectivity of machines, data, and people -- or the Internet of Things. This will bring us the next industrial revolution, marked by automation and orchestration of many tasks in manufacturing, retail, transportation, and the home.
Security professionals already are concerned about the systematic risks of greater connectivity, as well as the risks to life posed by interconnected machines such as cars and medical equipment.
This year will see increased focus on building in security-from-the-start; security professionals will find ways to protect critical systems and national infrastructure, and look to segmenting high value systems away from high risk activity while retaining connectivity and trusted data flows.
Cyber criminals, activists, and spies, meanwhile, will continue to penetrate networks. Limiting potential damage while enabling connectivity will be a challenge to cyber security.
Fourth, deception efforts will complicate determining who the cyber criminals are. The small details in the code and attack behavior which give away clues about the perpetrators of cyber attacks. Still, what should be a scientific process is still more of an art. Attackers read public reports and learn from the mistakes of others.
In 2015 attackers will go to greater lengths to improve their own operational security and increase their use of deception, BAE Systems experts say. They will place false flags to throw off researchers, which could undermine efforts to pinpoint the cyber criminals.
Researchers must adopt practices from the professional intelligence community and tread more carefully when drawing conclusions about who ultimately is behind cyber attacks.
Lastly, big data systems in telecommunications, banking, and technology will make increasing use of network monitoring, fraud-detection, and security analytics.
For more information contact BAE Systems Applied Intelligence online at www.baesystems.com/ai.
