Virtualization Technology News and Information
Netwrix 2017 Predictions: Five Emerging Cyber Threats and Trends

VMblog Predictions 2017

Virtualization and Cloud executives share their predictions for 2017.  Read them in this 9th annual series exclusive.

Contributed by Michael Fimin, an expert in information security, and CEO and co-founder of Netwrix Corporation

Top Five Emerging Cyber Threats and Trends for 2017

2016 was definitely not the best year for cyber security, with everything from web application attacks and W-2 scams to ransomware and DDoS attacks on some of the most high-profile companies. Headline-making breaches at MySpace, LinkedIn, Dailymotion, Friend Finder Network and Mossack Fonseca, as well as recently disclosed Yahoo breach that occurred in late 2014 and affected 500 million users worldwide, have proven that hackers are currently beating organizations in the field of data protection. While companies are doing their best to adjust their strategies to emerging cyber threat landscape, criminals are upping their game as well - reviewing their successes and failures, analyzing the weaknesses in organizations' defenses, and brainstorming ways to streamline their processes.

There's no reason to believe 2017 will be any better. In fact, it could be even worse, as cybercriminals continue to push social engineering and find new ways to deliver malware, penetrate vulnerable databases, and leverage mobile technologies to get inside corporate networks and target individuals. By reviewing the events of 2016, we have identified five trends and cyber threat patterns that organizations need to consider in 2017:

Connected systems and devices. While organizations from various industries are already embracing the IoT, the convergence of IT, operational technology (OT) and physical security will become even more common practice in 2017, in part because of the profound economic benefits. These new connected infrastructures will make organizations more vulnerable to cyber threats and expand their potential attack surface. Since any device or smart system connected to the internet can potentially be compromised, IoT is essentially a back door into the corporate network that gives attackers a new path to companies' sensitive data. In the worst case scenarios, vulnerabilities in OT systems can leave critical infrastructures at risk of sabotage or even pose a threat to peoples' lives (for example, hacking of self-driving cars). 

Cloud hacks. As cloud computing enters its second decade, it is increasingly becoming a vehicle for the next-generation digital business. According to the 2016 Cloud Security Survey by Netwrix, the number of organizations migrating to the cloud has increased from 43% in 2015 to 68% in 2016, which proves that cloud is gaining traction and becoming more mainstream. This strong rate of cloud adoption and the resulting larger volumes of sensitive data stored in the cloud make IaaS and SaaS more attractive for hackers than ever before. What is even more disturbing, analysts expect a dramatic increase in DDoS attacks targeting cloud and hosting service providers in 2017, which will create additional challenges and could even force some CISOs to limit cloud use for sensitive data to processing but not storage.

State-sponsored hackers. State-backed hacking will remain a headache for organizations regardless of size or industry. Private enterprises and non-profit organizations will continue to be just as likely to come under attack as federal agencies or regulatory bodies. State-sponsored hackers could use their power to sabotage elections, bring disorder to business operations, obtain trade secrets and steal information about projects of national significance. Traces of state-sponsored attacks could be also used to illustrate a country's "digital aggression," increasing global political tensions. In light of upcoming elections in France and growing tension in European countries, we expect to see more state-sponsored sophisticated attacks, which will vary in techniques and effects.

Machine learning. In 2017, machine learning and artificial intelligence will play a significant role in cyber security on both the offensive and defensive sides. Hackers could use machine learning to enhance their social engineering skills or to perform large-scale vulnerability scanning for future attacks. At the same time, organizations can use machine learning to detect anomalous user behavior, perform automated penetration tests and generate high-value cyber threat predictions.

New security and privacy regulations. We expect compliance and regulatory enforcement to receive a lot of attention in 2017. As they attempt to protect the general public and make businesses more responsible about their cyber security efforts, regulatory bodies will likely create new legislation addressing the latest cyber security threats. The latest example is the GDPR regulation, which will come into effect in May 2018 and will apply to any company that works with the private data of EU citizens. This and other new standards will likely increase the complexity of regulatory procedures for organizations and expand their legal concerns. We anticipate organizations will increase their use of self-regulatory processes to monitor their own adherence to standards, and we expect growth in professional communities similar to PCI QSA.


About the Author

Michael Fimin joined Netwrix Corporation in 2007, bringing more than a decade of IT industry experience, management practices and innovation. Prior to joining Netwrix, Michael held several key positions at Aelita Software (later acquired by Quest Software), driving the company's top-selling security and compliance product. Michael lives in Monarch Beach, California.

Michael Fimin 

Published Friday, December 16, 2016 7:03 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<December 2016>