What's Next For Enterprise Security In 2017?
In this second of three posts on security threats, we outline how the cyber security threat landscape is expected to change in 2017.
Predictions of cyber doom don’t come much bigger than this. Security intelligence and analytics company LogRhythm believes the whole Internet could go down for a whole day in 2017. And if the Internet grows down, LogRhythm adds, the waves of damage in our increasingly tech-dependent world will have unprecedented consequences including the tanking of financial markets.
Last year’s high-profile distributed denial of service attacks on the likes of domain name service provider Dyn and security expert Brian Krebs were just dry runs for larger attacks, LogRhythm’s CIO James Carder told Business Insider mid December. The involvement of nation-states have been suspected in both incidents.
Alex Younger, the head of the UK’s secret intelligence service MI6, warned December 8th, 2016 that cyber attacks, propaganda, and subversion by hostile foreign states pose a "fundamental threat" to democracies. In a speech at MI6 headquarters in Vauxhall Cross, London, he said “The connectivity that is at the heart of globalization can be exploited by states with hostile intent to further their aims deniably.”
Although by no means all threats are backed by nation states, that’s a clear warning to all of us that we need to pay more attention to security in 2017. It’s not the only sounding of alarm.
Credit-rating agency Experian echoes Younger’s sentiments in its 2017 Data Breach Industry Forecast, saying that it expects nation-state cyber attacks to move from espionage to war, leaving individuals and organizations exposed to collateral damage.
It also predicts the series of thefts of log-in credentials of the past few years will lead to further data breaches and that this will expedite the death of the password, forcing individuals and organizations to lose their complacency and accelerate the move towards two-stage security procedures.
3 major IT security themes to unfold in 2017
According The not-for-profit Information Security Forum:
1. The rush to adopt new technologies, often ignoring or not taking sufficiently seriously security implications, will dramatically expand the threat landscape, says ISF.
Our ability to protect ourselves will become progressively compromised as the complexity of the IT landscape develops. And governments will become increasingly interventionist as the technical capabilities of cyber criminals—possibly aided and abetted by governments—surpass those of most organizations.
For Intel subsidiary McAfee, the rapid adoption of the Internet of Things will pose particular problems to all sorts of organizations. Internet of Things devices, notes McAfee, typically have very little memory or computing capacity. Also, the proliferation of operating systems and device types is stretching beyond the ability of security vendors to respond, and long lifecycle components in industries such as automotive and critical infrastructure cannot be readily updated.
All this means that the future of cybersecurity must take place in an increasingly agentless security world, says McAfee. The anti-virus and firewall approach will soon become a thing of the past, it adds.
Chip designers are already enhancing hardware-level security, memory protection, and trusted execution environments. And by increasing the use of predictive analytics, improving security visibility with both organizational assets and decentralized data, and reducing the use of dedicated agents, there will be a significant increase in threat defense effectiveness, says McAfee.
2. McAfee also predicts that advanced adversaries such as nation-state attackers will turn increasingly to vulnerabilities in hardware and firmware. And McAfee expects cyber criminals to make more use of machine learning to enhance socially engineered attacks, all marking a major uptick in the capabilities of the black hats.
But it’s not all doom and gloom. In some good news, McAfee expects that the vulnerabilities in several of the most common apps will drop in 2017 as vendors tackle them. And that incidents of ransomware demands will subside as initiatives such as the “No More Ransom!” collaboration, the development and release of anti-ransomware technologies, and continued law enforcement actions gain impact.
3. There will also be greater cooperation between security vendors and law enforcement in 2017 in a concerted effort to take down cyber criminals, says McAfee. And major advances in threat intelligence sharing among targets.
2017 promises to be another tough year for those in cyber security. But it could also prove to be a turning point as fundamental changes take place in the way we view and the way we tackle security.
In the final of our three posts on the evolving security landscape, we sample expert advice on what we can do to protect ourselves in 2017.All Posts In This Series: