What Lies Ahead? Cybersecurity Predictions for 2017
“Prediction is very difficult, especially if it's about the future," as Nils Bohr, the Nobel laureate physicist put it. But as the end of 2016 approaches, it’s useful to look forward and try to anticipate the cybersecurity trends that lie ahead, and to reflect on what’s happened over the past year, to see how accurate previous predictions were.
For 2016, our predicted cybersecurity threats included:
• The emergence of sophisticated and custom-designed malware designed to get past organizations’ defenses. Attackers are using bespoke variants of existing malware, which are bypassing traditional antivirus and sandboxing tools. Our 2016 Security Report revealed that 971 unknown malware variants were downloaded to enterprise networks every hour.
• Mobile attacks – we predicted that these would increase as mobile devices became more commonplace in the workplace, offering hackers direct and potentially lucrative access to personal and corporate data. This too was borne out as we saw major vulnerabilities like Quadrooter emerge and new zero day threats discovered, as well as ongoing increases in mobile malware targeting vulnerabilities.
• We expected attacks on critical infrastructure to rise as cybercriminals seek to take advantage of both the inherent vulnerabilities in critical infrastructure computer systems and the potentially huge damage that can be wreaked. Sure enough, an attack using BlackEnergy malware struck a Ukraine power company, Warsaw’s Chopin Airport was targeted by a DDoS attack and the SCADA systems of the Bowman Dam in Rye, New York were attacked too.
• Cybercriminals taking advantage of the growing Internet of Things (IoT) and targeting smart devices. This year saw one of the largest DDoS attacks ever targeting security blogger Brian Krebs’ website, which was launched from millions of IoT security cameras and similar devices.
Unfortunately, our predictions for 2016 proved to be accurate. Like most cybersecurity professionals, I would prefer that they were not realized. I would much rather organizations didn’t get infected by malware, hacked, or suffer data breaches. But by predicting the next wave of threats, we hope to help retailers and their employees stay one step ahead of cybercriminals’ exploits. So here are our five key cybersecurity predictions for 2017:
Mobile: Moving targets
As attacks on mobile devices continue to grow, we can expect to see enterprise breaches that originate on mobile devices becoming a more significant corporate security concern. The recent discovery of not one, but three zero-day vulnerabilities in Apple’s iOS following an attempted attack on a human rights activist’s phone highlights how rapidly the mobile surveillance and cybercrime industry is expanding – and the need for organizations to deploy protections on their mobile estates against malware, interception of communications and other vulnerabilities.
Industrial IoT: IT and OT converge
In the coming year, we expect to see cyberattacks spreading further into the Industrial IoT. The convergence of informational technology (IT) and operational technology (OT) is making both environments more vulnerable, particularly the operational technology of SCADA environments. These environments often run legacy systems for which patches are either not available, or worse, simply not used. Many critical industrial control systems are open to the Internet. A recent report by Kaspersky found over 188,000 systems in 170 countries were accessible this way, with 91% being remotely exploitable by hackers, and over 3% had exploitable vulnerabilities. Manufacturing, as an industry, will need to extend both systems and physical security controls to the logical space and implement threat prevention solutions across both IT and OT environments.
Once again, we’re placing critical infrastructure in our predictions for the coming year, as globally, it remains highly vulnerable to cyberattack. Nearly all critical infrastructure, including nuclear power plants, electricity grids and telecoms networks, was designed and built before the threat of cyberattacks. In early 2016, the first blackout caused intentionally by a cyberattack was reported. Security planners in critical infrastructure need to plan for the possibility that their networks and systems will see attack methods consistent with multiple potential threat actors, including nation-state, terrorism and organized crime.
For enterprises, we predict that ransomware will become as prevalent as DDoS attacks. Like DDoS attacks, successful ransomware infections can shut down a business’s day-to-day operations, and mitigating them demands a multi-faceted prevention strategy, including advanced sandboxing and threat extraction. Businesses will also need to consider alternative ways to cope with the people who launch ransomware campaigns. Collaborative strategies like coordinated takedowns with industry peers and law enforcement will be essential, together with comprehensive data backups that are maintained completely separately and air-gapped from the organizations’ main networks.
We also predict more targeted attacks to influence or silence an organization, with ‘legitimate’ actors launching such attacks. The current U.S. Presidential campaign shows this possibility and will serve as a precedent for future campaigns.
As enterprises continue to put more data on the cloud, providing a backdoor for hackers to access other enterprise systems, an attack to disrupt or take down a major cloud provider will affect all of their customers’ businesses – as we saw with the recent DdoS attack against domain directory service DynDNS. While generally disruptive, it would be used to impact a specific competitor or organization, who would be one of many affected, making it difficult to determine motive.
We also expect to see a rise in ransomware attacks impacting cloud-based datacenters too. As more organizations embrace the cloud, both public and private, these types of attacks will start finding their way into this new infrastructure, through either encrypted files spreading from cloud to cloud or by hackers using the cloud as a volume multiplier.
Data from recent reports present a complex and, in some respects, very alarming picture for cybersecurity in 2017. However, using these predictions, organizations can develop their cybersecurity plans to keep them one step ahead of emerging cyber-threats and prevent attacks before they have the opportunity to inflict damage.
Nathan Shuchami is a senior professional with 20 years of executive management and entrepreneurial experience. He is the head of threat prevention for Check Point Software Technologies with global responsibilities.
No comments found