It’s that time of year again. Everyone’s looking back on the year that just passed, while wondering on what the new year has to come. While I do believe it’s important to reflect, that’s not what we’re here to do today.
No, today we’re going to talk about what 2017 has in store for those of us in the security business. After all, 2016 saw some pretty huge tech developments and breakthroughs. And on a bit of a darker note, it also brought us its fair share of cybercrime, with breaches that included such big names as Yahoo! and the Democratic National Committee.
Both developments – in enterprise and in crime – are going to have their role to play in influencing what’s to come.
Cyber Security Will (Have To) Improve
Hackers will continue to take the path of least resistance, just as they always have. Unfortunately, with the advent of new, poorly-secured IoT devices and the proliferation of mobile technology and gadgets like smartwatches, what this actually means will be grossly obscured. And it will change rapidly, as new vulnerabilities and exploits are discovered with each passing day.
Ransomware, too, will continue to grow.
In order to keep pace with the rapid movement of the criminal world, cybersecurity regulations will have to become more agile by design. What’s more, the demand that IoT devices be ‘secure by design’ will grow louder and louder. Though, as predicted by Information Age, we probably won’t be seeing much movement in that space until at least 2018.
We’ll also see security and business operations teams forced to work more closely together in order to deal with developments like ‘malware as a service’ and automation technology.
Because Attackers Will Get Smarter
Attackers won’t simply keep rolling along the path of least resistance, either. Already, we’ve seen several frightening developments in the security space. Expect targeted attacks to increase in 20167, and for attacks to become more organized, more commercialized, and more difficult to trace. Also expect to see hackers congregating on the dark web, distributing malware and exploits to one another where the prying eyes of law enforcement cannot see.
We’re also likely to see a rise in hybrid attacks, according to Agari Chief Scientist Markus Jakobsson, quoted by eWeek. These attacks, taking place over multiple attack vectors, are extremely difficult to defend against without an organized, prepared security team. They also make it far easier for criminals to hide their tracks.
Finally, it’s likely we’ll see more attackers exploiting the fact that, by and large, the laws of the world haven’t really caught up to the idea of a global Internet. They will situate themselves in countries where cybercrime is likelier to be overlooked, and target businesses from outside the jurisdiction of domestic police forces. This will also contribute to rising tension on the global stage, which brings me to my next point….
Cyberwarfare Will Reach An Inflection Point
We’ve seen scattered cyberattacks over the past several years. Rumors that the Russian government influenced the outcome of the recent United States Election. The revelation that state-sponsored Chinese hackers made $4 million trading insider information from hacked law firms. And those two stories are just scratching the surface.
Expect to see an upturn in government-sponsored, politically-motivated cyberattacks. Moving forward, countries looking to protest the actions of their peers may increasingly turn to the digital world. And as more and more of our infrastructure is brought online and connected, that becomes an increasingly-dangerous prospect.
No longer just about making money, cyberattacks could become a new avenue for terrorism, or a new way for striking back against a military opponent. Rather than requiring a massive army or a pile of military technology, a country could recruit a team of skilled hackers to knock out a nation’s power grid, destroy their infrastructure, or otherwise wreak havoc. Security professionals are largely aware of this, and are working to secure their most critical infrastructure, but only time will tell if they are successful.
Small Businesses Will Be In The Crosshairs
Most of the time, when you hear about a sophisticated, targeted attack, it’s a large enterprise that was the victim. A hospital whose patient data was stolen, a major entertainment provider whose upcoming scripts and movies were leaked, an international retailer whose POS systems were compromised. These are all par for the course – they’re the stories we expect to hear when we’re told of a data breach.
This year, that might change. Remember how I said hackers will increasingly take the path of least resistance? With that in mind, why should they bother targeting a vast enterprise that can afford to spend millions on cybersecurity, when they can instead go after several small or mid-sized businesses with security budgets that are middling at best?
Let’s add an even more insidious note to this concept. We all know that some unsavory businesses engage in corporate espionage, and we also know that many large businesses have trouble competing with smaller, more agile startups as they gain ground. What’s to stop a major market player from hiring some black hats to take out rising competition?
Risk Insurance, Education, And Analytics Will Take Off
Perhaps as a side-effect of all the above trends, 2017 will also be the year that digital risk insurance really gets off the ground. As business leaders come to understand the threat that digital attacks pose to their bottom line, they’ll grow increasingly more willing to invest in risk insurance to defend against such attacks. The insurance industry will need to adapt to these changes, and whichever companies are first to market with tailored solutions stand to gain a great deal here.
Intelligent business leaders will take ownership of the risks their organizations face, and invest in analytics tools that make it easier for them to detect and mitigate attacks, especially those from internal threats. Employee education will also become a priority. Every organization has a social responsibility to protect the data of its customers and clients – and that will become clearer than ever this year.
2016 was a big year in the cybersecurity space. But with all the developments just around the corner, 2017 stands to be even bigger. Make sure you’re ready for it – because the market won’t wait up if you aren’t.