Takeaway: Each and every year, new attacks leave behind a new normal in cybersecurity. So what will that look like in 2017? We asked experts to give us their predictions.
Cybersecurity has been a key topic in IT for years and each and every year brings new challenges. Hackers develop new and more sophisticated ways to access data, resources and an increasing number of other things that are now found in the cloud, leaving cybersecurity professionals to defend their turf. And it seems that each and every year, new attacks leave behind a new normal in cybersecurity. So what will that look like in 2017? We asked experts to give us their predictions.
A Surge in Botnet Numbers
Depending on the adoption pace of IoT, we expect to see two distinct types of trends. First, we’ll see a surge in botnet numbers and sizes. From a research perspective, we consider botnets to be on par with residential routers, as most IoT devices sit within home networks and aren’t directly exposed to the web. That said, we’ll likely see a few internal incidents that will ultimately be traced to a compromised IoT device having been (inadvertently) brought within the range of the compromised network.
Secondly, we’re going to see even more botnet-for-hire activity. Sophisticated botnets are easier to rent than ever before; prices are dropping and sizes are increasing. Being so readily available, anyone can launch a fairly sophisticated attack without having any hacking expertise whatsoever. Where there’s opportunity for mayhem, it happens. We’re not expecting to see improvement in the security of IoT devices, so whatever type of new IoT devices penetrate the market in 2017 are likely to be the next botnet platform.
–Amichai Shulman, CTO at Imperva
The Use of User and Entity Behavior Analytics (UEBA) to Detect and Prevent Breaches
Eighty-two percent of attackers compromise victims within minutes. All it takes is one compromised account for an attacker to get into a corporate network, move from system to system to steal additional credentials, and eventually obtain domain admin privileges that allow them to easily exfiltrate data. Companies often don’t discover the breach until weeks or months later, if ever. Consequently, organizations now realize that perimeter and endpoint defenses aren’t enough. To improve their security posture, they’re leveraging user and entity behavior analytics (UEBA). UEBA offers the ability to detect abnormal activities that indicate account compromise (preferably in real-time) – regardless of whether they originate inside or outside the network.
–Tuula Fai, Senior Marketing Director at STEALTHbits Technologies
Cybersecurity Will Suffer from a Lack of Unqualified Workers
In 2017, hacking and other forms of breaches will continue to expand with bigger and bigger targets. Many experts agree on one thing: the number of unfilled jobs will continue to grow, mainly because there isn’t enough supply of talent to match the demand. Colleges and employers alike will have to find new ways of reskilling and teaching the future cyberworkers of America. Accordingly, the compensation for cybersecurity professionals will outpace the tech sector in general.”
–P.K. Agarwal, Regional Dean and CEO at Northeastern University Silicon Valley
Automation and Analytics Will Help Organizations Address the Shortage of Security Personnel
Often organizations invest heavily in effective security hardware and software, but lack the security specialists necessary to ensure their effectiveness. As an example, breaches like the ones that impacted Target and Home Depot were detected by their high-end security systems, but the security operations practitioners were too overwhelmed by the thousands of alerts they received per hour to see which ones posed the most imminent threat. As automation becomes more integrated into security solutions, security personnel will receive fewer notifications with more relevance, relieving them of the manual task of hunting through a sea of alerts to find the truly malicious ones.
–Scott Miles, Senior Director of Cloud, Enterprise and Security Portfolio Marketing at Juniper Networks
Data Security as a Service Will Become More Important for Small Business
Small businesses are starting to realize the exposure they have and what cyber-attacks can mean to their business health. With more advanced software now available at reduced pricing, no small business can afford to be without the best protection.
–Richard Durante, Sr. President of Tie National
More – and More Complex – Ransomware and Hacking
2017 will have a lot of what 2016 had when it comes to ransomware. The perpetrators of ransomware will look to new methods of phishing in order to convince victims to click on an attachment or go to a website. More use of watering holes (websites or social media sites where people of similar positions gather to exchange ideas) as a way to snare multiple people in a “trusted” environment is possible as well to spread ransomware. The ransomware will continue to expand beyond the effected computer to encrypt data on network shares or to spread the virus like a worm on an internal network.
2017 will also see more man-in-the-middle attacks where criminals intercept communications between buyer and seller and get the buyer to route money to alternative accounts. Along the same lines will be an increase in fraudulent emails instructing accounting departments to make payments to phantom vendors under the auspices that the instructions are coming from a business owner or someone in higher management.
–Greg Kelley, EnCE, DFCP, Vestige Digital Investigations
Posers Will Make More Fake Purchases – and Fraudsters Will Get Even Better at Looking Real
For mobile games, or any app really, growing user numbers is a big deal and a big expense. When looking at a growing use rbase, active users who are downloading your app, logging in regularly and even making purchases may seem ideal, but they might not be real at all. Advanced engagement by fraudulent users is going to be a much bigger issue in 2017 as advertisers and ad platforms adopt more sophisticated tracking technology and fraudsters become more experienced at mimicking the behavior of real users to game the system and gain a big payoff.
–Ting-Fang Yen, Research Scientist at Datavisor
The Number of Cyber Attacks Will Increase
The new year, much like every one that went before it, will have one common theme: the number of cyber attacks will increase.
With the number of internet-enabled devices, from traditional computers to tablets, and smartphones to IoT gizmos, on an ever-upward trajectory, I suspect DDoS attacks to feature heavily in 2017. The difference this year, however, will be that the intention will be less about hacktivism and general disruption and more about extortion from companies not willing to pay for “protection.”
–Lee Munson, Security Researcher, Comparitech.com
Companies Will Face Increasing Pressure to Follow Government Guidelines
From the regulatory side I see increased corporate adaptation of government-led guidelines such as NIST’s and also pressure from insurance carriers to follow guidelines. I also see the big risks continuing to be from lower tech attacks such as phishing but expect schools and their valuable PII to become a more common target.
–Stelios Valavanis, Founder and CEO at onShore Security
Businesses Will Be Moved to the Cloud (Without Their Permission)
In 2016, Dtex observed that in 64 percent of company security assessments, publicly searchable corporate data was found on the public Internet, without even basic controls like passwords. This problem stemmed from employees and partners sharing files through popular cloud apps like Google Drive via unsecured links. This problem has not been remedied. As a result, in 2017, anyone will be able to find everything from sensitive IP and regulated data to customer information through simple online searches at more than 90 percent of organizations. A lack of visibility into third-party sharing of sensitive information on unsanctioned cloud apps will be one of the primary reasons these types of breaches occur.
–Christy Wyatt, CEO at Dtex Systems
The Path of Least Resistance Will Grow Wider for Hackers
Hackers will continue to take the path of least resistance by exploiting common, unpatched vulnerabilities to gain access to organizations and their critical data. With many software publishers now releasing critical patches “in bulk,” hackers now have more time than ever to exploit new vulnerabilities. Every unchecked application or device is a potential open door for hackers to exploit known vulnerabilities, which, on average, take 193 days to patch.
–Bill Berutti, President of Cloud and Security Automation at BMC
Attacks on IoT Devices Will Surge
2017 will bring a continued and massive increase in cyber attacks brought about by IoT devices. Most IoT devices manufactured today have no integrated cyber defense and do not allow third parties to install security software. To address this concern, manufacturers recommend that security for IoT devices is achieved by installing behind a firewall, which is no longer a guarantee of safety in today’s environment. Once IoT devices are compromised, they can then provide a back door that serves as a clandestine communications channel for months before discovery.
–Moshe Ben Simon, Cofounder and Vice President of TrapX Security
A Higher Cost of Damage from Cyber Attacks
While there are thousands of cyber-security companies, correspondingly, there are also thousands of point-solutions. In a world of rapidly-evolving threats, the technical viability (life-span) of a point-solution is disturbingly limited to one to three years. The time it takes cybercriminals to outsmart a point-solution is only limited by their awareness of it. When solutions are on the market for several years, it’s safe to assume that creative hackers have already developed more sophisticated techniques. And in light of an anticipated decrease in new cyber security companies and solutions, that ultimately leaves tomorrow’s threats unresolved. Unfortunately, we are about to face a “deadly encounter” – fewer solutions in the market combined with smarter hackers. The outcome will be clear: more “successful” attacks that are increasingly destructive and that entail a significantly higher cost of damage to the victim organization.
–Nir Gaist, Cofounder and CEO of Nyotron
A Greater Focus on ERP System Security
Taking into account that ERP systems manage all the crown jewels, we can expect a shifting focus to cybersecurity of such systems. As enterprise software plays a vital role in a company and stores all the important data, it is an attractive target for a malicious person even now. Need for ERP cybersecurity is topical now not least because of the media coverage of the breaches where enterprise applications were targeted (USIS data breach).
Greater Intelligence in Security
In 2017, we can look forward to more intelligence-based approaches to security to help prevent data breaches since conventional technologies aren’t cutting it. More universal advanced analytics and real-time monitoring are coming for businesses. This will help consumers and hopefully help to prevent more forms of identity theft.
–Robert Siciliano, author and personal security and identity theft expert
CISOs Will Need to Do More Homework
The growth in collaboration and usage of cloud services like Office 365 will mean that CISOs will need to study the flow and usage of data, and this visibility will dictate their data protection policies. They’ll be able to apply resources more effectively once they see what needs to be protected where.
–Tzach Kaufmann, CTO and Founder of Covertix
Interoperability Between Human and Artificial Intelligence Will Emerge
Threat detection solutions based on big data and AI will evolve to the point where the “interoperability” between artificial and human intelligence will allow CISOs to fight the cyber attacks that don’t follow the “rules.” They’ll benefit from a more efficient system that stops the threats in their tracks, before they can do real damage – detecting the attacks before the cybercriminals can get what they came for.
–Noam Rosenfeld, Senior Vice President at Verint Cyber Intelligent Solutions
Security Will Become More Externalized
Small and mid-sized companies do not have the resources to run and constantly update their full-time security operations centers, or staff full teams for cybersecurity. As a result, they will continue to turn to third parties and consultants for their security protections to keep defenses updated in a more economical way.
–Jason Porter, Vice President Security Solutions, AT&T
Hackers Will Target Mobile Security Solutions Forcing Companies to Adopt More Diversified Strategies
An evolving strategy heading into 2017 is for mobile hackers to attack the security solution itself, either to circumvent it or disable it, allowing the primary hack to proceed either undetected or unstopped. Many mobile security solutions provide detection-only or rely on third-party systems to mitigate threats. These approaches are easy to defeat. We are seeing a strong trend of defeating remediation strategies and foresee this attacking-pattern to grow rapidly. Providing visibility to attacks is great, but will not be enough in 2017.
Since such an exploit can happen instantly, proactive, automated protection that happens in real time is critical, as human response to notifications will not be fast enough. This strategy of attacking the security solution may take place through malware or network threats, so solutions must be both comprehensive and responsive.
IT security admins have become increasingly aware that neither traditional security methods, nor MDM or MAM alone, are effective at addressing the varied and advanced threats to mobile security. While awareness always grows ahead of the availability of budgets, in 2017 more organizations will use this knowledge to influence IT budgets and adopt a proper diversified strategy going forward.
–Yair Amit, CTO at Skycure
Companies Will Become More Aware of the Vulnerability of Encryption Keys in Cloud-Based Systems
One of the fundamental axioms in security is that you are going to have to periodically change things like passwords and encryption keys in order to maximize security. While some would argue that many IT organizations may have gone overboard with their zeal for password changes, the opposite is true for cloud-based efforts, where most orgs don’t swap encryption keys often enough – and for understandable reasons. Many traditional encryption approaches require downtime – and sometimes it is substantial downtime – to update keys. Fortunately, there already exist commercially available solutions where workloads can be rekeyed transparently with zero downtime, and these new technologies will increasingly become the new normal in the coming year and beyond.
–Eric Chiu, Cofounder and President of HyTrust
A Major Critical Infrastructure Attack?
Many critical infrastructure entities and utilities (power grids) still control operations using legacy Supervisory Control and Data Acquisition (SCADA) systems that were never designed with security in mind or to be connected to the internet. These systems measure frequency, voltage, and power at each sensor location. In today’s open networking environment, maintaining the traditional “air-gap” between once-isolated SCADA networks and the outside world is virtually impossible. Most SCADA systems are theoretically “air gapped,” but not really disconnected from the network. In light of this, there are still ways for attackers to get around isolation, either because the systems are not set up properly, or via an accessible test link or bridged the Wi-Fi network, just to highlight a few examples.
–Faizel Lakhani, President and COO of SS8
Faster Cybersecurity Breaches
2016 has illustrated a rise in the sophistication of hackers, an increase in the breadth and depth of attacks, and a proliferation of new techniques used to break down even the most secure systems.
In 2017, I expect the speed of a compromise to accelerate. We will see hackers breaking into systems, stealing credentials and sensitive information, and getting out much more quickly moving forward – all before an enterprise recognizes an attack or systems have an opportunity to respond.
Further, we will see more destructive malware in 2017. For example, if attackers can threaten specific insiders with non-public personal information to coerce them to help compromise an enterprise network, that could lead to ransomware 2.0.
–Ajit Sancheti, Cofounder and CEO of Preempt
The Growth of Crowdsourced, Actionable Threat Intelligence
Although threat intelligence (TI) is still in its infancy, it won’t be for long. Soon, the industry, governments and influential institutions will heavily encourage crowdsourced TI data. All cyber defenses will be fully capable of consuming TI in real-time, acting upon the intelligence gained, and also delivering upstream crowdsource capabilities. All organizations, devices, applications, operating systems, and embedded systems will soon be fed TI and in turn, feed it to other organizations.
–Stephen Gates, Chief Research Intelligence Analyst at NSFOCUS
SSL Encryption of Websites Will Increase Exponentially
The importance of secure socket layer (SSL) encryption for websites, so users and small business owners that collect PII know that their sensitive info is safe and secure, will grow exponentially – especially as some key January deadlines approach. SSL is used to encrypt data, authenticate the server and verify the integrity of messages.
Come 2017, Mozilla FireFox and Google Chrome will be showing “not secure” messages on all HTTP web pages that have a password field and/or collect credit card data. It’s a huge step in securing the entire internet, and e-commerce retailers, as it will help keep users aware and hopefully push the 90 percent of websites lacking SSL to step up their game.
–Michael Fowler, President of Comodo CA
Hackers Will Target Open-Source Software
I think the biggest trend we will see is hackers targeting open-source software. Vulnerabilities will be uncovered, similar to 2014, where software developers will be faced with patching products quickly. It will impact any company that utilizes common open source tools/applications, since their software will be vulnerable to attacks. Patching these holes in a timely manner will be critical for software developers. Today, cyber criminals act incredibly fast, and we have to try and be faster.
–Dodi Glenn, VP of Cyber Security for PC Matic
Media Hacking Will Become a More Serious Threat
2017 will be the year of media hacking – targeted efforts by states, individuals, and organizations to use stolen and doctored information to sow confusion, shift public opinion, and influence debate. This is a serious threat that we as a community have largely ignored, but there is a lot that we can do to combat this challenge.
States should align to condemn this activity. Media platforms should work to update their systems to manage intentional disinformation campaigns. Also, media hacking often relies on doctored or stolen data. Security organizations can have a big impact on this problem by focusing on increasing visibility into this attack and working to protect likely targets of this type of data theft (newspapers, political organizations, prominent activist voices on key issues).
–Nathaniel Gleicher, former White House Director for cybersecurity policy, head of cybersecurity at Illumino
Dwell Time Will Become the No.1 Threat
The fact that hackers can hide inside compromised networks for months – or even years – is the single biggest security threat that we face. If intruders have this much time, you can guarantee that they will find targets and cause damage.
Our prime imperative in 2017 should be to shorten the amount of time that attackers have inside our systems, and you can’t do that if you don’t have visibility into your data center. Today, most security organizations don’t know what’s connected to their network, or how their devices are talking to each other. If attackers understand your network better than you do, it’s no wonder they can hide inside for so long. 2017 should be the year that we finally link real-time visibility to effective microsegmentation, so we can find attackers more quickly, and shut them down faster.
–Nathaniel Gleicher, former White House Director for cybersecurity policy, head of cybersecurity at Illumino
Next Generation Ransomware Will Go Mainstream
Following great success and monetization from ransom attacks in 2016, we expect to see a new generation of ransomware that is much more sophisticated with higher ransom demands (more than $1million for a single attack) in 2017. In total, we believe damages will be more than $1 billion.
In our labs, we already see how ransomware is evolving and becoming much more evasive and destructive. Take, for example, the new innovative ‘”backup wiper” ransomware, which can delete backup files to ensure data restores become unavailable, increasing the chances that the ransom attack is successful.
–Eyal Benishti, Founder and CEO of IRONSCALES
The Need for Cyber-Insurance Grows
Cyber insurance is on the rise, as more companies adopt plans and more underwriters expand their portfolio and grow their premiums, but in order to maintain credibility and justify costs, both insurers and underwriters must adopt a data analytics approach to cyber insurance in 2017. The industry will continue to use and rely on data to develop quantitative models for assessing premiums in order to make more strategic decisions.
Beyond the data, there will be a new focus on what happens during the lifetime of a business relationship. Underwriters will begin developing programs that drive better security hygiene. In the same way that health insurance providers developed no-smoking policies or provide discounts for gym memberships, cyber insurance underwriters will reward companies for taking a more proactive approach toward cybersecurity.
–Jake Olcott, Vice President at BitSight
We’ll See More Attacks Against “Critical” Infrastructure
Following the hack against the Ukrainian electric grid, and hospital disruptions due to ransomware attacks, we will see more breaches aimed at critical infrastructure in the coming year. What’s more, the idea of “critical infrastructure” will change. We’re no longer just speaking about the grid or financial institutions. Critical infrastructure will include key cloud services, like AWS, which could create a huge, detrimental outage should a breach against this service take place. If the DDoS attack on Dyn was so impactful, imagine the repercussions of an outage at a larger service provider.
–Jake Olcott, Vice President at BitSight
The First Nation State Cyber Attack Will Occur as an Act of War
The first nation state cyberattack will be conducted and acknowledged as an act or war. We have seen cyberattacks used from everything in the Iraq war to disrupt the power grid (actually to keep the lights on) to Stuxnet. 2017 will see the first large scale attack by a nation against another sovereign nation, and be acknowledged as an attack and the techniques used considered weapons (albeit software, malware, vulnerabilities, and exploits).
–Morey Haber, VP of Technology at BeyondTrust
Ransomware Will Target Databases
Ransomware will become smarter and will merge with information-stealing malware, which will first steal information and then selectively encrypt, either on-demand or when other goals have been achieved or found to be unachievable. Although ransomware is an extremely fast way to get paid as a fraudster/hacker, if you are also able to first steal some information before you encrypt the device, you can essentially hack it twice. In this scenario, if the victim says, “You know what? I have backup files” and refuses to pay for decryption, the hacker can threaten to leak it all. We hear of ransomware being used in sensitive environments like in hospitals, but so far there hasn’t been significant damage. However, if the malware had first exfiltrated patient information and then encrypted it, that could have been extremely damaging.
–Alex Vaystikh, CTO of SecBI