8 Predictions About How the Security Industry Will Fare in 2017

As 2016 begins to wind down, security professionals are taking stock of the cyber-landscape and determining whether IT security will fare any better in 2017.

Most malware is dumb, but this is changing. Threats are getting smarter and increasingly are able to operate autonomously. In the coming year, we expect to see malware designed with adaptive, success-based learning to improve the efficacy of attacks. Autonomous malware designed to spread proactively between platforms can have a devastating effect on our increasing reliance on connected devices to automate and perform everyday tasks.

The potential attack surface is expanding as cloud-based technology accelerates. The weakest link in cloud security, however, is not in its architecture; it lies in the millions of remote devices accessing cloud resources. Expect to see the injection of malware into cloud-based offerings by compromised endpoint clients, a process known as cloud poisoning. If cloud-based environments and solutions are found untrustworthy, the effect could be a dramatic slowdown in current migration to the cloud and the resulting evolution of network infrastructures.

We are in the middle of a perfect storm. IoT is a huge machine-to-machine attack surface and growing, yet built using highly vulnerable code and distributed by vendors with literally no security strategy. In addition, the internet, which was designed to be open, is being plundered by people who have no moral compass. Attacks targeting IoT devices will become more sophisticated and will be designed to exploit the weaknesses in the IoT communications and data-gathering chain, including a rise of the Shadownet, the development of an IoT Deepweb and supply-chain poisoning.

IoT is a cornerstone of the digital revolution, but IoT manufacturers have flooded the market with highly insecure devices. Unless IoT manufacturers take immediate and direct action, it’s a good bet they will be targeted by legislation holding them accountable for security breaches related to their products.

Smart cities will drive sustainable economic development. However, building automation and management systems will be prime targets for hackers. A significant disruption of smart cities’ evolution will have serious, far-reaching economic consequences across multiple industries.

Expect to see very focused cyber-attacks attacks against high-profile targets such as celebrities, political figures and large organizations. In addition to locking down systems, these attacks are likely to include the collection of sensitive or personal data that can be used to extort or blackmail the victims. Organizations that are impacted by ransomware and other ransom-based attacks—especially if personal information is impacted—need to be held accountable for not being adequately secure, beyond fines that can be rolled into the cost of doing business.

The current shortage of skilled cyber-security professionals means that many organizations looking to participate in the digital economy will find alternatives to in-house expertise. Savvy organizations instead will turn to security consulting services that can guide them through the labyrinth of security, or to managed security services providers, or MSSPs, which can provide turnkey security solutions. Or, they will simply move the bulk of their infrastructure to the cloud, where they can add security services with a few clicks of a mouse.

Security vendors must rethink their traditional siloed approach to developing security tools. The goal historically has been to build a fortress against an invisible enemy. But with highly fluid, multi-platform networks, that approach needs to change. Today’s security needs to start with visibility, and then dynamically build an integrated and adaptable security framework around that intelligence. Vendors that cannot adapt to the scope and scale of the borderless digital economy and the evolving requirements of today’s digital businesses will fail.