From internal threats to creative ransomware to the
industrial Internet of Things, security experts illuminate business
cybersecurity threats likely to materialize in the next year.
If 2016 was the year hacking went mainstream, 2017 will
be the year hackers innovate, said Adam Meyer, chief security strategist at
SurfWatch Labs. Meyer analyzes large and diverse piles of data to help
companies identify emerging cyber-threat trends. "2017 will be the year of
increasingly creative [hacks]," he said. In the past, cybersecurity was
considered the realm of IT departments, Meyer explained, but no longer. As
smart companies systematically integrate security into their systems, the
culture hackers too will evolve.
"Cybercriminals follow the money trail," Meyer
said, and smart companies should adopt proactive policies. Ransomware attacks
grew quickly, he said, because the attacks are "cheap to operate, and many
organizations are not yet applying the proper analysis and decision-making to
appropriately defend against this threat."
It's equally cheap to identify internal vulnerability to
hacks and to apply preventative best practices, Meyer said. But for many
companies it's not as easy to understand
the cybersecurity threats most likely to impact business. To help,
TechRepublic spoke with a number of prominent security experts about their
predictions for near-future cybersecurity trends likely to impact enterprise
and small business in 2017.
Cyber-offense and
cyber-defense capacities will increase - Mark Testoni, CEO at SAP's national
security arm, NS2
We will see an increased rate of sharing of cyber
capabilities between the commercial and government spaces. Commercial threat
intelligence capabilities will be adopted more broadly by organizations and
corporations... High performance computing (HPC), in conjunction with adaptive
machine learning (ML) capabilities, will be an essential part of network flow
processing because forensic analysis can't stop an impending attack. HPC +
adaptive ML capabilities will be required to implement real-time network event
forecasting based on prior network behavior and current network operations...
[Companies will] use HPC and adaptive ML to implement real-time behavior and
pattern analysis to evaluate all network activity based on individual user
roles and responsibilities to identify potential individuals within an
organization that exhibit "out of the ordinary" tendencies with
respect to their use of corporate data and application access.
Ransomware and
extortion will increase - Stephen Gates, chief research intelligence analyst at
NSFOCUS
The days of single-target ransomware will soon be a thing
of the past. Next-generation ransomware paints a pretty dark picture as the
self-propagating worms of the past, such as Conficker, Nimda, and Code Red,
will return to prominence—but this time they will carry ransomware payloads
capable of infecting hundreds of machines in an incredibly short timespan. We
have already seen this start to come to fruition with the recent attack on the
San Francisco Municipal Transport Agency, where over 2,000 systems were
completely locked with ransomware and likely spread on its own as a
self-propagating worm. As cybercriminals become more adept at carrying out
these tactics, there is a good chance that these attacks will become more
common.
As more devices become internet-enabled and accessible
and the security measures in place continue to lag behind, the associated risks
are on the rise. Aside from the obvious risks for attacks on consumer IoT
devices, there is a growing threat against industrial and municipal IoT as
well. As leading manufacturers and grid power producers transition to Industry
4.0, sufficient safeguards are lacking. Not only do these IoT devices run the
risk of being used to attack others, but their vulnerabilities leave them open
to being used against the industrial organizations operating critical
infrastructure themselves. This can lead to theft of intellectual property,
collecting competitive intelligence, and even the disruption or destruction of
critical infrastructure. Not only is the potential scale of these attacks
larger, most of these industrial firms do not have the skills in place to deal
with web attacks in real-time, which can cause long-lasting, damaging results.
This alone will become one of the greatest threats that countries and
corporations need to brace themselves for in 2017 and beyond.
Industrial IoT
hacks will increase - Adam Meyer, chief security strategist at SurfWatch Labs
IoT security threats have been talked about, but not
really worried about by most because a serious incident had yet to occur. With
the 2016 DDoS attack on Dyn, and the ripple effect it created, we will see more
scrutiny on security within the IoT marketplace. Vendors will work in new
security precautions, but at the same time, criminals will also increase their
attention on new ways to leverage IoT devices for their own malicious purposes.
There are plenty of "As-A- Service" attack capabilities on the Dark
Web for hire now and we should expect creative new IoT hack services to pop up
in the near future.
Internal threats
will increase - James Maude, senior security engineer at Avecto
As organizations adopt more effective strategies to
defeat malware, attackers will shift their approach and start to use legitimate
credentials and software - think physical insiders, credential theft,
man-in-the-app. The increased targeting of social media and personal email
bypasses many network defenses, like email scans and URL filters. The most
dangerous aspect is how attackers manipulate victims with offers or threats
that they would not want to present to an employer, like employment offers or
illicit content. Defenders will begin to appreciate that inconsistent user
behaviors are the most effective way to differentiate malware and insider
threats from safe and acceptable content.
A big part of the challenge with cyberattacks is how
businesses think threats can be filtered at the perimeter. Be warned that this
is not the case. Attackers are aware of how to directly target users and
endpoints using social engineering. The industry needs to be more proactive in
thinking about how to reduce the attack surface, as opposed to chasing known
threats and detecting millions of unknown threats. With an increasingly mobile
workforce and threats coming through both personal and business devices and
services, the impact of perimeter defenses has decreased. Security needs to be
built from the endpoint outwards.
Business security
spending will increase - Ed Solis, Director of Strategy & Business
Development at CommScope
Security is part of every business and IT discussion
these days and it will only become more intense in 2017. We see an increase in
the demand for video for surveillance, both for government and private
businesses. This issue includes physical security—securing the building,
people, and assets—as well as network and data security... In 2017, security
conversations will continue to intensify around not only securing data and
networks but physical security as well-think buildings, people, and assets. We
also expect to see an increased demand for video surveillance across the public
sector and private business.
Security will no
longer be an afterthought - Signal Sciences' Co-Founder & Chief Security
Officer, Zane Lackey
2017 will be a critical year for security, starting with
how it's built into technology. DevOps and security will change the way they
work together as they realize the need to integrate with each other in order to
survive. With IoT on the rise, security will continue to be the primary obstacle
preventing consumers from fully welcoming connected devices into their homes
and lifestyles. Consumers and businesses are getting smarter and security
vendors will be held more accountable in keeping them safe.
