By Derek Manky
Global security strategist, Fortinet
The expanding attack surface enabled by technology innovations such as cloud computing and IoT devices, a global shortage of cybersecurity talent, and regulatory pressures continue to be significant drivers of cyber threats. The pace of these changes is unprecedented, resulting in a critical tipping point as the impact of cyber attacks are felt well beyond their intended victims in personal, political, and business consequences.
Going forward, the need for accountability at multiple levels is urgent and real affecting vendors, governments, and consumers alike. Without swift action, there is a real risk of disrupting the progress of the global digital economy.
Fortinet unveiled six predictions from the FortiGuard Labs threat research team about the threat landscape for 2017. These predictions reveal the methods and strategies that Fortinet researchers anticipate cyber criminals will employ in the near future and demonstrate the potential impact of cyber attacks to the global digital economy.
Highlights of the predictions follow:
- From smart to smarter: automated and human-like attacks will demand more intelligent defense. Threats are getting smarter and are increasingly able to operate autonomously. In the coming year we expect to see malware designed “human-like” with adaptive, success-based learning to improve the impact and efficacy of attacks.
- IoT manufacturers will be accountable for security breaches. If IoT manufacturers fail to better secure their devices, the impact on the digital economy could be devastating should consumers begin to hesitate to buy them out of cybersecurity fears. We will see an increase in the call to action from consumers, vendors and other interest groups for the creation and enforcement of security standards so that device manufacturers are held accountable for their device’s behaviors out in the wild.
- 20 billion IoT devices are the weakest link for attacking the cloud. The weakest link in cloud security is not in its architecture. It lies in the millions of remote devices accessing cloud resources. We expect to see attacks designed to exploit endpoint devices, resulting in client side attacks that can effectively target and breach cloud providers. Organizations will increasingly adopt fabric-based security and segmentation strategies that enable them to create, orchestrate, and enforce seamless security policies between their physical, virtual, and private cloud environments from IoT to the cloud.
- Attackers will begin to turn up the heat in smart cities. As building automation and management systems continue to grow over the next year they will be targeted by hackers. The potential for massive civil disruption should any of these integrated systems be compromised is severe, and are likely to be a high-value target for cybercriminals.
- Ransomware was just the gateway malware. We expect to see very focused attacks against high-profile targets, such as celebrities, political figures, and large organizations. Automated attacks will introduce an economy of scale to ransomware that will allow hackers to cost-effectively extort small amounts of money from large numbers of victims simultaneously, especially by targeting IoT devices.
- Technology will have to close the gap on the critical cyber skills shortage. The current shortage of skilled cybersecurity professionals means that many organizations or countries looking to participate in the digital economy globally will do so at great risk. They simply do not have the experience or training necessary to develop a security policy, protect critical assets that now move freely between network environments, or identify and respond to today’s more sophisticated attacks.