As we close out 2016 and prepare to ring in the New Year we must take a look back at the past 11 months before we can predict what lies ahead. In the realm of cybersecurity, that means evaluating how the threat landscape has changed to accurately assess how it will continue to evolve.
As predicted for 2016, this year experienced a significant growth in online extortion, smart device failures and the ever-growing need for Data Protection Officers (DPOs). Following the exponential increase of ransomware in particular, we believe 2017 will begin to plateau, as this level of increase in new malware families is not sustainable. Despite this, cybercriminals will find new ways to take existing threats to the next level in 2017.
Ransomware operations will branch off into other devices, such as PoS systems, as well as being used for strategically planned attacks affecting desktops, mobile and smart devices. Additionally, corporate extortion will grow as a favored attack method amongst cybercriminals, using Business Email Compromise (BEC) scams to lure unsuspecting employees to transfer corporate funds. We will also witness an increase in Business Process Compromise (BPC) attacks, which will infiltrate corporate systems to alter financial transactions. These attacks, and others like them, will be the cause of more stringent data review processes for enterprises as the General Data Protection Regulations (GDPR) loom near.
As consumers continue to purchase fewer Microsoft desktop devices, and the popularity of Apple products rises, we will see more Adobe and Apple vulnerabilities exploited. Also, with the lack of secure smart devices, Industrial Internet of Things (IIoT) devices controlling systems in manufacturing and industrial environments will be targeted by threat actors for use in distributed denial-of-services (DDoS) attacks.
New attack methods for 2017 will not only include targeted attacks, but also cyberpropaganda. This online fake news will have the power to drive social change while criminals make only about $20 per month. These attackers aren’t in it for the money, but instead are focused on the impacts that can be made by driving Internet traffic to smear content.
There is no silver bullet to defeating cyber threats, but there are a few ways to stop these predicted threats before they grab hold. Machine learning is designed to battle both known and unknown threats through multiple layers of protection. This model faces network traffic head on, allowing a machine to determine whether files are malicious or not. Considering the threat of DDoS attacks, IoT devices should also be secured before gaining access to the Internet.
In 2017, enterprises will need go beyond the technical level to embrace a mind shift that creates a “culture of security” to guard against attacks. This involves training employees further than simply being aware of threats to actually acknowledging and collectively working to protect against them. In combination with selecting a reliable protection software to detect and defend existing and new threats, educating employees in areas such as social engineering techniques and keeping them up-to-date on the latest BEC scams is crucial to establishing improved cybersecurity habits to live a safer digital life.
These predictions and mitigation solutions only scratch the surface of what we foresee coming in 2017. For a more comprehensive overview of what to look forward to, be sure to read The Next Tier: Trend Micro Security Predictions for 2017. The need for a strong security culture is upon us, so begin safeguarding yourself now by implementing concrete security changing throughout your business.