Jan032017

Cyber Security in 2017: What Should We Expect?

Jeff Schilling, CISM | Chief Security Officer
January 03, 2017

Posted in: Business Leaders, Risk and Control, Security and IT Professionals

Originally featured on vmblog.com

This time of year brings a slew of “predictions” from security-minded experts. While this is a format that most have come to expect, with clear indications of storms brewing on a number of fronts, I thought I’d adapt to terminology that better describes what lies ahead – a “forecast.” The desire is not to create an air of FUD (fear, uncertainty, doubt), but instead acknowledge reality and take measures to address these emerging challenges without pulling punches.

In 2016, what was old became new again – with a vengeance. Old standbys like DDoS attacks and ransomware took on new life with tenacity and scope previously unseen.

Ransomware Evolution

Ransomware was a major player this year, compromising individuals and enterprises alike. The healthcare industry, in particular, was targeted and victimized on many levels. I wrote about a particularly concerning escalation by a hacker known as the “The Dark Overlord (TDO),” who sought to compromise a soft target, with high payoffs, in software development teams.

Based on this new, broader approach, we should expect to see a large ransomware attack against a major corporation that will hit seven figures. The ransom actors will attempt to deny access to a large company’s website or other business systems that operate money-making systems, such as e-commerce or Business SaaS. As a result, the victim will pay a large sum to get back online ASAP. In fact, I suspect this has already happened but has not been disclosed. It will be increasingly difficult to keep these matters quiet as they proliferate, however.

In addition, as ransomware becomes more lucrative and sophisticated, credit card theft will probably decline. After all, we know that criminals want maximum return for minimal effort and this is one of the surest routes. Improved fraud detection capabilities will also contribute to a decrease in this activity as stolen credit card numbers s will have a very short shelf life.

DDoS Escalation As I referenced earlier this year, with the increasing number of unsecured Internet of Things (IoT) devices, DDoS attacks will continue to break records. The proliferation and improvement in the Mirai code will continue to seek out and compromise devices across the commercial and consumer spectrum creating virtually nation-state level computing firepower to overwhelm targeted web servers. These situations could also become vehicles of ransomware threat actors.

To combat these campaigns, one of our researchers recently pointed out that IoT manufacturers must integrate security into R&D processes from the get-go. Security can’t be an afterthought if the massive DDoS trend is to be curtailed.

How to Respond

From ransomware to DDoS, 2017 should be another record-setting year in terms of volume and scope cybercrime. Business stakeholders and decision makers must acknowledge these challenges and be as proactive as possible with safeguarding their organization and its assets.

Investing in employee training programs to curtail malware intrusion through phishing attacks is a positive step to limit ransomware. Data prioritization to determine exactly what information should be protected based on business objectives and regulatory requirements is also essential to ensure security resources are allocated appropriately. Finally, working with seasoned threat experts to help navigate the complex threat landscape can help better mitigate attacks by focusing on areas most in need. This, in turn, will allow organizations to focus on its mission as opposed to playing a cat-and-mouse game with cyber threats.

Jeff Schilling, CISM

Chief Security Officer

Jeff Schilling is the chief security officer and responsible for the cyber and physical security programs for the corporate environment and customer hosted capabilities.

About the Author