What does 2017 hold for security professionals and the industry as a whole?
To answer this question, let’s take a quick look at what has not changed. For one, ransomware continues to be an effective extortion tool for attackers. They’re constantly honing their ability to use backdoors and rootkits to gain access. Across the board, attackers continue to create new variants of the same malware family. When they find an effective approach, they will continue to exploit it until security experts stop them. Only then do attackers move on to something different.
Yet the new year also brings new challenges and trends. Now let’s take a look what will change. Here are my top predictions:
Prediction 1: The exploitation of misinformation will emerge. The 2016 U.S. election saw the emergence of fake news that exploited the Google Ad pay system. Without any political motivation, exploiters used popular social medial technology for financial gain. Viewers would read the article, some would click on the advertisements, and the exploiters would make money – in some cases, a lot of money. While this technique did not attack a specific organization, it did bombard the public with misinformation. From a cybersecurity perspective, this technique presents a huge problem in terms of mitigating indirect threats against organizations. The threat is very real and hacktivists – such as Anonymous – have been using campaigns spreading information through social media to bring awareness. Up until 2016, most of these campaigns have been based on awareness of known information. In the second half of 2016, the emergence of fake information became a new threat.
Prediction 2: Hacking will be used to sway public opinion. The effectiveness of hacktivists and nation states during the U.S. election will be copied – potentially in Europe given the elections in France and Germany this year. In 2017, we are going to see ‘tests’ of misinformation using social media that will show how effective misinformation can be to sway public opinions. While Google and Facebook both committed to fighting fake news, the reach of social media goes beyond those two organizations. Fighting misinformation on the internet on a large scale is something that has never been done and will be a challenge in 2017
Prediction 3: Video exploitation will grow in 2017. The volume of video-based monitoring, capture and storage continues to increase year over year. It’s difficult to find a new video system that is not connected to the internet and, as we saw with the botnet attack that temporarily took down Twitter, Netflix and Spotify in November 2016, new IoT technology will have vulnerabilities. As companies push their video monitoring equipment to the consumer market as fast as possible, the security of these devices will be vulnerable. In 2017, there will be attacks on vulnerabilities identified in consumer video monitoring equipment. Attackers could use these systems for extortion, intelligence and hopping into internal networks for more sensitive information, such as passwords, financial data and personal information
Prediction 4: There will be regulatory purgatory. In 2017, many organizations will only implement the minimum needed to be compliant. The reasons are varied, but it mostly comes down to money and time. If deregulation begins in 2017, and cybersecurity compliance falls victim to lesser standards, then the organizations that only do the bare minimum will be more vulnerable to attacks. It will only be a matter of months before these organizations could be breached. The lack of cybersecurity compliance would not be felt until 12-18 months after the downshift. I predict no tangible effects will be seen until 2018 at the earliest.
Prediction 5: Ransomware will continue to be a significant threat in 2017. The attackers of 2015 were the same attackers of 2016. Their motivations remain unchanged – whether it’s for financial gain, intelligence, or hacktivism. While it’s emerged only about two years ago, ransomware has proved to be exceedingly effective because it relies on a vulnerability that cannot be fixed: people. The only mitigation for this vulnerability is awareness and training. As long as people continue to click on ransomware links in email, the threat will always be there. Organizations must embrace best practices to lessen the blow of a ransomware attack: Regular backups, network segmentation, continuous updates of security detection software, and email threat scanners are the minimum organizations can implement.
-- Ryan Vela, Regional Vice President, Security Consulting