Menu visibility control

Video

Events

Startup Surgery

Most Recent

Need to Know

Therapist bots: AI and mental health

News

Startup Weekly: Desolenator wins Pitch@Palace 7.0, Startupbootcamp IoT calls for applications and more

Investments

PropTech startup YourWelcome raises £1m to help Airbnb hosts

Press Releases

Peer-to-peer lender Kuflink receives full FCA authorisation
Mention Me win best tech startup award at Drapers Digital Festival
GamCrowd officially launches the first ever Gambling Tech Week as part of London Tech Week

What does 2017 hold for cybersecurity?

cybersecurity

Topics

Related articles

twitterlinkedinFacebookgoogle_plustwitterlinkedinFacebookgoogle_plus

Jamie Graves, PhD, co-founder and CEO of ZoneFox, takes a look back at 2016’s cyber threats and explores what the future may hold for cybersecurity.

Cybersecurity is by no means static. It is, in fact, the dynamic nature of this industry – and its threats – that keeps things interesting. It’s been years in the making, but until recently cybersecurity was not really a practice as much as an add-on concept for IT solutions to help ensure that introducing new tech into an environment would not result in compromise. This year has definitely highlighted that to date, nobody is safe from cybersecurity threats.

On that note, however, many have decided to take up the challenge of making the workplace safer for users to get work done without compromising organisational assets. The cybersecurity world will remain dynamic for the foreseeable future, but some elements – of course – will remain the same. Here are some of the big hitters from 2016, as well as a few predictions; the good, the bad, and the ugly, for cybersecurity in 2017.

2016 in a nutshell

The year 2016 has been a wild ride in cybersecurity. Many more vulnerabilities are being classified by Microsoft as critical; in fact, they’re looking at a three-year high for critical vulnerabilities! Ransomware variants are coming out fresh off the press almost daily, bypassing email security appliances and users’ discerning eyes, and affecting thousands of people by the day. The trend of scorning (to some degree) prevention measures, and switching emphasis to detection and response is still alive and well, but 2016 also showed some eye-opening advancements in detection capabilities.

The Internet of Things (IoT) is being leveraged for major-scale denial of service attacks through the now open source Mirai malware. One of the bigger surprises at the beginning of the year, however, has been the lust for organisations to adopt a risk-based cybersecurity strategy without hiring a CISO. Here at the end of 2016, however, the the word ‘CISO’ has become ubiquitous in the industry, and organisations around the globe are scrambling to get one of these cybersecurity unicorns in their bullpen. Times, they are a changin’.

Looking into the crystal ball…

Our next year in cybersecurity looks to be very interesting. On one hand, we have the bad guys who are doing their darnedest to bypass any safeguards put in place by the white knights of cybersecurity in order to extort the innocent. On the other hand, we have focus on machine learning and user entity behavioural analytics (UEBA) features that provide a new level of detection of these attacks for the good guys. Mobile malware will keep going strong in 2017 since phones are still rootable, and we will see more attacks like those leveraging the Mirai malware or various ransomware variants.

One has to wonder: will 2017 be based more on recovery than detection and containment? The chances are slim, but one dark horse may come back to the forefront in the year 2017: prevention.

Conventional prevention measures such as those provided by firewalls, next-generation or otherwise, will not be enough. Prevention, however, goes much deeper. Why are attacks such as the Mirai malware able to thrive in the wild? Because our software and system development practices are currently lacking appropriate cybersecurity controls. Why is ransomware still a threat? Because people will still launch an attachment from an email message they receive, regardless of whether or not they know the sender. In 2017, prevention will be associated with managing vulnerabilities; those of both the technological and the human type.

In 2017, prevention will be enhanced with two initiatives. Static and dynamic application security testing (SAST and DAST, respectively) will become more common in the DevOps world – enhancing (or creating) a secure software development/delivery lifecycle within organisations (and hopefully app stores). Patching system vulnerabilities may still lag, but one can hope that browsers and applications such as Flash and Java will be patched in a timely fashion.

Vulnerabilities of a human nature will be mitigated through regular user awareness training. There are several platforms that provide test-phish emails, as well as remedial training for those who continue to click on links that they should not. Although prevention will become a cyber focal point, we will still need advanced detection. The next year will see even further advancements in UEBA technologies, leveraging machine learning to detect the bad guys – hopefully before they can do too much damage. Containment of ransomware, data theft attempts, unauthorised access, and other unsavoury activities will be made easier with these cutting edge technologies in your arsenal.

Needless to say, 2017 is going to be exciting for cybersecurity practitioners. There are a lot of threats coming our way, as always, but with the advancement of detection tools, emphasis on vulnerability remediation as  a prevention measure, regular user education, and the ubiquity of the CISO role and risk-based methodologies… we got this.

Enter your email address to receive updates straight to your inbox

* indicates required
Send me news on...
twitterlinkedinFacebookgoogle_plustwitterlinkedinFacebookgoogle_plus

Editor's picks

AI chatbots mental health

Therapist bots: AI and mental health
posted 8 hours ago

Startup Weekly

Startup Weekly: Desolenator wins Pitch@Palace 7.0, Startupbootcamp IoT calls for applications and more
posted on April 28, 2017

Henry Bennett

PropTech startup YourWelcome raises £1m to help Airbnb hosts
posted on April 28, 2017

people with tech

£94m in UK tech investment, Uber’s sick pay u-turn, a chameleon car and more in The Week in Tech
posted on April 28, 2017

Richard Goold AI jobs

Tech chats: AI’s impact on jobs with EY’s Richard Goold
posted on April 27, 2017

Investment

Data science firm Exonar raises £1.25m to expand across Europe
posted on April 27, 2017