1. 2017 is the year that SPF, DKIM, and DMARC will be table stakes for email communication.
After a tumultuous election season with a lot of attention on email, 2017 will be the year that people come to accept that we have a long road ahead of us to make email a more confidential method of communication. End-to-end encryption for email has been around for years, but a path to its widespread use is unclear to many. Companies rely on the information they get from their customers on their engagement, and people want versatility in their email management, that isn’t compatible with end-to-end encryption, such as searching their email streams. SPF, DKIM, and DMARC assure authenticity and integrity of the messages, and can be easily applied to any email strategy. Having a strong DMARC policy in place will prevent attackers from pretending to be who they aren’t. As more companies adopt DMARC, we will see a reduction in the risk of phishing attacks, a common vector for account compromise and data theft. While we may see an uptick in end-to-end encryption for national security reasons, we’ll see more widespread adoption of policies to ensure email authenticity.
2. DDOS mitigation will be center stage for internet-based companies in 2017.
After the widespread DDOS attack of hosting company OVH in 2016, in which 150,000 Internet-connected devices were leveraged for a 1Tbps attack, companies are going to have to start getting on the defensive side of DDOS mitigation. The Internet of Things is not going away, and without a way to regulate the resiliency of the firmware that operates these devices, the best way companies can protect themselves is with a clear DDOS mitigation strategy. It’s not a matter of if anymore, but when, so having a mitigation strategy and having a relationship with a DDOS mitigation providers is table stakes for doing business on the internet in 2017.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.