We saw a lot happen in information security over the course of 2016. Some of these events, like the distributed denial-of-service (DDoS) attacks that struck Dyn and Russia’s hacking of the DNC, made the public care about digital security as never before. Those incidents changed the national discourse on information security. As such, they shifted the security community’s focus, particularly with regards to what issues infosec pros feel will consume their time in 2017.
2016 was a busy year for the security community, but 2017 promises to be even busier. Here is what some infosec experts feel the new year will look like.
Tyler Reguly, manager of software development | @treguly
For the past two years, several major vendors have regressed in their security offerings and security responsiveness. This has made it more difficult for organizations that rely on their products and solutions to maintain a strong security posture. It seems like a safe bet that given these paradoxical changes, 2017 will be the year that we see a major breach due to the lackadaisical stance they’ve taken on security. Unfortunately, a major breach may serve as a wake-up call for organizations to once again take security seriously.
Bob Covello, infosec analyst | @BobCovello
Predictions are always fascinating. No one holds you to them, the truly bizarre ones offer a good laugh, and if you get one right, you look like a wizard.
Here are a few of my predictions for the New Year:
Ransomware’s changing business model
As we recently saw with the “Popcorn Time” ransomware, the authors of this new strain will give you the encryption key if you pass the infection on to two other people. I predict that this new “business model” will change and future strains of ransomware will offer the decryption key as well as part of the profits to anyone who passes the infection along. Spread the infection and get ¼ of the ransom. That sort of deal. The Popcorn Time model of merely getting one’s files back by passing along the ransomware may not be as good a motivator as a financial incentive. Ah, the strange honor among thieves.
Social network multi-factor or bust
In an effort to stop the constant and sometimes embarrassing hijacks of people’s social media accounts, I believe at least one of the social media giants will institute a mandatory multi-factor authentication policy. This will not hurt any of the social media giants financially, as they will still retain all the information of their subscribers.
Threat Intelligence vendors awaken
My last prediction is that threat intelligence vendors will awaken to the value of true crowd-sourcing. Rather than compete against each other and market their product as having the “better threat feed”, they will start to share their threat feeds amongst each other. The value of each individual product will be determined by its ease of use, its applicability to a specific industry vertical, and its integration with other security mechanisms.
Lamar Bailey, senior director of security R&D | @btle310
I believe 2017 will see the return of the worm. The inherit insecurity of most Internet of Things (IoT) devices, which is due to the fact IoT vendors value time-to-market over security, makes them ripe for exploit. Consumers are buying and installing these devices in record numbers to make their life easier, but in many cases, they are unknowingly opening their homes to surveillance and control.
In addition, the medical industry will see a large push in network and physical security in medical facilities. Many of the medical devices are moving to wireless communication so they can be monitored from central command centers, but this leaves their communications open to man-in-the-middle (MitM) and DOS attacks. These wireless signals reach beyond the physical barriers to patient rooms and ICU areas, so the physical security will need to be addressed because people can walk around many of the facilities without so much as a second look.
Patrick Miller, managing partner | @PatrickCMiller
I predict data breaches, distributed denial-of-service (DDoS) attacks, cyber espionage, and other large-scale security issues will continue in pace with Moore’s Law from all directions. Security failure fatigue will happen. This will lead to lower trust in the systems – and by proxy, the companies and governments that use them. Lower trust will make consumers, companies and governments very noisy about the situation. This will lead to presidential directives and legislation as a knee-jerk reaction not just in the United States but globally. These directives and legislation will be hasty and burdened with political attachments/agendas, motives which will do little to solve the problem of security.
Market forces will try to balance the situation, an effort which will drive security spending up but with weak metrics for success. It will be erratic and inconsistent as everyone “guesses” at the right approach and wastes lots of money in the process. (This will almost certainly be the case if the market direction is different than that of the national political agenda.)
In the meantime, organizations that have taken security seriously in the past and can prove it with solid metrics will begin to be the security bellwethers, but they will also be the targets for anyone with an axe to grind. By the end of 2017, we will be only marginally better at security than we are today, but we may understand what the bottom of the barrel looks like. Knowing where the bottom is will help us understand how not to stay there. So, overall, a positive outlook for the year ahead.
Tim Erlin, senior director security and risk | @terlin
My first prediction is that state-sponsored cyberattacks will dramatically increase in 2017. With the changing political climate in both the United States and Europe, a further polarized world will result in increased cyber-attacks. We will see more press and coverage of state-sponsored activities as well as increasing confusion around attack attribution and response.
My second prediction is that a major cloud provider will experience a significant compromise. The cloud is old news, but as the use and complexity of services offered increases, at least one provider will put themselves at significant risk and experience a compromise of their infrastructure or systems. The complexity and do-it-yourself nature of native cloud implementation will drive the initial incident as well as a corresponding increase in attention on securing native cloud services and applications.