There's no reason to believe that 2017 will be any better for cybersecurity than it was in 2016. If anything 2017 will be even worse as cybercriminals continue to leverage social engineering and phishing techniques to find new vulnerabilities to exploit, develop new ways to monetize their activities and get through corporate defenses and target individuals. In 2017, cybersecurity battles favor criminals even more as vulnerable Internet of Things (IoT) devices will continue to expand the possible platforms of attack. Gartner estimates that by 2020 more than 25% of attacks in enterprises will involve IoT devices.
This past year, we saw cybercriminals becoming more sophisticated, threats becoming more advanced and cyberattacks causing more damage to organizations.
So as we approach 2017, let me share a few cybersecurity predictions which we, at Mimecast, see becoming even larger issues as we enter the New Year:
Ransomware becomes more regular and sophisticated
Ransomware will become one of the biggest threats that organizations will need to address, fuelled by an increasing multitude of attackers using off-the-shelf kits and leveraging a vast network of cybercrime service providers to run their ransomware campaigns. Ransomware represents an easy, cheap, and low risk attack method that produces significant profits for the attackers. In addition few organizations have effective defences against ransomware and now with Bitcoins and other anonymous payment systems enabling the perpetrators to get paid more easily, without being traced, it has never been so easy to make a good living off of ransomware.
Impersonation attacks in the spotlight
The media in 2016 have been very focused on ransomware attacks. However, one of the lesser publicized problems (but by some measures is larger in terms of its negative impact to organizations) are email impersonation attacks. Sometimes called whaling or CEO fraud attacks, these attacks can cost organizations hundreds of thousands in financial losses. In fact, according to the FBI, impersonation attacks led to more than $3 billion in losses over the last three years. We expect to see these attacks, because of the associated fraud and loss that they cause, as the next “it” attack flooding the media. There is nothing cheaper, easier, and less risky for attackers to do than just send well-crafted and timely emails which creatively requests for money to be sent to them. The attackers don’t even need to use malware for this, they just need to be clever with their social engineering
Macro malware still in the game
Once thought of as a thing of the past, macro malware which often hides in Word or Excel files, has reentered into the ring of popular attack methods. While most organizations choose to block executable email attachments at their security gateways by default, they generally still allow potential work-related files, such Microsoft Office documents, to pass freely. Attackers exploit this by weaponizing files in these common Office formats. According to Mimecast research, 50 percent of firms have seen email attacks that use attached macros increase over the last year. Why? It works well and can get through traditional AV-based defenses. And that’s why we’ll continue to see waves of macro malware into next year and beyond.
Reigning-in data residency and governance
Increased state-sponsored attacks will lead to more stringent requirements around data residency and governance, as well as increased focus on national-level firewalls to mitigate threats but allow regional business activity to continue uninterrupted. Advancements in managing internet traffic from different geographies may also become a focus as the global trade landscape changes. Unfortunately this comes with the risk of ‘balkanizing’ the Internet and restraining the free exchange of information.
Focus on data mining
One theme that is still overlooked, but should come into greater focus in 2017, is that cybercrime is not just about wire transfers and immediate and direct monetization of stolen information. Attackers are increasingly focused on data mining and will use the data they gather in more advanced future attacks, or sell it on the Dark Web for others to do the same. While more direct attacks such as email impersonation and wire transfer fraud is, and will continue be an issue in the future, organizations need to also think about where else they’re susceptible and ensure they have the appropriate protective measures in place against these longer tail attacks. Organizations need to determine which data of theirs could possibly be used to attack them or other organizations at a later time, and then take increased measures to secure it.
Cyber espionage to cause more political disruption
Nation states and their sponsored operatives will increasingly use cyber espionage to cause political shifts, disruption of adversaries, and to gain economic advantage in particular strategic areas. This will involve, but will not be limited to, email-based hacking and the disclosure of other forms of private communications, and the disruption of and interference with critical national infrastructures.
Employee education and taking adequate measures to protect organizations from cyberattacks will continue to be of high importance during the course of 2017 as cybercriminal continue to target the weakest link in an organization’s security: its employees.