Security trends 2017

Based on data from the latest Security Report, the forecasts cover consumer trends such as mobile or the Internet of Things (IoT) as well as enterprise-specific areas such as critical infrastructure and cloud security. In addition, the report provides Check Point five trends.

Trend 1: Mobile Security
With the growing use of smartphones and tablets over the past four years, it's no surprise that attacks on mobile devices have continued to rise.
Attacks on mobile devices continue to increase, so successful attacks originating from such devices are expected to become an even bigger problem for enterprise security. According to the 2016 Security Report, one in five employees has already triggered a security incident because they caught malware via infected Wi-Fi. The recent government-sponsored attacks on journalists' cell phones show that these attack methods have now arrived "in the wild," and cybercriminals should be prepared to use them.

Trend 2: Internet of Things (IoT)
Updating IoT-enabled devices can be a challenge, especially if the device manufacturers have not focused on security. In the next year, companies can expect to see more attacks on industrial IoT, perhaps even on devices like printers.
Given the challenge of updating and patching Internet of Things (IoT) devices, cyberattacks can be expected to spread to the Industrial IoT (IIoT) in the coming year. The convergence of information technology (IT) and operational technology (OT) makes both environments more vulnerable. The manufacturing industry will need to expand physical security controls and deploy threat mitigation solutions/policies for both IT and OT networks.

Trend 3: Critical infrastructure
Critical infrastructure is highly vulnerable to cyberattacks. Almost all critical infrastructures, such as those of energy, utility and telecommunication companies, were designed and built in a time before the threat of cyberattacks. In early 2016, the first power outage intentionally caused by a cyberattack was reported (Ukraine). Security planners in critical infrastructure must be aware of the possibility that their networks and systems will be exposed to attack methods that fit multiple potential threat actors: Nation States, terrorism, and organized crime.

Trend 4: Threat Prevention
The security report reveals that unknown malware continues to spread and nearly 12 million new malware variants are identified each month. Ransomware is becoming increasingly important and will be a similar problem to DDoS attacks in 2017.

Given the success of encryption Trojans, organizations will need to adopt a multi-faceted defense strategy, including advanced sandboxing as well as malware-free document delivery, to effectively protect their networks. They will also need to consider alternative ways to deal with those who launch ransomware campaigns. Such methods would include coordinated action within an industry and law enforcement.
We will see more targeted attacks designed to manipulate or disable organizations, with these attacks launched by "legitimate" actors. The current U.S. presidential campaign illustrates this example and serves as a model for future attack campaigns.

Trend 5: Cloud Security
Companies are constantly moving more data to the cloud, opening a backdoor for hackers to access other corporate systems. As a result, an attack that disrupts or cripples one major cloud provider affects the systems of all its customers. Attacks on cloud providers are used as a means to harm a specific organization. Since there are many affected organizations, determining the motive becomes more difficult.
There will be an increase in ransomware attacks that impact cloud-based data centers. As more organizations, in both the public and private sectors, rely on cloud services, these types of attacks will make their way into this new infrastructure either through encrypted files spreading from cloud to cloud or through hackers using the cloud as a volume multiplier.