Expected Cyber Trends in 2017
2016 saw a rise in cyber threats, from botnets and ransomware, to high-profile leaks and massive data breaches. Over this year, cyber incidents affected businesses of all sizes in every industry. The cyber attack surface continued to expand with the proliferation of Internet of Things (IoT) devices beyond conventional smart phones and tablets to include hackable cars and appliances. And, according to a report by Cisco, one million cybersecurity jobs remained unfilled last year, while the number of job postings continued to rise.
As we close out 2016 and roll into the New Year, these cyber security threats aren’t going away. In fact, the threat landscape for 2017 will likely include new attack types and will exploit never-before-seen vulnerabilities. While the environment might seem unpredictable, you are likely to confront the following challenges in the new year:
Attacks On Physical Infrastructure
Industrial control systems will continue to pose a massive risk in 2017. For a skilled adversary, it’s hard to imagine a more perfect target. Legacy supervisory control and data acquisition (SCADA) systems run on obsolete networks, which were designed without security considerations. What’s more, these systems are responsible for powering entire cities, controlling the nation’s energy production, and maintaining global financial centers.
There isn’t much precedent for cyber attacks on physical infrastructure; this class of attack is rare, and has only been perpetrated in large-scale operations by nation state actors. However, the 2016 attack on Ukraine’s power grid gave the world a preview of what could be at stake, when 225,000 Ukrainian civilians were left without electricity. Unfortunately, there’s no way to ensure that this capability remains exclusive to nation states—a class of actors that can, in theory, be held accountable for their actions. In fact, we could see attacks on critical infrastructure carried out by motivated cyber criminals and hacktivists (individuals or teams of hackers who are motivated by financial gain and ideological reasons, respectively).
The Rise of Mobile Malware
In 2016, security experts noticed a concerning spike in mobile malware. Researchers from Check Point Software estimated that 10 million Android devices were compromised by a single strain of malware, which was able to install itself on 50,000 new devices per day. The attackers were able to use the malicious program to display advertisements on compromised devices, generating roughly $30,000 USD per month in revenue. Financial gain alone is a powerful motivator for hackers looking to pull off a similar attack. However, it’s the ease of conducting repeat operations that has experts most concerned about the future of mobile malware.
More than ever before, our lives are in our pockets. Today, personal communications, financial data, and even medical records are connected to smartphones. Mobile devices have features that prioritize convenience; however, these devices need to maintain a baseline of security standards. Cybercriminals will continue to capitalize on mobile vulnerabilities in 2017.
One clear trend to emerge in 2016 involved ransomware attacks, a type of cybercrime wherein an attacker takes over a system and then holds it hostage until the victim agrees to pay a ransom. According to data from Beazley and Symantec, based on trends from the first nine months of 2016, ransomware attacks increased by 300%.
The healthcare industry has been affected disproportionately by this class of attack. Medical records are one of the most valuable types of data and, accordingly, are covered by federal privacy laws. The loss of medical records will bring both normal operations and critical services at a hospital to a halt. As a result, victims of ransomware attacks in this industry are often willing to pay in exchange for the safe return of their information.
In 2016, attackers seemed to perfect their strategy for extorting money out of the healthcare industry. The amount of ransom money is carefully calculated: just low enough for hospitals to agree to pay, but high enough to do serious damage. As the healthcare industry continues to expand its reliance on technology and patient records go digital, the vulnerability to attack will continue to grow. That’s a reality that hackers will continue to capitalize on and we predict this continuing in 2017.
CyberWars: A New Hope
Despite the ominous speculation, we think there’s reason to be optimistic about the future of cybersecurity. The emerging and growing threats cover all businesses, sectors, and industries. That means everyone will be invested in personal, organizational, and business security. Industry leaders will start to understand their crucial role in cyber-preparedness and invest in enterprise-wide cybersecurity training and awareness for their employees and themselves.