2016 has been tabbed as the “Year of Ransomware.” So, what will 2017 bring? It’s looking like ransomware and extortion attacks, Internet of Things (IoT) attacks, and internal threats will continue to escalate. In turn, defense against cybersecurity threats will increase, which will result in cybersecurity spending being at an all-time high. Cybersecurity will no long be an afterthought; it will become a priority for businesses.
Ransomware and Extortion Attacks
The explosion of ransomware in 2016 is only the beginning of what’s to come in 2017 and beyond. The days of single-target ransomware is a thing of the past. Next-generation ransomware variants will carry ransomware payloads capable of infecting hundreds of machines in an incredibly short period of time. Look at the San Francisco Municipal Transport Agency attack, where over 2,000 systems were completely locked down with ransomware. It’s likely that this attack spread on its own as a self-programming worm. As cybercriminals become more sophisticated with their attacks, there’s a good chance these attacks will be more common and much more expensive for the victims.
Devices are becoming more internet-enabled and accessible every day, yet security measures in place continue to lag, even though the risks are at an all-time high. Aside from the obvious attacks on consumer IoT devices, there appears to be a growing threat to industrial and municipal IoT as well. Leading manufacturers and power grid producers are currently transitioning to Industry 4.0, an automation and data exchange manufacturing technology which includes cyber-physical systems, the IoT, and cloud computing. The IoT devices run the risk of being used to attack other devices, and their vulnerabilities leave them open to being used against industrial organizations operating critical infrastructure. This can lead to the theft of intellectual property, collecting competitive intelligence, and even the disruption or destruction of critical infrastructure. With the potential scale of these attacks becoming larger, industrial firms still don’t have the skills necessary to deal with real-time web attacks, which can cause long-lasting, damaging results.
The DDoS attack on Dyn on October 21st and the ripple effect it created opened the eyes to the importance of cybersecurity within the IoT marketplace. While vendors will continue to work on security precautions, cybercriminals will continue to increase the ways to leverage IoT devices for their own malicious purposes. We should expect creative new IoT hack services to continue to grow in number and severity, as far as consequences.
Organizations are adopting more effective strategies to deal with malware; thus, cybercriminals are adopting more sophisticated ways to infiltrate your networks. Legitimate credentials and software are the next big way for attackers to do so. Think physical insiders and credential theft.
One of the biggest challenges with cyberattacks is how businesses think threats can be filtered at the perimeter. Be warned, attackers are aware of how to directly target users and endpoints using social engineering. As opposed to chasing threats, businesses need to be more proactive in thinking about how to reduce attacks on the surface. With an increasingly mobile workforce and threats coming from both personal and business devices, the impact of perimeter defenses has decreased. Instead, security needs to be built from the endpoints outwards.
Cybersecurity Defenses and Spending
2017 will be a critical year for cybersecurity. As we talked about in an earlier article, cybersecurity spending is projected to surpass $100 billion by 2020. This number is minuscule in comparison to the predicted cost of data breaches by this time. Juniper Research predicted that the rapid digitization of consumers’ lives will increase the cost of data breaches to $2.1 TRILLION by the end of 2019.Security is part of every business, and IT discussion regarding this topic has become more important than ever. The issue includes physical security; securing the business, people, and assets, and the network and data as well. We will see an increase in video surveillance for both the government and private businesses. As individuals become more aware of the ever-prevalent threat to their IoT devices, manufacturers need to improve their security before people fully welcome these devices into their homes and lifestyles. Consumers and businesses are getting smarter, and security vendors will be held more accountable for keeping them safe.