Every year, our industry is bombarded with new technologies, new methods of attacks and hacks, and new terminology. It’s a constantly changing industry, and as a professional within the midst of it, it’s important to be staying up to date. Here are a few of the top security predictions for this upcoming year:
Internet of Things (IoT) will be hit hard
This should not come as much of a surprise, but everything from consumer devices, medical devices, automobiles and more will be hit hard with malicious attacks, due to their limited computing power and the firmware running on them, which in many cases can’t be patched or updated. This will get much worse in 2017, given that too many organizations still aren’t inspecting their most commonly used apps for malware, enabling everything from DDoS attacks to Trojans to serving as entry points into enterprise networks for other attacks like ransomware and APTs. Companies successfully creating IoT devices will be those that can code their own solutions to ensure their products are secure.
Here are 5 great tips for implementing IoT security in the upcoming year.
It’s becoming a rookie’s game
Rookie “hacktivists” and hobby hackers are increasingly jumping into the cyber hacking game, driven by pop-culture references and increased media attention. They are hitting with nuisance attacks like web defacement and port scans, or more damaging attacks through DDoS as a service and Ransomware as a Service (RaaS). While these rookies won’t have the skills for lateral movement, their attacks could be costly and cause reputational damage to the company brand.
DDoS is getting even bigger
DDoS attacks on firepower in 2016 increased to extreme levels, rising from 400Gbps bandwidth to 1Tbps or more becoming the norm, thanks to millions of IoT devices lacking even basic security (see the first point above). These attacks require specialized protection that very few organizations can provide. Professionals are predicting that DDoS firepower will be used sometime in 2017 to take down critical infrastructure and even the internet infrastructure of whole countries in support of a physical military attack. Make sure your business is recognizing and preventing these DDoS attacks in 2017.
Politics will be a mess
From Russia’s suspected role in seeking to interfere with the US presidential election to WikiLeaks-style releases of embarrassing photos and corporate documents to take down specific politicians or parties, we will likely continue to see messy politics in the upcoming years. Hacking will become a common technique for opposition research that will trickle down from the presidential election to House, Senate and state contests. The damage to public figures could range from embarrassment, like the hack of the Democratic National Committee, to physical danger from the use of location data to launch a physical attack. The US response will become more aggressive, to include not just cyber tactics but also diplomatic, law enforcement, economic and other policy means.
Terror attacks are moving online
Takedowns of traffic lights, portions of the power grid, water systems, etc.—terror attacks are moving online. They might not cause catastrophic damage, but they will disrupt daily life. But in some cases, the damage could be significant, through the use of data forgery. In response, we will likely see a major retaliatory cyber action from the US government. But because of attribution difficulty with cyberattacks, made even more difficult through the widespread use of misdirection (generally known as false flags) there will be considerable ambiguity about the attacker’s identity.
Interested in hearing more security predictions for 2017 and how US national security plans to respond? Don’t miss the first keynote of our Secure360 Twin Cities 2017 event, happening on Tuesday, May 16 and presented by Juliette N. Kayye, national security and foreign policy columnist for the Boston Globe and lecturer in public policy at Harvard’s Kennedy School of Government. Her keynote presentation will be covering The U.S. national security apparatus and how it responds to changing threats.