In 2016, we saw cyber attacks increasingly shift from external breaches of confidential data to internal disruption of data and services, as attackers used distributed denial of service (DDoS) or encryption to hold businesses hostage. Attackers continue to focus more on exploiting users than technology. Users are often unaware and uneducated about the potential risks, yet have huge access to data and resources, presenting a huge area of risk.
This shift will continue in 2017, alongside these other shifts in the landscape:
1. Ransomware will further diversify. We are already seeing attackers moving beyond the desktop and starting to exploit vulnerable websites and blogs. For organizations, I expect to see ransomware going after high-value enterprise targets, such as databases and backup systems.
We may also see IoT devices being used to disrupt and ransom businesses. If an attacker can take control of your lights, heating, or access controls, then they could easily hold you to ransom for this. The same applies to large-scale DDoS attacks being used to hold organizations to ransom.
2. Social engineering will become more prominent. In day-to-day scenarios, we will see attacks that focus less on sophisticated vulnerabilities and more on manipulating users with social engineering. As many organizations still rely on detection, an attack in 2017 doesn’t need to be advanced, it just needs to be unique enough not to be detected.
E-mail will continue to be the primary target for phishing attacks, however, we can expect to see a broader range of phishing campaigns using messaging apps, social media, and users’ personal e-mail to bypass corporate filters.
3. The giants will awaken. Established security vendors like Symantec (NASDAQ: [[ticker:SYMC]]) and McAfee will threaten the traction of upstarts like Cylance and CrowdStrike. The older guards are able to provide broad installation bases and have a renewed innovation vigor, empowering them to provide solutions for the growing demand of full-lifecycle security platforms. Single-play vendors in detection and response will lose their appeal when asked to prove that they solve more than just a part of the security challenge space.
4. The cybersecurity skills gap will be an even greater challenge. As more companies compete for talent in a limited marketplace, the skills gap will become an even greater problem. Companies may be forced to rethink strategies and look for solutions that are more proactive and require less management to allow them to make the best use of available resources.
5. Container isolation will see wider recognition for its security benefits. We’ll see an accelerating migration of corporate applications from riskier legacy application architecture to container-hosted apps. The containers and app stores previously seen on mobile platforms will begin appearing more on traditional desktops. [Editor’s note: Avecto’s endpoint security products and services involve isolating potentially malicious documents or programs in a digital container, where the company’s software works to render the threats inert.]
6. Regulation will enforce ransomware attack repercussions. Organizations will be under increasing pressure to address the issues of cyber threats as the European General Data Protection Regulation is coming into effect in early 2018. This regulation can fine multi-national companies up to 4 percent of global turnover in the event of a breach, not just a regional subsidiary. This potential penalty can wipe out the profits of the global business, drawing a fine line between realizing profits or incurring a loss on the year.
Increasingly, there is a push among regulators to classify ransomware incidents as a breach event, an implication that will concern many who have been hit with an attack on multiple occasions. It’s imperative that organizations safeguard themselves from imminent breaches and the resulting financial implications by implementing foundational security solutions that aren’t reliant on detection, before the legislation is in effect.
Laying the groundwork in 2017 will be very important to ensure future financial and digital security.
