Remember those Nigerian prince scams? They almost seem quaint now, but 2017 might put a new spin on them that could set security awareness training back years.\n\nStu Sjouwerman, CEO of KnowBe4, calls the scam CEO fraud, saying it will be an epidemic equaling the ransomware plague we are suffering now. This time around these cyber gangs are really in Nigeria, but they have climbed up the criminal food chain and CEO fraud is their new focus.\n\n\u201cTrain your high-risk users within an inch of their lives,\u201d he warns.\n\nOh great.\n\nLike the Nigerian prince scams of yesteryear, one click will ruin an IT team\u2019s day. Just one unsuspecting employee who is working on half a dozen things and mindlessly clicks their cursor will send the CSO into a tizzy wondering why his company\u2019s security awareness training is not more effective.\n\nWill 2017 bring the same old approach to awareness training? You know what I'm talking about: training sessions held once a year to those begrudged workers or maybe quarterly emails to assess if users were paying attention.\n\nSecurity execs believe employees must still be on high alert for every email that crosses their desktops, so there is no letting off the gas when it comes to awareness training.\n\n[ MORE PREDICTIONS: What 2017 has in store for cybersecurity ]\n\nLucas Moody, CISO, Palo Alto Networks, says the time to implement prevention capabilities has arrived.\n\n\u201cThe security industry and supporting technology has evolved considerably since the prehistoric age of stateful inspection firewalls and endpoint antivirus solutions. New platforms have emerged and threat prevention capabilities are now being rapidly adopted. 2017 will be the year with a new rigor on the people side of the equation,\u201d Moody says. \n\nMajor breaches still rely heavily on the human element \u2014 the compromise of individuals, mistakes made by people, or process breakdowns. Security education and awareness will see a renaissance in 2017, and to truly secure users, organizations will need to address this demand by scaling their security capabilities to every contributor.\n\nJoe Duffey, CISO at Natixis Global Asset Management, says CSOs must instill and maintain a security conscious culture. As security systems and controls have become more reliable and mature, the cyber criminals have focused even more attention on the individual. \n\n\u201cIn the last year we have noticed a lot more phishing attacks, along with Business Email Compromise attacks, both of which have become more sophisticated. In the face of this onslaught, associate awareness has become even more critical. If we can reduce the number of compromises, or potential compromises, that start with the end user, it will go a long way to improving our overall security posture,\u201d he says.\n\nPart of the success in fending off the bad guys is training and retaining technical employees, Duffey adds. Gone are the days when a security engineer was mainly focused on the firewall. There are a lot more tools necessary and available to combat the cyber threat, at the edge, at the endpoint and in between. \u201cIt is important to identify, develop and train associates who are motivated cyber warriors, and it is an ongoing process, due to the velocity of change. And once you have them, how do we retain because the demand is huge and increasing.\u201d\n\nPasswords\n\nCorey Nachreiner, CTO at WatchGuard Technologies, believes that there will be an increased biometrics usage in 2017 that will hide continued credential insecurity. With this, however, passwords will continue to be used.\n\nOver the past two or three years, we\u2019ve been buried in a deluge of password database leaks. This year, Yahoo lost 500 million user credentials, Dropbox lost 68 million credentials, and Mail.ru lost 25 million credentials.\n\n\u201cDuring all these password database leaks, users still have weak passwords. Worse yet, they seem to use the same password at every site they visit. Every time a big service loses a password database, it puts all companies at risk since that credential could be used at their site as well,\u201d Nachreiner says.\n\nThis flood of password breaches has had two results. First, users have become desensitized to the problem, developing security fatigue and potentially giving up and adopting worse security practices. Second, the industry has started to question whether passwords should be part of the authentication solution at all.\n\nThe security industry has put a huge focus on biometrics, using something \u201cwe are\u201d as a key part of the authentication solution. Users now see mobile devices and laptops shipping with fingerprint readers, and Windows 10 using \u201cHello\u201d to support many biometric authentication options.\n\nThe good news is there are a lot of benefits to biometrics. They solve one of the key problems to using strong authentication credentials \u2014 convenience. Creating and remembering many different long passwords is a pain, but looking at a camera to authenticate with your face is the easiest thing in the world, Nachreiner says.\n\n\u201cIn 2017, we expect the entire industry to place a huge focus on biometrics. You will see every device start to offer biometric log-in options, and passwords will start to take a backseat to everyday computing,\u201d Nachreiner predicts.\n\nUnfortunately, biometrics are not perfect enough that we can solely rely on them and passwords are still a core part of the operating system. \u201cEven though we may log in with our face, Windows will still require we setup a password as a backup authentication mechanism," Nachreiner says. The fact that we use biometrics to authenticate might make us forget this password exists, and might even encourage us to use weaker ones\u2026 but it will still be there. In 2017, even though we\u2019ll start adopting biometric for authentication, our passwords will still haunt us in the background."