Five Cybersecurity Predictions for 2017

Uploaded on 2017-01-16 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

To call 2016 ‘eventful’ in the IT Security space would be an understatement. 

The enterprise security Ninjas at Tanium list their top five predictions for cybersecurity in the year ahead.

From Mirai to ransomware and NSA shadow brokers to Yahoo!, this year introduced new threats birthed from age-old challenges. Given the unique turbulence of 2016, and the industry’s overall failure to manage and protect networks any better than the year prior, the year ahead will be an important opportunity for changing how the world understands and approaches defending our most precious information. 

To that end, read on for our five predictions for a year that will certainly prove to be a lot more than eventful.

1.    Criminals and threat actors will increasingly leverage vulnerabilities in IoT devices to conduct DDoS and other attacks

The impactful attack against the Internet infrastructure company Dyn in October signaled a long-expected evolution of the underlying technologies that can be exploited and leveraged to launch Distributed Denial of Service (DDoS) attacks that benefit from economies of scale. Connected, Internet of Things (IoT) devices that are insecure by design are coming online en masse, in both homes and businesses, while available bandwidth likewise continues to grow. The Dyn attack demonstrated that bringing down a carefully selected set of targets can yield highly-visible and impactful outages.

2.    Machine learning won’t be the security silver bullet many expect it to be

Approaches for machine learning are evolving at a fast pace and, when used effectively, can provide organizations with powerful tools to help automate attack detection and response at-scale. Unfortunately, machine learning is also often misunderstood, and increasingly, mislabeled to generate hype for a product’s claimed capabilities.

Machine learning is not a general purpose solution to all shapes and size of security-relevant data, nor is it always superior to other forms of data analytics. Certain specific use-cases provide ample opportunity for unsupervised and minimally supervised learning that can be critical to an effective solution that makes the “right” decisions on its own. 

Others may appear effective in controlled lab scenarios and test cases, but fail amidst the chaos and noise of most large enterprise networks. The latter is particularly challenging to prove out during a typical vendor evaluation process.

3.    Nation states will expand their use of hacking as a mechanism for influencing the media, public opinion, and public policy.

2016 was the year of misinformation on the Internet. The hacks on the World Anti-Doping Agency, Democratic National Committee, and prominent political figures focused on obtaining and selectively disclosing information, not disrupting systems. 

The attacks, perpetrated by what is believed to be Russian state sponsored hackers, demonstrated Russia’s willingness to use cyber espionage to influence world events, gain crucial information, and sow distrust and discord in the democratic process. Fake news sites and use of groups like WikiLeaks, DC Leaks, and Cyber Hunta to wage an information war aimed at discrediting sovereign governments proved to be a powerful, and effective weapon.

We will see an increase in nation-state hacks aimed at influencing world events and politics. This includes increasing use of the Internet to spread both damaging facts and misinformation.

4.    Healthcare attacks will continue, but increased HIPAA oversight won’t jolt the industry

Data-rich healthcare records are becoming one of the hottest commodities on the dark web, and it shows. After the rampant ransomware attacks throughout 2016, healthcare is now the number one industry target for threat actors. New compliance mandates are coming in 2017: The US Department of Health and Human Services Office for Civil Rights (OCR) is increasing funding for HIPAA audits in 2017 by as much as 50%. 

But increased HIPAA fines this year did little to curb attacks, and audits won’t move the needle. In the field, we see organisations with limited budgets, layers of antiquated legacy software and hardware that can’t be immediately replaced, and a priority to consider whether each dollar spent on technology is worth taking away from saving lives. Put simply, hospitals first need to get the basics right and make healthcare systems more resilient as upgrades occur. The vast majority of breaches, even those involving advanced threats, could be prevented with basic security hygiene.

5.    Companies will wake up to overspending and pare down IT Security tools, creating industry consolidation

In 2017, we’ll see the number of cybersecurity players begin to contract. During the past decade, the incumbent monolithic Managed Security Service Providers (MSSP) largely failed to adequately detect or protect against the first wave of targeted attacks, which gave rise to specialty firms focused on so-called Advanced Persistent Threats (APT). 

Today, as companies review their security and IT operating budgets for 2017, they may find that they’ve committed to a laundry list of security services: threat intelligence feeds, vulnerability management feeds, managed security operations, cloud security solutions, managed attack defense and incident response, specialised “attack simulation” and penetration testing, and a bevy of EDR and network security applications that follow a service-driven delivery model. 

As companies wake up to this overspending, we’ll see them reduce the number of vendors, creating industry consolidation.

Tanium:                     McAfee Labs Six Cyber Predictions For 2017:

 

« Police Connectivity: In-Car Video & Body Cameras
German Police Will Squash Fake Online News »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Information Security Media Group (ISMG)

Information Security Media Group (ISMG)

Information Security Media Group is the world’s largest media organization devoted solely to information security and risk management.

SecurityMetrics

SecurityMetrics

SecurityMetrics is leader in data security, PCI, and HIPAA compliance solutions

Zurich

Zurich

Zurich is a leading multi-line insurer providing a wide range of property and casualty, and life insurance products and services in more than 210 countries and territories.

Tinfoil Security

Tinfoil Security

Tinfoil is a simple, developer friendly service that lets you scan your website for vulnerabilities and fix them quickly and easily.

Cyber, Space, & Intelligence Association (CSIA)

Cyber, Space, & Intelligence Association (CSIA)

CSIA focuses on issues critical to Cyber Security, Military Space and Intelligence.

Centre for the Protection of National Infrastructure (CPNI)

Centre for the Protection of National Infrastructure (CPNI)

CPNI works with the National Cyber Security Centre (NCSC), Cabinet Office and lead Government departments and agencies to drive forward the UK's cyber security programme to counter cyber threats.

ShieldIOT

ShieldIOT

ShieldIOT delivers a complete AI-powered security solution across any IoT device, application and network.

RiskXchange

RiskXchange

RiskXchange's cybersecurity risk rating solution helps businesses solve complex cybersecurity and compliance challenges by providing a 360-degree view of your cybersecurity posture.

CYBRScore

CYBRScore

CYBRScore is a premium, performance-based cyber skills training and assessment provider that quantifies a user’s ability to defend a network.

Penten

Penten

Penten is an Australian-based cyber security company focused on innovation in secure mobility and applied AI (artificial intelligence).

Quantinuum

Quantinuum

Quantinuum is the combination of Cambridge Quantum with Honeywell Quantum Solutions, structured to drive the future of quantum computing.

Veratad Technologies

Veratad Technologies

Veratad Technologies, LLC is a world class provider of online/real-time Identity Verification, Age Verification, Fraud Prevention and Compliance Solutions.

Pragma Strategy

Pragma Strategy

Pragma is a CREST approved global provider of cybersecurity solutions. We help organisations strengthen cyber resilience and safeguard valuable information assets with a pragmatic approach.

Tryaq

Tryaq

Tryaq are a group of cybersecurity experts and enthusiasts who share the mission to make the world feel safer online.

Reaktr.ai

Reaktr.ai

Reaktr.ai is founded on the vision of using AI as a catalyst to propel industries into a future where we redefine what's possible. Fortify your cybersecurity defense with our AI-powered platform.

Digital Twin Consortium (DTC)

Digital Twin Consortium (DTC)

Digital Twin Consortium is a global ecosystem of users who are driving best practices for digital twin usage and defining requirements for new digital twin standards.