Below we capture some of the key ideas discussed in the paper. For more detail and insight, we recommend you get yourself comfortable and read the report in full. It\u2019ll certainly put you in a more informed position when it comes to information security for the year ahead.<\/p>\n
Ransomware of Things (RoT)<\/b><\/p>\n
In 2017, we\u2019re likely to see more instances of ransomware, an upswing in DDoS attacks and more attacks against Internet of Things (IoT) devices \u2026 on a bigger scale. Troublingly, notes Stephen Cobb, \u201cthere is potential for cross-pollination as
\nthey evolve\u201d.<\/p>\n
Particularly worrying is the future growth of the Ransomware of Things, whereby cybercriminals hijack a connected device and demand payment for access to be restored to the user.<\/p>\n
\u201cTo stop the IoT become home to the RoT, a number of things need to happen, in two different spheres of human activity.\u201d<\/span><\/p>\n \u201cTo stop the IoT become home to the RoT, a number of things need to happen, in two different spheres of human activity,\u201d Cobb explains.<\/p>\n \u201cFirst is the technical sphere, where the challenge of implementing security on a vehicular platform is considerable \u2026 the second sphere \u2026 is policy and politics. The outlook here is not good because so far the world has failed abysmally when it comes to cybercrime deterrence.\u201d<\/p>\n Security education and social responsibility<\/b><\/p>\n Needless to say, cybercrime isn\u2019t going anywhere, with 2017 likely to be characterized by a ruthless streak that began to take shape last year. As Camilo Guti\u00e9rrez notes, it is more critical than ever for everyone, personally and professionally, to develop a better understanding of the risks.<\/p>\n What is especially important, is for all stakeholders \u2013 security experts, companies and educators, to name but a few \u2013 to tackle the weakest link in the security chain, the end user.<\/p>\n \u201cEducating users regarding current threats and how they spread can make all the difference in reducing the impact of cybercrime in the future,\u201d states Guti\u00e9rrez.<\/p>\n \u201cWe should not forget that security is the responsibility of everyone and not exclusive to those of us working in IT. These days, information is equally critical whether handled by a reporter or by an executive.\u201d<\/p>\n Mobile security<\/b><\/p>\n The evolution of mobile devices was expected to follow a similar pattern to that of desktops. However, as we\u2019ve seen with smartphones and tablets, the experience, the potential and the technology of these devices is taking us down another altogether exciting road.<\/p>\n Unfortunately, it\u2019s a road littered with obstacles and threats, and it\u2019s set to be another tough year for mobile security, says Denise Giusto Bili\u0107. Malware targeting these devices, in all sorts of sophisticated ways, will be evident in even greater numbers, meaning more effort is required in delivering proactive and reactive security.<\/p>\n \u201cThe growth of mobile malware is an undeniable reality, one that we have been predicting since 2013 and which is gaining strength as we speak,\u201d Bili\u0107 notes.<\/p>\n \u201cDuring 2015, new variants of malicious code created for Android averaged 200 a month; during 2016, this number rose to 300 new monthly variants (in iOS the number is 2 per month). We would not be surprised to see this increase continue over the next year, averaging 400 new mobile malware variants per month for Android by the end of 2017.\u201d<\/p>\n Vulnerabilities<\/b><\/p>\n As we know, vulnerabilities are one of the ways in which cybercriminals exploit security barriers. The good news is that the number of instances of this kind of compromise is decreasing, after hitting a historic high in 2014.<\/p>\n However, as Lucas Paus explains, this does not tell the full picture, as when it comes to \u201ccritical\u201d vulnerabilities, these are in the ascendancy. For example, at the end of October, \u201cthe number of critical reported vulnerabilities corresponded to 40% of total vulnerabilities\u201d.<\/p>\n \u201cBoth security solutions and the management of both updates and vulnerabilities will continue to play a leading role in the mitigation of [threats],\u201d Paus states.<\/p>\n \u201cThese have the objective either of minimizing or eliminating both gaps in defensive measures and information leaks in the coming years.\u201d<\/p>\n Next-gen security software<\/b><\/p>\n Working towards a future where there is improved understanding about the perceived differences between so-called first-generation malware detection and next-generation signature-less detection technology, is needed. There is far too much myth-making surrounding the latter, which is not helpful.<\/p>\n \u201cIt\u2019s clear that the distinctions between \u2018fossilized\u2019 and \u2018next-gen\u2019 products are often terminological rather than technological.\u201d<\/span><\/p>\n Consider, as David Harley does, the purported distinctions between the two are \u201cterminological rather than technological\u201d. If you cut out all the marketing spin and get to the root of it, you can see that next-gen products approach malware in much the same way as the first-gen products \u2013 the wording that describes it, however, creates a sense of newness. He adds:<\/p>\n \u201cSimilarly, when next-gen vendors talk about behavioral analysis as their exclusive discovery, they\u2019re at best misinformed: the term behavioral analysis and the technologies taking that approach have both been used in mainstream anti-malware for decades.<\/p>\n \u201cIn fact, almost any detection method that goes beyond static signatures can be defined as behavior analysis.\u201d<\/p>\n Healthcare challenges<\/b><\/p>\n While there were fewer major and successful cyberattacks aimed directly at organizations operating within healthcare in 2016, make no mistake, the threat remains very real. Cybercriminals are keener than ever to launch ransomware attacks within this space, while new technology \u2013 think the Internet of Things \u2013 is opening up new avenues for malicious activity.<\/p>\n Lysa Myers draws attention to the reality of improper implementation of security, which is inconsistent, flawed and insecure. Detailed assessment of risks is required, backups need to be regularly carried out and a better understanding of the vulnerabilities in equipment is paramount. Professionals also need to be cyber-aware.<\/p>\n \u201cThe security of the healthcare industry is likely to be in the spotlight for the foreseeable future,\u201d Myers goes on to say.<\/p>\n \u201cDespite the current troubles, the opportunity exists to make a significant transformation that could serve as a model of positive change for other industries, as the Internet of Things makes its way into our homes and workplaces.\u201d<\/p>\n Threats to critical infrastructure<\/b><\/p>\n Cyberattacks on critical infrastructure made the headlines in 2016. It\u2019s a clear trend, and one that has devastating potential (critical infrastructure, as its name suggests, encompass vital assets that allow a country to function effectively \u2013 any serious incapacitation\/destruction can have severe implications).<\/p>\n Cameron Camp and Cobb are of the opinion that in 2017, some cybercriminals will be looking to focus their attention on these kinds of attacks, especially via the internet infrastructure. Likewise, bolstering security is also on the top of the agenda, with inroads already being made (in the US, for example, there are now 24 ISACs).<\/p>\n \u201cWe sincerely hope that efforts like this, and others around the world, get the backing and resources they need to succeed; however, for this to happen it will take more than good intentions,\u201d they both commented.<\/p>\n \u201cIt might even require political pressure from the folks most likely to suffer from cyberattacks on critical infrastructure, the electorate.\u201d<\/p>\n Challenges and implications of cybersecurity legislation<\/b><\/p>\n As we\u2019ve become accustomed to a world increasingly defined and shaped by technology, we\u2019ve started to see the wider world begin to tackle the legal challenges and complexities surrounding cybersecurity.<\/p>\n From any perspective, let alone a global one, the task at hand is far from easy, discusses Miguel \u00c1ngel Mendoza, as \u201cthere are various tensions, positions and counterpoints\u201d that decision makers have to contend with. As the highly publicized stand-off between Apple and the FBI has shown, people have very different ideas about what is right or wrong.<\/p>\n \u201cIn the light of these challenges and tensions, we can see the need to define clear rules for all stakeholders, perhaps based on international, regional or local agreements, which consider all parties,\u201d Mendoza suggests.<\/p>\n \u201cThe objective [is to make] legislation truly effective, capable of being applied and executed.\u201d<\/p>\n Gaming platforms<\/b><\/p>\n When it came to security, computers games did not really enter into the equation. However, with gaming moving online and onto mobile devices, cybercriminals have gravitated towards this immersive and popular environment.<\/p>\n Money laundering, as a case in point, has migrated to the virtual world, explains Puodzius, while big gaming companies are attacked, malware is deployed and gaming networks knocked offline.<\/p>\n![\"shutterstock_450704737_georgejmclittle\"](\"http:\/\/www.welivesecurity.com\/wp-content\/uploads\/2017\/01\/shutterstock_450704737_Georgejmclittle.jpg\")
<\/p>\n![\"security\"](\"http:\/\/www.welivesecurity.com\/wp-content\/uploads\/2017\/01\/shutterstock_248574760_Scanrail1.jpg\")
<\/p>\n