• United States




A look back to 2016 and what to expect in 2017 in cybersecurity space

Dec 15, 20166 mins
Cloud SecurityCybercrimeInternet of Things

The security industry’s biggest challenges are to improve the lifecycle of threat defense effectiveness by moving the curve ahead of advisories.

binoculars looking watch outlook future
Credit: Thinkstock

As we approach the holidays and get ready for 2017, let's take a moment to review our great work in preventing and defending advisories and attacks on the organizations. We know cyber criminals keep trying to evade the cyber defenses we have deployed. There have been big security incidents and breaches in 2016. Spam and spear phishing email campaigns touched unprecedented heights delivering ransomware to millions of potential victims.

The world of digital information security does not lack for challenges. Major events in 2016 have created uncertainty about the future and at the same time new opportunities for the security industry to think and innovate new defense technologies and solutions. But in the cybersecurity world, one thing is sure that some attacks and crimes will continue to evolve and new challenges will emerge.

The security industry's biggest challenges are to improve the life cycle of threat defense effectiveness by moving the curve ahead of advisories.

The key events of 2016!

Ransomware: Ransomware has been ongoing for a few years. However, this year has been marked a new high in the volume and creativity of attacks across industries, especially targeting the healthcare industry. One of the largest attacks was against Hollywood Presbyterian Hospital paid $17,000 ransom to regain access to files locked by ransomware.

The recent attack on the San Francisco public transit system infected and locked up more than 2,000 computers used to operate San Francisco's public transport system. This forced the Municipal Transportation Agency to open the gates and allow passengers to ride for free. The attacker put the demand for 100 bitcoin ransom.

Lawful hacking: US lawmakers brought Apple, the FBI, security experts and law enforcement officials to testify on the ongoing debate over encryption and the abilities of investigators to access data on a terrorist’s Apple iPhone. This created a lot of noise and chaos around privacy concerns and impact of government agencies' abilities to access citizens’ phones from the backdoor. The theme that emerged was the need for the FBI to improve its own technical power to crack encryption – without the help of tech industry or third parties. At the end, the FBI with the help of a third-party tool were able to unlock the San Bernardino shooter's iPhone 5C. So did the FBI learned to overcome the encryption itself and can now hack into iPhone encryption by lawful hacking? Apple encryption is considered a strong security device to date in the enterprise vs any other phones available.

IoT hacking: A massive internet attack that caused outages and network congestion for a large number of websites was launched with the help of hacked IoT devices such as video cameras, DVR etc. The attack on Dyn, an internet backbone service provider to some of internet's top destinations, created problems for internet users to reach an array of sites such as Twitter, Amazon, Spotify etc. The security community has been ringing the bell loudly about IoT security vulnerabilities for years.

What is ahead in 2017!

Time to get serious about IoT security: IoT will help accelerate shutting down the internet in an agile methodology. In addition, we can expect to see ransomware for IoT devices as it will continue to proliferate and become more destructive. Imagine a driverless car system attacked by ransomware. Your car could sit in your driveway until the ransom is paid or your life could be in danger when your car is attacked while you are driving.

Critical infrastructure, such as nuclear power plants and telecommunications towers, are highly vulnerable to cyber-attack. Security around the critical infrastructure needs to be planned for the possibility that the networks and systems will see attack methods consistent with multiple potential threat actors including national states, terrorism and organized crime.

To fuel its growth, ransomware authors are trying to innovate new technical advances by increasing exploit kit sophistication to stay ahead of the enterprise defense technologies. They are even trying to offer ransomware-as-a-service delivery models to hackers and priced at pay-as-you-go service offerings.

Cloud security concerns: As enterprises continue to migrate more data and applications into the cloud, they are providing a backdoor for hackers to access other enterprise systems. The shift towards cloud based storage and services is becoming a very lucrative target for attacks as the perimeter is not protected by a firewall or traditional security measures. An attack to disrupt a major cloud provider will affect all of their customers’ businesses.

The disruptive event would be used as a means to impact a competitor or organization. The days are not far away when we will start seeing new ransomware impacting cloud based data centers as more and more organizations embrace the cloud both public and private. These attacks will start finding their way into new infrastructure through encrypted files spreading cloud to cloud or by hackers using cloud services as launching pads to initiate attacks. The attack on the cloud will result in millions of dollars in damages and loss of critical data.

The impact of AI and machine learning to cybersecurity: AI is exciting for many reasons and the potential that AI and machine learning has is unlimited. Enterprises will need to invest in solutions that have the capabilities to collect and analyze data from countless endpoint, network devices and attack sensors across organizations, industries and geographies. But attackers will also use AI capability to wield highly sophisticated and persistent attacks with malware designed with adaptive, success-based learning to improve the efficacy of attacks. The next generation AI-powered attack that will emerge involve customized code that will emulate the behaviors of specific users to fool even skilled security personnel. This could include crafting sophisticated phishing campaigns that will successfully dupe even the most threat-conscious employee.


Ajay Kumar is an information security and risk management consultant with more than 15 years of experience in various industries. Ajay has predominantly worked on initiatives involving enterprise mobile security, cybersecurity, data protection and privacy, security operations, security analytics and identity and access management.

The opinions expressed in this blog are those of Ajay Kumar and do not necessarily represent those of IDG Communications Inc., or its parent, subsidiary or affiliated companies.