I'm not big on New Year's resolutions. In fact, I hate this time of year for the solitary reason that so many people resolve to get in shape. They flock to the gym in herds, taking up my treadmill, only to fade away six weeks later.
If only the cybersecurity woes of 2016 were to dissipate that easily, people might not be looking to the new year with a mild trepidation wondering what is in store that could cause some costly disruptions.
It's human nature to long for knowledge, which is why so many people want to know, "What should we expect in 2017?"
The only truth I can offer you is that belief is not truth. The following are some predictions about what experts and practitioners believe will be challenges for the security industry in the coming year, but no one has a crystal ball.
The only truth you should rely on in preparing for the future is that you should expect the unexpected.
In the spirit of giving, though, I offer this list to you because some of these concerns might very well be your unexpected. The risks to your business are determined by the value of your data. Perhaps within these little tidbits, you might have an ah-ha moment that causes you to think differently about your overall policies and procedures.
Dave Dufour, senior director of security, Webroot
1. Phishing will continue to be the bee’s knees in terms of gathering information to initiate attacks.
2. There will be a serious critical infrastructure attack somewhere in the world that will result in loss of life.
Hal Lonas, chief technology officer, Webroot
1. We will continue to see a proliferation of endpoints of all different types connected to home and business networks. These include IoT/IoE devices, where all too often security is compromised in efforts to make these devices quick to market and easy to deploy. Many times, users do not understand that default user names and passwords must be updated for these devices to have even rudimentary defense against the onslaught of compromises trying to breach them.
2. We will probably also see more creative uses of ransomware beyond encrypting our high value data. These might include holding cars for ransom by disabling them, and frightening us into paying for relief from peeping toms who can control our security cameras and access private data in poorly defended cloud-based social applications.
3. We will see more participants as nation states experiment with cyber warfare in economic and political targets. While few of us may be victimized directly by such attacks, we all suffer from the trickle-down effects of exploit technology being more available to common criminals who are in the game for a quick profit. This technology is easily available today in the form of Software Development Kits (SDK), which allow almost anyone to launch phishing and ransomware attacks.
Paul Shomo, Technical Manager Strategic Partnerships, Guidance Software
1. In 2017 AI will conquer dynamic analysis, adding the detection of running and injected processes to its accomplishments.
2. In 2017 the use of file hashes to correlate malware samples into known families and for attribution, will become old fashion.
3. In 2017 we’ll see the rise of Security Orchestration products, allowing InfoSec to coordinate, automate and make sense of their many tools.
4. In 2017 InfoSec will finally demand an answer to the question, “Where does our sensitive data actually reside?” For too many years the industry has employed security professionals to cutoff breaches before adversaries reach privileged data. Yet in practice, InfoSec rarely knows the location of the data they’re protecting.
(And my personal favorite:)
6. While recovering from his failed presidential run, John McAfee will start a rock band. After a month of curiosity eats at me, I will purchase said McAfee album.
This article is published as part of the IDG Contributor Network. Want to Join?