I spend most of my time analyzing vast quantities of cyber threat data, looking for trends and insights that we can use to help our customers better prepare for what cyber threats are coming next. There are some clear trends that have emerged over the past 12 months that we can use to offer cyber security guidance and strategies in the coming year.
1. An organization’s ‘level of presence’ will grow and in turn so will cyber risk.
Every product and service relies on some type of technology infrastructure. With that reliance organizations are extending their “level of presence” in the digital world via social media, payment transactions, customer engagement, marketing, partners, suppliers... the list goes on.
The supply chain accounts for a large part of an organization’s increased digital footprint. Partners and suppliers support customer, HR, payroll, and accounting - and we share with them very sensitive information or provide them with sensitive access to that data, therefore “extending” our presence. With that extension of digital presence, organizations are operating at a higher exposure to be a victim of fraud, extortion, ransom, compromised accounts, exploited assets and denial of service attacks, to name a few.
It will be increasingly important for organizations to move beyond just looking at things as inside-out IT security and instead understand their total risk profile in order to make significant improvements towards changing security outcomes for the better.
2. Ransomware will continue to be a moneymaker for cybercriminals.
We all know ransomware attacks grew exponentially in 2016 and there is no indication they are going to slow down in any way - financially motivated cybercriminals follow the money trail.
From an adversary capability perspective, ransomware is cheap to operate. From an opportunity perspective, many organizations are not yet applying the proper analysis and decision-making to appropriately defend against this threat. Ransom-based attacks also have a very large target base as every employee in every organization that utilizes an email address is a potential target victim.
Combine the lack of willingness for organizations to acknowledge the threat with the consistent release of breached email addresses (LinkedIn, Dropbox, MySpace, Tumblr, etc.) that are used to automate the campaign and you will continue to see a solid profit center for the criminals.
3. Extortion (ala TheDarkOverlord style) will increase.
Not yet as common as ransomware, but set to increase in 2017, is extortion-based threats - another example of cybercriminals following the money. We will see more organizations breached and then contacted by the malicious actor with a demand of payment in order for the data to be returned.
In football, they say run the same play until the other team can stop it. In the case of extortion, cybercriminals have a pretty good set of case studies to follow.
If the organization does not pay the extortion fee, the stolen data is then publicly released on a paste site, via social media or sold on the black markets, which of course brings significant risk to the organization.
4. 2017 will be the year of increasingly creative IoT attacks.
IoT security threats have been talked about, but not really worried about by most because a serious incident had yet to occur. That all changed this past year.
With the 2016 DDoS attack on Dyn, and the ripple effect it created, we will see more scrutiny on security within the IoT marketplace. Vendors will work in new security precautions but at the same time, cybercriminals will also increase their attention on new ways to leverage IoT devices for their own malicious purposes.
There are plenty of “As-A-Service” attack capabilities on the Dark Web for hire now and we should expect creative, new IoT hacking services to pop up in the near future.
5. Threat intelligence will play a larger role in risk management decision-making.
As cybercriminals continue to shift their tactics to find new avenues for attack, good guys have to evolve as well in order to ensure a sound defense. Cyber threat intelligence is being used more and more as a way of guiding where that cyber defense evolution needs to occur. As such cyber threat intelligence solutions and analysts will be increasingly added to and defined in security budgets.
A large part of what is needed, however, is to not only focus on tactical CTI capabilities as done in the past, but to specifically build a CTI program that informs decision makers on the risk evolving threats can impose on the business. Every product or service a business delivers depends on a technology platform in some way and wise leaders are beginning to track the threats to that infrastructure.
While organizations can’t really impact cybercriminals’ intent or capability, placing greater focus on reducing the bad guys’ opportunity - especially as the level of presence is growing - should be at the top of your security to-do list in 2017. Having the right intel to help guide those efforts is critical to a fruitful 2017 and beyond.