Cyber Security Predictions for 2017 – the threats and trends you need to know about
As we move into the new year, many experts are making cyber security predictions for 2017. As more of our day to day activities take place online, cybercrime has unfortunately become part of our daily lives. 2016 saw cyber security repeatedly hit the headlines with many high-profile attacks against businesses and nations. Companies, hospitals and universities were hit by ransomware and presidential campaigns were targeted with data leaks.
We’re not likely to see this slow down any time soon, and predictions for the future of the cyber security industry will affect us all.
The global cost of cyber attacks currently sits at an estimated $400 billion per year (with projections of $2.1 trillion by 2019). The industry has seen a consistent evolution in threats over the past couple of years, particularly in mobile malware and ransomware. This year, the three primary concerns for businesses were viruses and ransomware, foreign cyber-attacks and both internal and external threats.The global cost of cyber attacks currently sits at an estimated $400 billion per year Click To Tweet
Anticipating and preparing for emerging cybersecurity trends is key to protecting consumers and companies. What trends and threats should we be on the lookout for in the year ahead? Here’s our Cyber Security Predictions for 2017:
Experts generally agree on 2017’s cyber security predictions: malware sophistication will continue to evolve and as the cybercrime market develops, more bespoke attack tools will emerge. 2016 examples included Project Sauron (also known as “Strider”) – a top level cyber-espionage platform, which when analysed by Kaspersky Labs, was found to show customised variants to each victim. Malware platforms such as this leave little for investigation, with little insight for similar attacks. As a consequence Advanced Persistent Threats (APTs) can be difficult to identify, often going undetected for many years. Strains of the same malware can also be used in multiple campaigns and as a consequence “APT related incidents” have become more prominent . All of this supports cyber security experts predictions of malware continuing to become more sophisticated in 2017.
Mobile malware continues to increase both in sophistication and volume (in line with mobile usage). However, enterprise level security for mobiles is lagging behind endpoint security. While the volume of the attacks has increased, the value of the data is low, so the impact of an attack is not as broad as with other devices.
When making predictions for cyber security in 2017, it’s impossible to ignore one of the most feared threats that has dominated headlines this year. Ransomware attacks have become increasingly mainstream, with the FBI reporting $209 million dollars being extorted from businesses and institutions in the first 3 months of 2016. It’s predicted that this will continue to remain an important threat in 2017 and beyond, simply because it remains an effective business model for cyber criminals.
Data is a key bargaining chip in cyberattacks, and there are fears that the new EU General Data Protection Regulation (GDPR), due to come into force in 2018, might present further opportunities to turn ransomware into a lucrative extortion because of the legal and financial consequences of a data breach that the regulations will enforce. GDPR will carry fines running up to 20 million euros or 4% of a company’s annual worldwide turnover (whichever is greater), so the consequences could be devastating for businesses.
There is little to fight against ransomware once the attack has taken place, and the best solution is still prevention. Fortunately, preventative measures are not complicated and up to 80% of risk can be eliminated through following the basic security measures found in the UK Cyber Essentials scheme. You can either apply these security measures manually or automate the process to accelerate protection (using paid or free tools such as our free Risk Assessment Tool which you can download here.)
Cyber security experts predict that the ‘Snapchat of malware’ will continue to haunt 2017. Among sophisticated malware used in targeted attacks ghostware, the malware that deletes itself off the system once identified, is on the rise. Just like the social app that makes photos disappear after they’ve been viewed, ghostware is programmed to remove itself from an infected system, leaving no tracks for investigation.
Two motivations are driving this. Firstly, detection and digital forensics on post attack data can give investigators valuable information about the criminals behind it. Secondly, threat intelligence analysts looking for ways to reverse-engineer malware and render it unusable.
Due to recent developments in forensic analysis and threat-detection, malicious actors are taking actions against being caught and having their tools reverse-engineered. This has led to developments in ghostware and we predict a rise in this sophisticated malware in 2017.
Internet of Things
IoT is developing rapidly, but so are the threats that come with it, making this another major concern in cyber security predictions for 2017. Access to greater networks of connected devices with little security makes it very easy for attackers to gather huge botnets by setting the devices up to forward transmissions (including spam and viruses) to other connected devices, without the owner knowing.
These “zombie armies” of connected devices can then be leveraged in Distributed Denial of Service attacks. A DDoS attack is easy to launch as it does not require in-depth understanding of malware or defence systems. The largest DDoS attack was recorded in 2016 against cybercrime researcher and journalist Brian Krebs. The assault forced hosting provider Akamai Technologies to withdraw its pro-bono support. Investigation showed that a large number of IoT devices were hijacked as botnets to carry out the attack.
The National Institute of Standards and Technology (NIST) and the Department of Homeland Security (DHS) have brought out complementary guidance on securing the Internet of Things. In its 257-page Special Publication 800-160, NIST urges organisations to address security throughout the engineering process.
Meanwhile DHS focuses on the basics and makes practical recommendations such as enable security by default and use automated mechanisms to identify and address vulnerabilities. It also includes a red-teaming exercise, which can easily be achieved with an in-depth configuration audit.
As homes become smarter and more devices become connected, it’s becoming harder to ignore the security risks associated with IoT, which is why this area dominates cyber security predictions for 2017 and many industry experts are calling for action.
Regulations feature heavily in industry experts’ predictions for cyber security in 2017, and compliance is on the rise.
The US and EU have so far driven cyber security regulation, with the European General Data Protection Regulation (EU GDPR) set to supersede national laws when it is introduced in 2018. In the UK, the government has recently introduced Cyber Essentials which has been shown to mitigate 99% of vulnerabilities in a recent study in a context of 200 vulnerabilities across 4 different network setups.UK Government's #CyberEssentials scheme has been shown to mitigate 99% of cyber security risks. Click To Tweet
Globally, countries are looking to negotiate the regulatory landscape to ensure trade cooperation. Asia is catching up with significant measures introduced in China, South Korea and Singapore. China has recently changed stance on cyber security standards in the interest of global commerce and has agreed to align its policies with international ones.
Regulations are taking a top down approach in the private sector, with contractors and major organisations forcing suppliers to bring certifications and audits up to speed. It’s likely that there will be more pressure on creating secure supply-chains in the year ahead.
According to 2017 cyber security predictions, information sharing will become more structured. Consolidation of the cybercrime market led to an efficient information-exchange network. In turn we will see more initiatives of threat sharing in the cyber security industry as well. Sharing programs have taken off throughout 2016 and they will mature into more efficient tools. The Information Sharing and Analysis Organisations (ISAOs) is one of these initiatives; a new type of group that started in February 2015 when US President Barack Obama issued an Executive Order to promote private sector cyber security information. Since its launch numerous public and private sectors have formed ISAOs or are planning to in the near future.
Meanwhile, the European Union has approved a Network and Information Security Directive that lays out similar initiatives to better collaboration.
Industry experts have a whole host of cyber security predictions for 2017, and it’s clear that cyber security threats will continue to grow and affect us all, as cyber security is starting to play a more important role in our daily lives, international politics and areas beyond just “big business”.
Aside from major financial loss, cyber attacks can have devastating effects. The cyber intrusions and leaked emails in the lead up to the US election in 2016 may have influenced the results in ways not yet fully grasped, and on a personal level the infamous attack on infidelity website Ashley Madison resulting in broken marriages and emotional damage for thousands of users. These examples show how the repercussions of cyber attacks extend beyond just financial losses.
As cybercrime continue to rise, with increasing financial, legal and social implications, effective security is more important than ever.
In our experience, security is a process best enabled by automated tools and regular auditing. It demands efficiency and a good application to business practices. As cyber security predictions say that the estimated global cost of cyber attacks annually is expected to rise to $2.1 trillion by 2019, organisations worldwide are waking up to the imminent threat of a possible breach.
Titania’s award winning software is the solution of choice in over 80 countries worldwide, and can help you find your vulnerabilities before hackers do. Download your free trial of Nipper Studio today.