From internal threats to creative ransomware to the industrial Internet of Things, security experts illuminate business cybersecurity threats likely to materialize in the next year.
By Dan Patterson | December 13, 2016, 8:16 AM PST
If 2016 was the year hacking went mainstream, 2017 will be the year hackers innovate, said Adam Meyer, chief security strategist at SurfWatch Labs. Meyer analyzes large and diverse piles of data to help companies identify emerging cyber-threat trends. “2017 will be the year of increasingly creative [hacks],” he said. In the past, cybersecurity was considered the realm of IT departments, Meyer explained, but no longer. As smart companies systematically integrate security into their systems, the culture hackers too will evolve.
“Cybercriminals follow the money trail,” Meyer said, and smart companies should adopt proactive policies. Ransomware attacks grew quickly, he said, because the attacks are “cheap to operate, and many organizations are not yet applying the proper analysis and decision-making to appropriately defend against this threat.”
SEE: How risk analytics can help your organization plug security holes (Tech Pro Research)
It’s equally cheap to identify internal vulnerability to hacks and to apply preventative best practices, Meyer said. But for many companies it’s not as easy to understand the cybersecurity threats most likely to impact business. To help, TechRepublic spoke with a number of prominent security experts about their predictions for near-future cybersecurity trends likely to impact enterprise and small business in 2017.
Cyber-offense and cyber-defense capacities will increase – Mark Testoni, CEO at SAP’s national security arm, NS2
We will see an increased rate of sharing of cyber capabilities between the commercial and government spaces. Commercial threat intelligence capabilities will be adopted more broadly by organizations and corporations… High performance computing (HPC), in conjunction with adaptive machine learning (ML) capabilities, will be an essential part of network flow processing because forensic analysis can’t stop an impending attack. HPC + adaptive ML capabilities will be required to implement real-time network event forecasting based on prior network behavior and current network operations… [Companies will] use HPC and adaptive ML to implement real-time behavior and pattern analysis to evaluate all network activity based on individual user roles and responsibilities to identify potential individuals within an organization that exhibit “out of the ordinary” tendencies with respect to their use of corporate data and application access.
Ransomware and extortion will increase – Stephen Gates, chief research intelligence analyst at NSFOCUS
The days of single-target ransomware will soon be a thing of the past. Next-generation ransomware paints a pretty dark picture as the self-propagating worms of the past, such as Conficker, Nimda, and Code Red, will return to prominence—but this time they will carry ransomware payloads capable of infecting hundreds of machines in an incredibly short timespan. We have already seen this start to come to fruition with the recent attack on the San Francisco Municipal Transport Agency, where over 2,000 systems were completely locked with ransomware and likely spread on its own as a self-propagating worm. As cybercriminals become more adept at carrying out these tactics, there is a good chance that these attacks will become more common.
As more devices become internet-enabled and accessible and the security measures in place continue to lag behind, the associated risks are on the rise. Aside from the obvious risks for attacks on consumer IoT devices, there is a growing threat against industrial and municipal IoT as well. As leading manufacturers and grid power producers transition to Industry 4.0, sufficient safeguards are lacking. Not only do these IoT devices run the risk of being used to attack others, but their vulnerabilities leave them open to being used against the industrial organizations operating critical infrastructure themselves. This can lead to theft of intellectual property, collecting competitive intelligence, and even the disruption or destruction of critical infrastructure. Not only is the potential scale of these attacks larger, most of these industrial firms do not have the skills in place to deal with web attacks in real-time, which can cause long-lasting, damaging results. This alone will become one of the greatest threats that countries and corporations need to brace themselves for in 2017 and beyond.
Industrial IoT hacks will increase – Adam Meyer, chief security strategist at SurfWatch Labs
IoT security threats have been talked about, but not really worried about by most because a serious incident had yet to occur. With the 2016 DDoS attack on Dyn, and the ripple effect it created, we will see more scrutiny on security within the IoT marketplace. Vendors will work in new security precautions, but at the same time, criminals will also increase their attention on new ways to leverage IoT devices for their own malicious purposes. There are plenty of “As-A- Service” attack capabilities on the Dark Web for hire now and we should expect creative new IoT hack services to pop up in the near future.
Internal threats will increase – James Maude, senior security engineer at Avecto
As organizations adopt more effective strategies to defeat malware, attackers will shift their approach and start to use legitimate credentials and software – think physical insiders, credential theft, man-in-the-app. The increased targeting of social media and personal email bypasses many network defenses, like email scans and URL filters. The most dangerous aspect is how attackers manipulate victims with offers or threats that they would not want to present to an employer, like employment offers or illicit content. Defenders will begin to appreciate that inconsistent user behaviors are the most effective way to differentiate malware and insider threats from safe and acceptable content.
A big part of the challenge with cyberattacks is how businesses think threats can be filtered at the perimeter. Be warned that this is not the case. Attackers are aware of how to directly target users and endpoints using social engineering. The industry needs to be more proactive in thinking about how to reduce the attack surface, as opposed to chasing known threats and detecting millions of unknown threats. With an increasingly mobile workforce and threats coming through both personal and business devices and services, the impact of perimeter defenses has decreased. Security needs to be built from the endpoint outwards.
Business security spending will increase – Ed Solis, Director of Strategy & Business Development at CommScope
Security is part of every business and IT discussion these days and it will only become more intense in 2017. We see an increase in the demand for video for surveillance, both for government and private businesses. This issue includes physical security—securing the building, people, and assets—as well as network and data security… In 2017, security conversations will continue to intensify around not only securing data and networks but physical security as well-think buildings, people, and assets. We also expect to see an increased demand for video surveillance across the public sector and private business.
Security will no longer be an afterthought – Signal Sciences’ Co-Founder & Chief Security Officer, Zane Lackey
2017 will be a critical year for security, starting with how it’s built into technology. DevOps and security will change the way they work together as they realize the need to integrate with each other in order to survive. With IoT on the rise, security will continue to be the primary obstacle preventing consumers from fully welcoming connected devices into their homes and lifestyles. Consumers and businesses are getting smarter and security vendors will be held more accountable in keeping them safe.