Cyber security: trends for 2017

1. Even more publications of stolen data

In 2016, it was more common for "historic" personal data to be leaked to the public. From LinkedIn to MySpace to Dropbox and Yahoo, it's scary how many large-scale data thefts become public years after the incident. The effects are already being felt - for example, in the case of Deliveroo, where it had to be announced that hackers were able to access customer accounts they had taken control of far earlier using login data. As long as users keep using the same passwords over and over again, it's easy for hackers: once they've been able to steal a user's log-in details, they have several online accounts open to them. And even though we now know the cases mentioned: There are still many providers who do not even know that they have already been the victim of a successful attack, and just as many who were able to register this but did not impress upon their customers the need to change their passwords. For these reasons, we will continue to have to deal with data breaches based on already "historic" hacks.

2. Ransomware continues to spread

Over the last three years, ransomware has become an ever-increasing threat. Until recently, however, the focus was on untargeted, opportunistic attacks that affected home users and small businesses. The ransom demanded by the criminals was in the manageable range of a few hundred euros. Now, however, the cybercriminals are targeting larger organizations, where they find more critical data and computers - and thus information without which the victims cannot continue their daily business and which is thus good for high monetary demands. Ransomware is therefore likely to really take off next year. Organizations, in turn, will need to prepare for the threat - with better backup strategies and investment in more sophisticated tools that can still detect, contain and stop suspicious activity on the network in time.

3. The "threat from within

Traditionally, organizations have long focused on combating threats from the outside or putting a stop to them before they happen. However, many recent data breaches involve insiders. What is becoming increasingly clear, however, is that "insiders" are not simply malicious employees of one's own organization who may want to steal information or publish it without permission. Indeed, one must not forget the "insiders" who unwittingly become aides to an attack from the outside. The "threat from within" therefore has a much more complex character than many organizations have already recognized - and because it has so many varieties, it will also play a role much more often. In 2017, this issue is likely to become an even greater challenge for the business world than it has been to date, because countering it firstly requires even more intensive awareness measures among employees and contractors, and also in this case from even more sophisticated detection tools. After all, if an employee does click on a dangerous link, the malicious activities triggered by it must be noticed by the protection system as quickly as possible.

4. Critical government infrastructure a top target

Critical government infrastructure has always been the focus of cybercriminals, but in the last year the problem has taken on whole new proportions. Power supply, airports, healthcare and financial organizations are now primary targets. A successful hack in this sector can have far more dangerous implications than simply leaking a few email addresses and birth dates. Indeed, it was the financial world that was hit in 2016 - the attacks on the SWIFT system and Tesco bank provided a good indication of how much damage is done and how much money is lost when attackers can bypass traditional security systems. In the coming year, these successes will motivate hackers to focus their energies even more on industries whose services form the backbone of our society - energy, healthcare and manufacturing.

5. Attention new regulations

For twenty years, progress on EU data protection laws has been slow - but now, with the General Data Protection Regulation (GDPR), the biggest reorganization ever is just around the corner. For companies, that's more than good reason to revamp their security strategies. Even though the new, stricter regulations are not due to be implemented until 2018, 2017 is the year to prepare for them. The threat of hefty fines and the requirement to disclose even minor data breaches are likely to prove the biggest motivators for organizations to take cybersecurity far more seriously than before.

6. The role of the CISO is being redefined

In 2017, many organizations will fill designated CISO (Chief Information Security Officer) positions. The threat landscape has become so complex that truly motivated adversaries always make it into the victim's network. Cybersecurity has therefore become one of the core issues for modern companies, here and there even the main concern at all. However, CIOs are busy enough as it is, and cybersecurity is only one of their tasks. Organizations therefore desperately need CISOs who have security at their core and can drive it forward. This is the only way to ensure that an organization always has the best security systems in place, implements the appropriate processes, employs the right specialists, and ensures the right attitude among employees to counter the current attacks.

7. Without Security Intelligence it is no longer possible

Today's hackers are becoming more persistent in their pursuit of their goals and are using extremely sophisticated tactics when it comes to exploiting existing vulnerabilities. In years past, standard IT security solutions may have been adequate - but since cyberattacks have become the biggest threats to corporate security, this foundation is no longer sufficient. When hackers keep inventing new ways to attack, it's only logical that companies must also rely on innovative methods to defend themselves.

In 2017, companies will increasingly invest in security intelligence to complement their traditional security systems. Part of this expansion of security is the introduction of uninterrupted monitoring so that attacks or data thefts can be detected and stopped shortly after they have begun.

A few years ago, Gartner already stated that prevention alone would become useless and that by 2020 at the latest, every security strategy must also include security intelligence. This will have a noticeable impact in 2017, when companies finally heed Gartner's advice and also begin to prepare for the data protection requirements of the GDPR. The time between the discovery of an attack and the targeted response to it is when an IT environment's systems are most vulnerable - and it is this time period that organizations will need to reduce as much as possible. Security intelligence as an overview and analysis layer, whose tools follow the attackers' tracks across a wide range of sensors in the network, will therefore lose the character of an add-on: It will become a pure necessity.

Source: Roland Messmer, Director for Central and Eastern Europe, LogRhythm