Virtualization and Cloud executives share their predictions for 2017. Read them in this 9th annual VMblog.com series exclusive.
Contributed by By Jake Olcott, Vice President, BitSight
From AWS and IoT to Hacktivism and Cyber Insurance - In 2017 We Will See it All
Attacks Against Critical Infrastructure
Following the hack
against the Ukrainian electric grid, and hospital disruptions due to
ransomware attacks, we will see more breaches aimed at critical
infrastructure next year. What's more, the idea of "critical
infrastructure" will change. We're no longer just speaking about the
grid or financial institutions. Critical infrastructure will include key
cloud services, like AWS, which could create a huge, detrimental outage
should a breach against this service take place. If the DDoS attack on
Dyn was so impactful, imagine the repercussions of an outage at a
larger service provider.
IoT Will Come Under Attack...Again
In
2017, we will see more cyberattacks that leverage IoT devices. Whether
targeting smart meters, connected medical devices, or automobiles, IoT
devices have proven their vulnerability, and will come under attack next
year. What's more, we are now prone to the "copycat effect," where
hackers who have witnessed the impact of the Dyn attack will try
something similar, hoping to achieve the same or an even greater
outcome.
Embarrassing Disclosures in the Name of "Hacktivism"
We're
going to see more Wikileak-style embarrassing disclosures in 2017,
targeting political figures or others in the public eye. Hackers will
look to target corporate documents that implicate people in an attempt
to persuade or influence the masses. We've already seen this approach
emerge, with ISIS trying to attract new followers, and Russia allegedly
attempting to influence the US election. Headlines are easily
manipulated by the data revealed in embarrassing disclosures, and this
will impact both governmental and corporate decisions in the coming
year.
Cyber Insurers will ask, "what's the Big Data?"
Cyber
insurance is on the rise, as more companies adopt plans and more
underwriters expand their portfolio and grow their premiums, but in
order to maintain credibility and justify costs, both insures and
underwriters must adopt a data analytics approach to cyber
insurance in 2017. The industry will continue to use and rely on data to
develop quantitative models for assessing premiums in order to make
more strategic decisions.
Beyond the data, there will be a new
focus on what happens during the lifetime of a business relationship.
Underwriters will begin developing programs that drive better security
hygiene. In the same way that health insurance providers developed
no-smoking policies or provide discounts for gym memberships, cyber
insurance underwriters will reward companies for taking a more proactive
approach toward cybersecurity.
Let's Get Visual, Visual
After
massive breaches like Yahoo and Dyn, the Board now understands the
importance of cybersecurity from both an optics and a business
development standpoint. But communicating such issues still proves to be
a difficult task. How do security practitioners take all the
information from their network and enterprise and comprise it into
something meaningful that a decision-maker can quickly understand? 2017
will bring the rise of security visualizations. Those reporting on
security to the board will adopt a visual approach in order to easily
display and quantify the needs of their business unit.
##
About the Author
Jake
Olcott is vice president of business development at BitSight, which
provides companies with objective, evidence-based security ratings. He
has previously worked as legal adviser to the Senate Commerce, Science
and Transportation Committee on cybersecurity and staff director for the
House Homeland Security Committee's Subcommittee on Emerging Threats,
Cybersecurity, Science and Technology.