Cybersecurity Predictions From Hitesh Sheth, Vectra CEO

Cyber attacks on the U.S. will increase during President Trump’s administration

The incoming U.S. administration has already stated it will take a more aggressive posture on cybersecurity. As a result, U.S. businesses and the U.S. government should expect an increase in the number and severity of cyber attacks, led by select nation states and organised political and criminal entities.

Ransomware will get an IQ

Ransomware attacks target the data files of organisations. Because it provides the fastest way for an attacker to monetise an attack through untraceable Bitcoin, ransomware attacks will grow more intelligent by targeting high-value digital assets, including surveillance cameras, phone systems, security systems and other business IoT devices.

In 2017, new forms of ransomware will become the biggest headache for security response teams and the business driver of growth in cybercriminal income as it automatically and rapidly extorts money from enterprises.

Private industry professionals and law enforcement will collaborate more in 2017

With more than 67% of data breaches reported by outside agencies and the upsurge in ransomware attacks, collaboration between private industry and law enforcement agencies – both domestic and international – will increase in 2017 as they attempt to close down and bring ransomware operators to justice.

 Data centre attacks will go bottoms up

Bad actors will focus on the soft underbelly of data centres and cloud deployments by gaining control of firewalls, servers and switches that make up the physical infrastructure.

According to the website Shadow Server, there are still more than 816,000 Cisco firewalls connected to the Internet that are vulnerable to Equation Group exploits and sub-OS rootkits exposed by the Shadow Brokers hacking group. Attackers heard this wake-up call about a vast number of vulnerabilities and will exploit them in 2017.

 Shadow IT will take a bite out of security operations effectiveness

IT can’t protect what it doesn’t know about. Business units and department heads have been deploying technology independent of the IT department for years and it has become a key weakness for attackers to exploit.

The risk of attacks on shadow IT resources will force security leaders to adopt an internal-network-centric threat hunting approach to gain visibility, insight and timely response to security incidents across all their enterprise endpoints, infrastructure and services.

Critical firewall vulnerabilities will continue to be ignored

The firewall is the most trusted device in a data center. The Shadow Brokers’ treasure trove of exploits stolen from the Equation Group and made publicly available has reignited the efforts of advanced adversaries and nation states. They now have easily accessible tools that enable them to eavesdrop on encrypted communications that traverse firewalls.

According to the Shadow Server website, there are still more than 816,000 Cisco firewalls connected to the Internet that are vulnerable, undermining the inherent trust placed in firewalls.

IoT will become a bigger security vulnerability than phishing

By 2020, Gartner forecasts there will be over 7 billion business IoT devices and that more than 25 percent of identified attacks in enterprises will involve IoT, although IoT will account for less than 10 percent of IT security budgets.

Remaining noticeably susceptible to compromise, the ever-growing number of IoT devices provide an easily exploitable path to high-value data and resources that cyber attackers will continue to take advantage of in the coming year. And as IoT attacks grow in sophistication, the damage will extend well beyond DDoS botnet swarms and will likely usher in the first examples of IoT ransomware.

2017 is the year we automate security response (well some of it)

Human beings alone, no matter how skilled, won’t have the bandwidth to handle the tsunami of security data, cacophony of alerts, and plethora of security tools in 2017.

With hyper growth in the attack surface and threat landscape – and constrained by limited security analyst resources and capabilities – enterprises will augment their teams with artificial intelligence to automate the detection and response to security incidents. Security analysts will remain in the loop and continue to bring unique insight and capabilities. Think Robocop, not Skynet.

Decrypting SSL for threat detection will become increasingly difficult

Attackers increasingly target and compromise certificate authorities as part of sophisticated man-in-the-middle attacks. This leads more applications to enforce strict certificate pinning, and consequently make the inspection of SSL encrypted traffic far more difficult for traditional security products.

 Artificial intelligence will be the fourth industrial revolution

The use of artificial intelligence in cybersecurity is still in its infancy, similar to when the Internet was in its infancy. In 2017, new information security technologies will employ first generation AI technology to address many of the security and confidentiality issues that have plagued businesses over the last 40 years.

Artificial intelligence will reverse the asymmetric war on cybercrime

Over the next several years, artificial intelligence will help address the global shortage of qualified security professionals as networks become more sophisticated, generate more data, and are exposed to increasingly advanced threats. Artificial intelligence will enable the cybersecurity automation needed to reverse the asymmetric war on cybercrime.

2017 will see the first AI-on-AI cyberwar

Just as artificial intelligence is a boon to the defender, so too is it to the attacker. Defence contractors and governments around the world are already using AI to sift through great lakes of network data and intelligence, and hunt for exploitable weaknesses. Just as fast as armies introduced tanks to warfare, tank-on-tank warfare became a necessity. In 2017, we will see the start of AI-on-AI cyberwarfare.