Tim Compston, Guest Writer at Security News Desk and SecurityMiddleEast.com, asks industry experts to predict the cybersecurity threats that will be causing headaches in 2017.
There is little doubt that 2016 was a turbulent year on the cybersecurity front with major data breaches being reported - Yahoo being a case in point; a spate of ransomware attacks hitting the headlines – including the transit system in San Francisco, and even allegations that state actors have been taking advantage of the cyber arena to influence elections, so it will be interesting to see what threats emerge throughout 2017.
From State-Sponsored Hacking To Ransomware
Regarding the wider global threat landscape in today’s uncertain times, Adam Vincent, CEO, ThreatConnect warns that - with state-sponsored hacking now a mainstay and cybercriminals pushing into new powerful forms of ransomware - 2017 is shaping up to be a challenging year for the cybersecurity community: “At ThreatConnect we conducted much of the cutting-edge research regarding the newsworthy breaches of 2016, including the DNC and WADA hacks. Organisations face new, powerful threats and adversaries playing a much longer game against specific victims. The era of so-called “scattergun scams” is gradually evolving into a trend for far more finely-targeted exploits designed to achieve strategic goals, both for the advancement of national policy and criminal gain.”
Drilling down into state-directed attacks, Vincent anticipates a further upswing: “The use of cyber-espionage reached a new level of maturity in 2016. We will see an increasingly vocal response from western governments to escalating Russian hacking activity as we begin to move towards more codified rules of cyber-engagement. 2017 will still be a period of unfettered hacking activity, however, as state actors use aliases to mask their involvement.” The takeaway message, from Vincent, is that organisations with any strategically useful information, whether in the public or private sector, must prepare themselves to deal with highly sophisticated phishing, infiltration, and data leaking campaigns.
The escalating nature of ransomware is something that is also exercising the thoughts of Matt Walker, VP Northern Europe, at HEAT Software: "Companies are still really struggling to cope with the ransomware issue. For a long time, sophisticated malware attacks have been a problem for businesses, creating inconvenience or some data security data breaches, but I think that this next wave is more insidious in a way because what's been worked out is that this is very profitable."
Walker adds that, worryingly, he is witnessing the start of a move away from ransom demands just being made because of data: "It is becoming an infrastructure type of threat as well. We have seen this before in fact we had a company we dealt with in Kuwait who felt very much threatened. They were told they were going to be attacked and they put in place our application control, in terms of whitelisting, because of this."
Looking ahead, Walker believes that companies are really going to have to start considering an application control approach to stem this ransomware tide: "Previously they maybe thought it was too difficult to implement but it is the one way to stop software running that you don't want and that, effectively, is ransomware," he concludes.
Keeping on the ransomware theme for 2017, Hitesh Sheth, CEO at Vectra, homes in on ‘ransomware gaining an IQ’ and IoT (Internet of Things) device vulnerabilities as some of his central predictions: "Because it provides the fastest way for an attacker to monetise an attack, through untraceable Bitcoin, ransomware attacks will grow more intelligent by targeting high-value digital assets, including surveillance cameras, phone systems, security systems and other business IoT devices."
Ultimately, in 2017, Sheth feels that new forms of ransomware will become the biggest headache for security response teams and the business driver of growth in cybercriminal income, given the way that it automatically and rapidly extorts money from enterprises. Sheth says that we should also witness more collaboration in 2017 between private industry and law enforcement agencies – both domestic and international – as they attempt to close-down and bring ransomware operators to justice.
Another prediction on the 2017 radar for Sheth is the expectation that so-called 'bad actors' will turn their focus to ‘the soft underbelly of data centres and cloud deployments’: “They will try to gain control of firewalls, servers and switches that make up the physical infrastructure.”
Sheth also believes that 2017 is likely to be the year of the automated security response or, at least, some way towards it: "Human beings alone, no matter how skilled, won’t have the bandwidth to handle the tsunami of security data, cacophony of alerts, and plethora of security tools in 2017. With hyper growth in the attack surface and threat landscape – and constrained by limited security analyst resources and capabilities – enterprises will augment their teams with artificial intelligence to automate the detection and response to security incidents. Security analysts will remain in the loop and continue to bring unique insight and capabilities. Think Robocop, not Skynet.”
For encryption expert, Matt Little, VP Product Development at PKWARE, 2017 is going to be exciting and thought-provoking across several fronts: "The culmination of quantum computing, which is currently looming on the horizon, will cause the long anticipated crypto-apocalypse," explains Little. He also predicts that artificial intelligence-powered protection solutions will enter the market to combat the next generation of hackers.”
From a legislative perspective, Miller says that we will continue to countdown to the European Union’s GDPR [General Data Protection Regulation] a reality which, he reckons, is already causing disarray around data protection roles and responsibilities within companies that conduct business in the EU, whether they are based there or not: "Data level encryption solutions will be a critical component for organizations to meet GDPR compliance, protection requirements, and many will also provide the ability to digitally shred information to meet destruction requirements," he concludes.