Crystal Ball Gazing for 2017

This is the time of the year everyone writes either a year in review article, or a what’s coming in the new year post.  Guess which one this is?  I’ve been reading the pundits, and considering my own findings as a cybersecurity professional.  I pulled together the following list for your review, and to help you plan where to spend your time, talent, and budget in 2017.

  • Continued issues with crypto-ransomware in 2017 may be mitigated by advances from several security software companies in creating products to detect and stop malicious encryption of files.
  • If crypto-ransomware stops being a money-maker for cyber-criminal gangs, expect to see an increase in “business email compromise” exploits.
  • Phishing will continue to be the top access exploit method as attackers get more targeted and sophisticated in their approach.
  • Identity theft will continue to be a problem, as the number of data breaches continues to increase.
  • There will be an increasing use of encryption not just for data in transit, but also to records at rest in servers, NAS, SANs and other storage locations.
  • There will be an increase in the number and power of bot-nets utilizing insecure IoT devices for exploits such as distributed denial-of service (DDoS) attacks.
  • More companies will purchase cyber-insurance, and some companies will find themselves mandated to do so but a regulatory agency or business partner.
  • If your company is part of a larger company’s supply chain, expect requirements from them about creating a cybersecurity program.
  • If your company develops software, your clients will require that security be designed in from the start.  DevOpsSec will become part of your development environment.
  • While traditional perimeter and endpoint defenses will continue, expect to see activity around “mid-point” or internal network security that includes traffic monitoring, behavior analysis, and anomaly detection.
  • Increased activity by nation states in cyber-war attacks.  Some of these campaigns will have adverse effects on businesses and civilians.
  • President-elect Trump appears to favor stronger cybersecurity efforts, which may translate into less privacy and more government intrusion.  Or it may mean more funding for Cyber Command and the NSA.

These are issues that you can count on encountering in the new year.  Plan accordingly.



About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Serving small business owners in the St Paul, Minneapolis, and western Wisconsin area since 2001. Cybersecurity and hacking have been a passion of mine since I entered the computer and networking business in 2000. I hold several cybersecurity certifications including Certified Information Systems Security Professional (CISSP), Certified Advanced Security Pratitioner (CASP), and Certified Ethical Hacker (CEH). Other computer industry certifications include A+, Network+ and Microsoft Certified System Engineer (MCSE). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of security on their computers, networks, and websites. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. We also provide Cybersecurity Awareness Training for clients and their employees. I am a frequent speakers at cybersecurity conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference, the (ISC)2 World Congress, and the ISSA International Conference, and many local community organizations, Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2008.

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.