6 crucial IT security trends for 2017
Ransomware and social engineering attacks will be on the rise in 2017, warns security expert James Maude. He predicts six key trends will dominate and drive security strategies in the New Year.
Threats shift from confidentiality to availability of data
“In 2016, we saw cyber-attacks start to shift from an attack on the confidentiality of data to the availability of data, explains James Maude, senior security engineer, Avecto. “Attackers have started to poke holes in a manner that has exploited technology users who are unaware and uneducated about the potential risks of their everyday use of professional and personal hardware, software and social platforms.” Maude predicts that this shift will continue in 2017, and will result in six key trends.
Ransomware will further diversify
“We are already seeing attackers moving beyond the desktop and starting to exploit vulnerable websites and blogs,” Maude notes. “For organizations, I expect to see ransomware going after high value enterprise targets such as databases and backup systems. We may also see IOT devices being used to disrupt and ransom businesses, if an attacker can take control of your lights, heating or access controls then they could easily hold you to ransom for this.”
Social engineering will become more prominent
“In day-to-day scenarios we will see attacks that focus less on sophisticated vulnerabilities and more on manipulating users with social engineering,” Maude warns. “As many still rely on detection an attack doesn’t need to be advanced, it just needs to be unique enough not to be detected. Email will continue to be the primary target for phishing attacks, however, we can expect to see a broader range of phishing campaigns using messaging apps, social media and users’ person email to bypass corporate filters.”
The giants will awaken
“Established security vendors like Symantec and McAfee will threaten the traction of upstarts like Cylance and Crowdstrike,” Maude predicts. “The older guards are able to provide broad installation bases and have a renewed innovation vigor, empowering them to provide solutions for the growing demand of full-lifecycle security platforms. Single-play vendors in detection and response will lose their appeal when asked to prove that they solve more than just a part of the security challenge space.”
The cyber security skills gap will be an even greater challenge
“As more companies compete for talent in a limited marketplace, the skills gap will become an even greater problem,” Maude expects. “Companies may be forced to rethink strategies and look for solutions that are more proactive and require less management to allow them to make the best use of available resources.”
Container isolation will see wider recognition for its security benefits
“We’ll see an accelerating migration of corporate applications from riskier legacy application architecture to container-hosted apps,” Maude says. “I think we’ll see MSFT show prototypes of Android applications running on Windows within a year.”
Regulation will enforce ransomware attack repercussions
“Organizations will be under increasing pressure to address the issues of cyber threats,” Maude notes. “For example, the European GDPR is coming into effect in early 2018 and can fine organizations up to 4% of global turnover in the event of a breach. Increasingly, there is a push among regulators to classify ransomware incidents as a breach, an implication that will concern many who have been hit with an attack on multiple occasions. Laying the groundwork in 2017 will be very important to ensure future financial security.”