18 Predictions About How the Security Industry Will Fare in 2017
2Automated Attacks Will Demand More Intelligence Defense
Most malware is dumb, but this is changing. Threats are getting smarter and increasingly are able to operate autonomously. In the coming year, we expect to see malware designed with adaptive, success-based learning to improve the efficacy of attacks. Autonomous malware designed to spread proactively between platforms can have a devastating effect on our increasing reliance on connected devices to automate and perform everyday tasks.
320 Billion IoT Devices are Weakest Links to Securing Clouds
The potential attack surface is expanding as cloud-based technology accelerates. The weakest link in cloud security, however, is not in its architecture; it lies in the millions of remote devices accessing cloud resources. Expect to see the injection of malware into cloud-based offerings by compromised endpoint clients, a process known as cloud poisoning. If cloud-based environments and solutions are found untrustworthy, the effect could be a dramatic slowdown in current migration to the cloud and the resulting evolution of network infrastructures.
4IoT Manufacturers Will Be Held Accountable for Security Breaches
We are in the middle of a perfect storm. IoT is a huge machine-to-machine attack surface and growing, yet built using highly vulnerable code and distributed by vendors with literally no security strategy. In addition, the internet, which was designed to be open, is being plundered by people who have no moral compass. Attacks targeting IoT devices will become more sophisticated and will be designed to exploit the weaknesses in the IoT communications and data-gathering chain, including a rise of the Shadownet, the development of an IoT Deepweb and supply-chain poisoning.
5IoT Device Makers Must Get Security Under Control Now
IoT is a cornerstone of the digital revolution, but IoT manufacturers have flooded the market with highly insecure devices. Unless IoT manufacturers take immediate and direct action, it’s a good bet they will be targeted by legislation holding them accountable for security breaches related to their products.
6Attackers Will Begin to Turn Up the Heat in Smart Cities
7Ransomware is Merely the Gateway Malware
Expect to see very focused cyber-attacks attacks against high-profile targets such as celebrities, political figures and large organizations. In addition to locking down systems, these attacks are likely to include the collection of sensitive or personal data that can be used to extort or blackmail the victims. Organizations that are impacted by ransomware and other ransom-based attacks—especially if personal information is impacted—need to be held accountable for not being adequately secure, beyond fines that can be rolled into the cost of doing business.
8IT Needs to Close Gap on Critical Cyber-Skills Shortage
The current shortage of skilled cyber-security professionals means that many organizations looking to participate in the digital economy will find alternatives to in-house expertise. Savvy organizations instead will turn to security consulting services that can guide them through the labyrinth of security, or to managed security services providers, or MSSPs, which can provide turnkey security solutions. Or, they will simply move the bulk of their infrastructure to the cloud, where they can add security services with a few clicks of a mouse.
9Security Tools Will Need a Complete Revamp
Security vendors must rethink their traditional siloed approach to developing security tools. The goal historically has been to build a fortress against an invisible enemy. But with highly fluid, multi-platform networks, that approach needs to change. Today’s security needs to start with visibility, and then dynamically build an integrated and adaptable security framework around that intelligence. Vendors that cannot adapt to the scope and scale of the borderless digital economy and the evolving requirements of today’s digital businesses will fail.