15 January 2017

Cybersecurity Predictions for 2017: The Experts Speak

By Joseph Steinberg

A panel of industry insiders and experts share their cybersecurity predictions for 2017.

2017 has arrived, and, with it, many big cybersecurity issues. Hacking has even been a trending news topic every day since Jan 1st.

So, what will 2017 have in store for us vis-a-vis cybersecurity? Here are the predictions of a panel of respected industry insiders and experts. While the forecasts are not identical, several concepts were mentioned by multiple folks - so take notice. Also, while this article is longer than my typical piece, readers who read it in its entirety will get a robust, broad view of what cybersecurity industry experts think that everyone needs to think about in 2017.

2017 will bring more of the same problems that we saw in 2016, because this past year's attacks delivered great results for hackers. Last year, I predicted that in 2016 "criminals, nations, and anyone else seeking to hack will continue to exploit social engineering as a primary means of digital 'breaking and entering'" - why would anyone stop doing so when that is exactly how, according to the CIA, FBI, and NSA, Russia breached the DNC? Why would anyone stop using techniques that work so well? As part of the social engineering trend, we will continue to see oversharing on social media leading to spear phishing leading to breaches - hopefully, businesses understand this risk well enough to take proactive action. Likewise, Internet of Things (IoT) security - which clearly became an undeniable problem with Distributed Denial of Service (DDoS) attacks this past year - will continue to be a big issue; with so many people buying cheap, insecure devices, there will ultimately be a price to pay. On another note, women continue to make growing inroads in the cybersecurity profession - hopefully this trend will continue. We still have a long way to go.

2017 will bring continued changes in the cybersecurity universe. The current detection and protection models are completely overwhelmed. Your average antivirus or firewall cannot cope anymore with advanced attacks since these offerings rely solely on signature and pattern detection. That is why they remain incapable of detecting APTs, data breaches, ransomware or even unusual user behaviour. The future of cybersecurity resides in the combined approach of machine learning and threat intelligence. An AI resulting from such an effort can detect cyber-attacks, as well as cyber-espionnage, way before any of the existing tools we have today on the market. Detecting weak signals within an entreprise, with the help of behaviour analytics - that's the cyber-market of the future.

The severe cybersecurity workforce shortage -- which has one million job openings now -- will escalate in 2017, and add another 100,000 and 200,000 job openings by year end. Cybercrime damages will continue to grow (costing the world $6 trillion annually by 2021), up from $3 trillion last year; ransomware will be the fastest growing threat in terms of new attacks and costs. Global spending on cybersecurity products and services will exceed $1 trillion cumulatively over the next 5 years from 2017 to 2021.

Once again this year we've seen the demand for information security professionals rise dramatically. The complexity and number of the attacks, coupled with the growing Internet of Things, increased regulatory scrutiny, and pressure from Boards, has resulted in corporations reevaluating and upgrading their information security and risk organizations.The demand for cybersecurity professionals, however, outstrips the supply, and that problem will continue in 2017.


As penetration of IoT devices in industry will grow, so will the threats posed to security by their uncontrolled deployment and use. Personal IoT devices will also increasingly get carried across physical and logical security boundaries by employees, compounding the issues. Building on the massive financial milestones in 2016, ransomware operations will likely dedicate more resources to improving automated targeting in 2017. This feature will help them discriminate between home users and corporations, and allow them to extort higher fees from the latter. DDoS attacks, possibly amplified by use of IoT botnets, as seen in the recent attacks against Dyn, will continue to make the headlines. While most will be, as before, politically motivated or performed in support of larger hack attacks, an increasing proportion will target companies for the purpose of simple extortion as well.


For a long time, we've focused on the kinetic effects of cyber, but we are now seeing nation states engage in propaganda campaigns and strategic information operations that happen to be conducted through cyber intrusions. Looking ahead, we will likely see the U.S. weigh tougher response options to such activities, not limited to cyber tactics, but also including diplomatic, law enforcement, economic and other policy means.

The endpoint protection space has grown in the last year, and more people will continue to look to these solutions in 2017. While more attention has been given to endpoint security solutions to identify threats and attempted attacks, they can't catch everything: When users are the ones opening the flood gates to attackers by putting in their own credentials to a malicious or compromised set up, that's a behavior change issue. Additionally, IoT has already posed a unique threat to the security landscape, one that may not be visible to a consumer's untrained eye. Easy procurement of cheap IoT devices or Wi-Fi enabled products introduces a serious level of risk -- of which many people are unaware. In 2017, we'll need to answer for a lot of the mistakes that have been made in the name of a fast go-to-market strategy or lower cost of goods.

We will see an increase in business email compromise attacks, aka "spearphishing" of companies by masquerading as senior executives. The nature of social media and other reconnaissance has brought a rise in sophistication of bogus emails luring companies to wire money at the direction of (bogus) requests from senior company officials. Email credential theft will continue to be in the spotlight. We will see increases in attacks on energy, transportation, and other aspects of our critical infrastructure, and attacks leveraging "IoT" zombie armies will be a new fad. In some cases, the overwhelming traffic from IoT devices will be a smokescreen to hide other attacks designed to steal and exfiltrate data. In other cases, the IoT attacks will be used to disrupt business, communications, and potentially government activities. Key events like tax deadlines, healthcare registration deadlines, and other time-sensitive events will be particularly vulnerable to these disruptive attacks.

Richard Stiennon, Chief Strategy Officer, Blancco Technology Group

In 2017, all records for large distributed Denial of Service attacks will be broken. There will be a major clash between privacy and security, as advances are made on both fronts from various legislative actions. The rise in second-hand electronics will become a data recovery nightmare for both businesses and end users. The Internet of Things will create a morass of personal and corporate data on millions of connected devices. Hackers will turn recent proof of concept exploits into attacks that allow them to mine poorly wiped virtual machines. The triple scourge of ransomware, spear phishing against corporate treasury functions, and direct attacks on central banks will continue to drive investments in new security technology. Nations will continue to make large investments in quantum computing research, with the goal of being the first to engineer a major breakthrough. The winner in this new arms race will have a short-term edge (and leverage) in the world of technology. Now that the gloves are off in state-sponsored information operations against political elections, it will be necessary to watch for more egregious and blatant nation state attacks.

Eddy Bobritsky, CEO, Minerva Labs

2017 will bring us more network connected devices that will generate more alerts to be handled with the same or slightly increased human resources (security professionals and SOC operators) rendering us more vulnerable to malware attacks. Adding to the problem will be attacks that are more directly targeted and far more sophisticated than we have seen before. Organizations will be less interested in replacing existing solutions but rather in creating new automated layers of defense. We will see an increase in Automated Prevention and Automation Response technologies focused on giving organizations the tools they need to deal with emerging threats and to get more out of the human and the technological resources they already have.

Bill Blake, President & Chief Customer Officer, Fasoo

In the past, in the aftermath of major data breaches, organizations looked to manage bad press. Crisis management in 2017 will include a reckoning with the law. Some state officials have already made inroads to enact cyber regulations - in New York for example - looking to hold senior management and board of directors accountable.

Rohyt Belani, CEO, PhishMe

The security industry will realize that we need to think about the present and not just the future. Ransomware and business email compromise (BEC) exploded in 2016, and almost 100 percent of the instances were a result of successful phishing attacks. These will continue to be preferred attack methods for malicious actors because they work, and can cause immediate and lasting damage to organizations. As everything becomes more connected and hackers get smarter, the potential for tried and true methods like phishing to cause damage on a massive scale through IoT devices increases. The security industry will start to realize in 2017 that we need to think about the biggest problems we face now so that they don't affect the future, especially as more industries like healthcare start to be targeted by ransomware and phishing attacks - and then it's not a matter of getting data back, but of life or death.

Mike Raggo, Chief Research Scientist, ZeroFOX

Organized crime groups and foreign attackers will increase their use of social media to target individuals, businesses and government officials. With social acting as a public forum, any information that an organization (company, executives, employees, or customers) shares on social media can lead to a variety of unexpected threats. For example, someone posting that "the men's bathroom is out of order and a repairman will be by this afternoon" can lead to case of social engineering where an imposter arrives for the repair, but has intentions of using the access to pilfer information and infiltrate the organization. With the plethora of information posted constantly to social media - an adversary can target an organization and understand the who, what, where, when, and how; and use this against the company.

Igal Zeifman, Marketing Director, Imperva Incapsula

Mirai was responsible for many high-profile attacks in the second half of 2016. It safe to say that, in 2017, we will continue to see more evolutions of that specific malware type, which will exploit vulnerabilities in IoT devices. We will also witness the expansion of botnet-for-hire industry, facilitated by the existence of the aforementioned effective, easy to use, and widely available malware.

Juan Andrés Guerrero-Saade, Senior Security Expert, Global Research and Analysis Team,Kaspersky Lab

Ephemeral memory-resistant malware, intended for general reconnaissance and the collection of credentials, are likely to be deployed in highly sensitive environments by stealthy attackers keen to avoid arousing suspicion or discovery. As cyberattacks come to play a greater role in international relations, attribution will become a central issue in determining a political course of action - such as retaliation. The pursuit of attribution could result in the risk of more criminals dumping infrastructure or proprietary tools on the open market, or opting for open-source and commercial malware, not to mention the widespread use of misdirection (i.e., false flags) to muddy the waters of attribution.

Michael Patterson, CEO, Plixer International

DDoS mitigation will become a much larger issue in 2017. The combination of the release of Mirai and the IoT space booming with devices spells trouble for the Internet community. Currently the only recourse against DDoS is to engage a traffic scrubbing company. The cost of this service can make it unaffordable for smaller companies, and it may not matter as the size of DDoS attacks could surpass what the vendors can scrub out. Because of this, there will be significant rise in support behind the enforcement of source address validation on major service providers.

Wade Baker, Vice President, Co-Founder, Cyentia Institute

We have started to see increasing momentum up the chain for cybersecurity visibility from the boardroom at large enterprises and within the consumer base. We'll continue to see this shift continue in 2017, especially if it is coupled with high-profile or large-scale attacks. It may take crossing the $1 billion loss marker to cross the line for Boards to actually consider material. Even the largest breaches are minor for many of the victim organizations in terms of percentage of revenue lost. Will 2017 be the year to bump us over the multi-hundreds million-dollar line? An escalating series of one-upmanships - especially for large DDoS attacks - could start to see these larger revenue loss attacks.

Jason Braverman, Chief Innovation Officer, Veridium

There has been an influx in recent testing of mobile payment authentication using facial recognition within the United States, and I expect that this trend will take off as more companies go through successful trials and see high levels of user acceptance. We will also be seeing a significant uptick in biometric integration with wearables, including smartwatches and fitness bands, as well as the Internet of Things. Many new devices are already starting to integrate face and voice recognition, including Amazon's Alexa, and I wouldn't be surprised if we begin to see similar implementations throughout the automotive sector in 2017.

Netta Schmeidler, VP of Product at Morphisec

Ransomware will continue to increase in amount and variety, and employ more sophisticated delivery vectors. Moreover, it could move from a strictly financially-driven crime into attempts to affect strategic outcomes. Just as data was used in an attempt to influence the 2016 US election, ransomware attacks against critical infrastructure or enterprises could be used to influence policy or business decisions. 2016 saw several hospitals attacked - resulting in appointments being cancelled, surgeries postponed and patient information stolen. If IoT attacks reach the health industries we could see even more disruptions, at a more horrific scale: incorrect dosage of medicines, erroneous test results, disruptions to life-saving machinery. Financial sector attacks could move from relatively isolated incidents that resulted in individual banks shutting down online access to a complete halt in national trading. Transportation systems may be immobilized.

Ed Skoudis, Founder, Counter Hack

Hacking and politics will continue to collide. This means some of the unsavory parts of our political parties - both nationally and internationally - will see hacking as a viable method for opposition research. 2017 may also become the year of the IoT recall. We've seen that IoT is a good platform to leverage for DDoS attacks-- weak, poorly managed systems connected to the Internet in vast numbers -- ensuring the attacks will continue for a long period of time. Whether it's to knock off political opposition or cause a competitor to have a bad day, DDoS will reach an unimagined level that nearly noone can handle. Based on the vulnerabilities of IoT devices, we will continue to see products recalled after attacks. 2017 may very well be the year of the IoT recall.

Art Swift, President, prpl Foundation

The Internet of Things will continue to expand in popularity. Business owners will need to understand that security problems don't end with their laptops and phones; the same concerns are valid for any IoT device and the same security rationale must be applied. This is especially true for Internet routers, which are a fixture in just about every office and are usually the first line of defense. Securing your network is possibly the most important security measure a small business owner can take to protect his or her data.

Benjamin Jun, CEO, HVF

Someday we'll look back on the DDoS attacks of 2016 in the same way we look at 'quaint' website defacement attacks of the late 90's. IoT security will become much worse with (1) a lot more devices, (2) connectivity without manual WiFi pairing (think AirDrop for everything), and (3) serious physical consequences when certain devices fail. At such a scale, problems can't be fixed with recalls or device patching. Look for smarter firewalls and home routers that can isolate individual devices and "patch-in-place" at the network layer. Network Access Control will come back into fashion, and even home networks will have local sandboxing capabilities.

Wendy Nather, ‎Principal Security Strategist, Duo Security

We're headed for an IoT botnet fallout. The impressment of Internet-connected devices into botnets amplifies two problems: the inability of consumers to add security that their devices should have had to begin with, and the externality of risk - neither manufacturer nor consumer are currently penalized except in the collective sense (when infrastructure is taken down for many parties). We'll see more pressure to identify and recruit centralized Internet controls to deal with the IoT botnet fallout, such as ISPs filtering traffic, and only then, when their devices stop working, will consumers put enough pressure on manufacturers.

Paul Calatayud, CTO at FireMon

2015 was the year of the breach with some of the biggest breaches to date. 2016 was the year of the CISO, as the focus on addressing these issues became a board level conversation. 2017 will be the year of the employee. When I say an employee, I mean that in multiple ways. Cyber attacks are shifting towards targeting internal employees as cyber defenses are built up and it becomes more difficult for attackers to attack machines. CISOs will need to ensure they renew focus on basic security strategies such as employee awareness. They will also need to go beyond by developing defense and detection strategies in support of insider threats. My second prediction for 2017 is that cyber personnel will become a rare commodity like we have never seen before. Organizations have received the message, and are staffing and investing, but that demand generates a supply that is not available.

Like this column? Sign up to subscribe to email alerts and you'll never miss a post.

No comments: