Based on its work this year in the fields of cyber security and financial crime, BAE Systems Applied Intelligence believes the following will be the top five predictions for the digital criminality landscape in 2015.

Challenges in Detection as Cyber Crime Gets Fragmented

The past five years have seen an increasing industrialisation of the cyber criminal marketplace. Specialisms such as malware authoring, counter-AV testing, exploit kits, spamming, hosting, moneymuling, and card cloning are becoming miniature markets of their own. Crime as a service is a reality, lowering the barrier to entry for budding criminals and fuelling the growing threat, year after year.

“Law enforcement action has done well to date by focusing on the big problem sets and causing significant disruption to these activities. In 2015, BAE Systems Applied Intelligence anticipates these efforts will cause a fragmentation in the market as criminal actors split into smaller units using newly developed and more resilient capabilities. We believe this will present a greater challenge for the security community. We also see the need for law enforcement to find ways to drive efficiency and automation into their intelligence collection and analysis work streams. This should enable them to ramp up the number of simultaneous investigations and make disruption a ‘business as usual’ activity,” said Scott McVicar, Managing Director, Cyber Security, BAE Systems Applied Intelligence.

Period of ‘Hyper Regulation’

In the context of millions of dollars in fines, financial institutions now have an imperative to actively search out criminals such as money launderers, rather than simply being compliant with regulatory guidance. We believe more organisations will hire big hitters from the law enforcement and national security world to show they are serious about stopping the criminals. Organisationally, we will see continued efforts to remove silos between Risk, Compliance and Information Security departments, a continuing move towards these departments to work more closely together, and requirements for combined detection capabilities. From an operational perspective, joining-up investigative capabilities to develop a single intelligence platform across the enterprise will be increasingly key. This will be combined with the deployment of integrated case management for all forms of financial crime across all financial institutions.

Next Industrial Revolution

One of the most disruptive forces in the coming generation will be the growth in interconnectivity of machines, data and people. Known as the ‘Internet of Things’ (IoT) or the ‘Internet of Everything’ (IoE), this disruption is expected to bring us the next industrial revolution whereby automation and orchestration of many tasks in manufacturing, retail, transport and the home lead to greater efficiency and massive productivity gains. Little stands in the way of this advance in technology; however security professionals are already voicing concern about both the systematic risks of greater connectivity, as well as the risks to life with machines such as cars and medical equipment becoming part of the connected world.

“We anticipate that 2015 will see increased focus on building in security from the start for the next industrial revolution; security professionals will be tasked with finding solutions for protecting critical systems and national scale infrastructure. They will look at techniques such as segmenting high value systems away from high risk activity whilst retaining connectivity and trusted data flows. With a broader attack surface we expect that criminals, activists and spies will continue to penetrate networks. Limiting potential impact whilst enabling the myriad of advantages connectivity brings will be key to realising the benefits. Rather than being an impediment, we expect that good security can actually speed up the realisation of this next industrial revolution,” said McVicar.

The Art of Attribution to be Impacted

Cyber threat reporting and public whitepapers have grown in regularity and prominence during 2014. One of the key parts to a contemporary threat report is attribution – the small details in the code and attack behaviour which give away clues as to the perpetrators of attack campaigns. What should be a scientific process is still more of an art, with technical indicators mixed in with contextual information and cultural references providing hints which are picked up by researchers. Attackers read the resulting public reports as well, we can see evidence of this from the shifts in behaviour which occur immediately afterwards.

In 2015, we anticipate that attackers will go to greater lengths to improve their own operational security and increase their use of deception – that is, the placing of false flags to throw off researchers and hamper attribution. This runs the risk of undermining the art of attribution and casting a shadow over the field of threat intelligence. Researchers will need to adopt practices from the professional intelligence community and tread carefully when drawing conclusions about who is ultimately behind cyber attacks.

2015 Crunch Time for Big Data

We’ve seen the rise of ‘Big Data’ in recent years with technologies such as Hadoop moving from niche projects to mainstream workhorses. Businesses in sectors such as telecom, banking and technology have shown interest and many have already invested in big data technologies. We are now entering a maturing phase of the life-cycle, with competing platforms, support services and a strong market for developers, data scientists and administrators. However, business leaders who’ve funded the investment are increasingly asking their technology teams to show value from their implementations.

“We anticipate 2015 to be crunch time for Big Data crunching – where those who are still running at the prototype phase are expected to deliver towards specific business use-cases to justify continued investment. This will focus minds from ‘getting more data in’ to ‘getting more out of existing data’. There will be a shift from technologies which enable storage and basic reporting to those which enable meaningful intelligence to be extracted. Use-cases such as network monitoring, fraud-detection and security analytics will be popular – driven by the increasing overlap between cyber threats and other risks and focused board-level attention on managing cyber security across the business,” said McVicar.