This posting presents information about some of the IT and Cyber-Security events forecasted to happen in 2017.
As members of organizational risk management and IT security teams have planned and are now executing their 2017 strategies of risk mitigation — it is a good time to review some of the most popular and potential predictions of IT and cyber-security-related threats happening in 2017.
In other words, now is the time to review and evaluate your organization’s cyber-security practices.
After reviewing many of the predictions expressed on the internet and from our reader’s inputs to this website, our staff would like to present:
(1) some general areas of risk related activities that stand a good chance of happening in 2017; and
(2) some forecasts presented by some of the largest IT security related companies regarding what they see to be the range of trends and 2017 cyber-security related predictions worth noting.
Cyber-Security Threats in 2017
The following are forecasts of what general cyber-security related events might well happen in 2017:
- The Internet of Things (IoT) – everything from toy drones to routers – will come under government cyber security scrutiny and require manufacturers to tighten security,
- Adaptive and behavior-based authentication will grow in importance,
- This “Tor v2”-type experience will start to be included in most releases of Google software, and will move the industry toward a network that is fully encrypted and clear-text at all times,
- Compliance concerns will drive growth in the endpoint and device market,
- Continued exploits of know vulnerabilities, and
- Continued and expanding attacks targeting cloud management platforms, workloads and enterprise SaaS applications.
Top Cyber-Security Related Predictions for 2017 by Company
For our readers who want to see more specific areas and details of upcoming cyber-security related incident forecasts in 2017, we present the following predictions by company:
McAfee — This excellent white paper (in PDF format) offered by McAfee covers a wide range of trends and 2017 predictions that are worth noting.
Here are a few highlights from their predictions:
– Ransomware will remain a very significant threat until the second half of 2017.
– “Drone jacking” places threats in the sky
– IoT malware opens a backdoor into the home
– Machine learning accelerates social engineering attacks
– The explosion in fake ads and purchased “likes” erodes trust
– Hacktivists expose privacy issues
– Threat intelligence sharing makes great strides
Symantec — the three lists of predictions that are offered by Symantec are very similar to the lists offered by others, but as in all of these cited predictions, we recommend that you pursue more of the details offered at each of their websites:
Cloud Generation dynamics define the future of the enterprise
– The enterprise network will expand and become increasingly undefined and diffuse.
– Ransomware will attack the cloud.
– AI/machine learning will require sophisticated big data capabilities.
Cybercrime becomes mainstream
– Rogue nation states will finance themselves by stealing money.
– “File less” malware will increase.
– Secure Sockets Layer (SSL) abuse will lead to increased phishing sites using HTTPS.
– Drones will be used for espionage and explosive attacks.
IoT comes to enterprise business
– The proliferation of the Cloud Generation.
– IoT devices will increasingly penetrate the enterprise, leading to increased IoT DDoS attacks.
Forcepoint — there are 10 Forcepoint predictions, and like many other companies, they offer a webcast and a downloadable document with details.
A few of their highlights include:
– Compliance & Data Protection Convergence — 2017 will be the final full year before the European Union’s (EU) General Data Protection Regulation (GDPR) is a legal requirement.
– Rise of the Corporate Incentivized Insider Threat — a new corporate-incentivized insider threat may clash with customer data, corporate profit and other performance goals, forcing businesses to re-evaluate their corporate environments and growth strategies.
– Voice-first Platforms & Command Sharing — the rise of voice-activated AI to access Web, data and apps will open up creative new attack vectors and data privacy concerns.
Trend Micro — the list of eight security predictions offered by Trend Micro doesn’t contain any “wows,” but the explanations are again very helpful, offering in-depth explanations.
FireEye — a slightly different approach was taken by FireEye this year. They offer good questions and related answers regarding 2017.
Here are a few highlights:
-“In 2017, cyber security battles may favor criminals even more as the Internet of Things (IoT) continues to expand possible avenues of attack.
-The 2017 security predictions from FireEye include insights on:
– What investments security organizations will make in 2017.
– Which industry or type of organization might unexpectedly become a target of threat groups in 2017?
– How threat groups will continue to target industrial control systems (ICS) in the near future?
Kaspersky — Kaspersky Lab predicts that 2017 will continue to see the commodification of financial attacks.
Palo Alto Networks — The list of Palo Alto predictions for 2017 is impressive. Their items are divided into “sure things” and “longshots.” They cover many cyberareas, including our cybertalent shortage.
– A few ‘sure things’ include: “Recruiters Search for Cyber Talent Outside of Security” and “The need for non-technical security professionals will also increase.”
– Longshots include: “Companies acquire other organizations to inherit talent.”
Imperva — there has consistently been a good list of predictions from Imperva over the years. This year they offer:
– Botnet of Things
– Ghosts from the past
– Cyber Fatigue
Beyond Trust — there are 10 cybersecurity predictions offered by Beyond Trust. They lead with this bold item: “The first nation state cyber-attack will be conducted and acknowledged as an act of war.”
They also list Tor v2, cloud-based attacks, and: “Behavioral technologies, such as pressure, typing speed and fingerprints, will be embedded into newly-released technologies.”
Forrester — The list of 2017 predictions from Forrester covers every major enterprise area, but details need to be purchased. In the cybersecurity area, they predict that risks will intensify.
Gartner — Always known for their ability to put next percentages next to their predictions, Gartner offered these free security predictions regarding the next 2-4 years several months back. More recently, Gartner offers these free mobile security predictions — with advice attached.
If you found this information useful and relevant to some of the cyber-security related threats being discussed in your company, please pass this along to those members of your company’s risk management and IT security teams.
Please share some of your own discovered cyber-security related risks and threats by posting your comments to this article.
by: Ben J. Carnevale, Contributing Editor