This is the time of the year everyone writes either a year in review article, or a what’s coming in the new year post. Guess which one this is? I’ve been reading the pundits, and considering my own findings as a cybersecurity professional. I pulled together the following list for your review, and to help you plan where to spend your time, talent, and budget in 2017.
- Continued issues with crypto-ransomware in 2017 may be mitigated by advances from several security software companies in creating products to detect and stop malicious encryption of files.
- If crypto-ransomware stops being a money-maker for cyber-criminal gangs, expect to see an increase in “business email compromise” exploits.
- Phishing will continue to be the top access exploit method as attackers get more targeted and sophisticated in their approach.
- Identity theft will continue to be a problem, as the number of data breaches continues to increase.
- There will be an increasing use of encryption not just for data in transit, but also to records at rest in servers, NAS, SANs and other storage locations.
- There will be an increase in the number and power of bot-nets utilizing insecure IoT devices for exploits such as distributed denial-of service (DDoS) attacks.
- More companies will purchase cyber-insurance, and some companies will find themselves mandated to do so but a regulatory agency or business partner.
- If your company is part of a larger company’s supply chain, expect requirements from them about creating a cybersecurity program.
- If your company develops software, your clients will require that security be designed in from the start. DevOpsSec will become part of your development environment.
- While traditional perimeter and endpoint defenses will continue, expect to see activity around “mid-point” or internal network security that includes traffic monitoring, behavior analysis, and anomaly detection.
- Increased activity by nation states in cyber-war attacks. Some of these campaigns will have adverse effects on businesses and civilians.
- President-elect Trump appears to favor stronger cybersecurity efforts, which may translate into less privacy and more government intrusion. Or it may mean more funding for Cyber Command and the NSA.
These are issues that you can count on encountering in the new year. Plan accordingly.