Crystal Ball Gazing for 2017

This is the time of the year everyone writes either a year in review article, or a what’s coming in the new year post.  Guess which one this is?  I’ve been reading the pundits, and considering my own findings as a cybersecurity professional.  I pulled together the following list for your review, and to help you plan where to spend your time, talent, and budget in 2017.

  • Continued issues with crypto-ransomware in 2017 may be mitigated by advances from several security software companies in creating products to detect and stop malicious encryption of files.
  • If crypto-ransomware stops being a money-maker for cyber-criminal gangs, expect to see an increase in “business email compromise” exploits.
  • Phishing will continue to be the top access exploit method as attackers get more targeted and sophisticated in their approach.
  • Identity theft will continue to be a problem, as the number of data breaches continues to increase.
  • There will be an increasing use of encryption not just for data in transit, but also to records at rest in servers, NAS, SANs and other storage locations.
  • There will be an increase in the number and power of bot-nets utilizing insecure IoT devices for exploits such as distributed denial-of service (DDoS) attacks.
  • More companies will purchase cyber-insurance, and some companies will find themselves mandated to do so but a regulatory agency or business partner.
  • If your company is part of a larger company’s supply chain, expect requirements from them about creating a cybersecurity program.
  • If your company develops software, your clients will require that security be designed in from the start.  DevOpsSec will become part of your development environment.
  • While traditional perimeter and endpoint defenses will continue, expect to see activity around “mid-point” or internal network security that includes traffic monitoring, behavior analysis, and anomaly detection.
  • Increased activity by nation states in cyber-war attacks.  Some of these campaigns will have adverse effects on businesses and civilians.
  • President-elect Trump appears to favor stronger cybersecurity efforts, which may translate into less privacy and more government intrusion.  Or it may mean more funding for Cyber Command and the NSA.

These are issues that you can count on encountering in the new year.  Plan accordingly.

 

0

About the Author:

Cybersecurity guru to business owners in the St Paul, Minneapolis, and western Wisconsin area. Computer security and hacking have been a passion of mine since I entered the computer and networking business in 2000. In 2013 I completed a course of study and certification exam to become a Certified Ethical Hacker (CEH). In 2016 I was certified as a Certified Information Systems Security Professional (CISSP). As Senior Cybersecurity Engineer at Computer Integration Technologies, I help our clients experience high levels of computer security, network security, and web site security. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also provide Cybersecurity Awareness Training for clients and their employees. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. The views expressed on this Web site are mine alone and do not necessarily represent the views of my employer.

Add a Comment