Heroes vs villains: human play both roles when it comes to cybersecurity in 2017

Humans will keep making security decisions, but also orchestrate attacks.

Every year around this time those in the industry look to predict what will happen in security over the next twelve months. Predictions can be hit and miss, with some failing spectacularly making far-fetched or grandiose statements that never have any chance of becoming reality, although they are funny to look back on. Here I focus on the key trends I believe will grow significantly during 2017.  

The cybersecurity industry has featured in the news many times in recent years with high profile and ever larger and more damaging attacks. This is something we can expect to continue in 2017 and will need to be prepared for. Many more industries are using IoT, meaning there is a greater need for more and more industries to have cyber defence expertise – think self-driving cars and IoT connected kettles.  

As we all come to use and rely increasingly on technology, the role of the human will remain critical. Humans are both the problem and the solution, the potential weak point and the potential crisis-averter. For example, humans will keep making security decisions, but also orchestrate attacks; humans will overlook critical signs and warnings, but also have the ability to rectify oversights and mistakes. Human beings will be in the loop throughout the process – even as technology advances significantly in 2017.  

So what are my predictions for 2017?

1) The largest ever attack will be seen and the increased threat will lead to more investment

In 2016 we experienced larger and more sophisticated cyber-attacks, from the Mirai botnet on Dyn which experts said was the largest attack of its kind in history to the DDoS attack on security website krebssecurity which clocked in at a massive 620 Gbps in size. The trend is set to continue.  

The upshot of this will be that companies from a broad range of sectors will increase their investment in cybersecurity. The equation needs to balance: as attacks become bigger and more frequent, defences will also need to be more robust and sophisticated.  

2) IoT will further increase the threat of cyber-attacks

Following on from the increasing size of attacks is the threat from IoT. The Mirai botnet which attacked Dyn was made of up of a lot of compromised IoT connected devices such as webcams and DVR players. 

A focus on mitigating the threat from IoT devices will be vital in 2017.

3) BYOD and remote workforces will force the adoption of new technologies

As BYOD has boomed, cyber criminals have targeted all forms of mobile devices, keen on getting hold of the customer data and intellectual property literally laying in staff pockets. 

Increasingly CIO’s, CISOs and other senior executives responsible for the security of data and networks are aware of the need to adopt new technologies in order to comply with regulations, maintain their reputations and keep their information safe. In 2017 CIOs and CISOs will increasingly look to find a solution to the security problems associated with BYOD and remote workforces.

4) Biometrics will make headway in replacing passwords

In 2017 biometrics will become increasingly sophisticated. It seems very likely the sci-fi vision of using your eye to access a mobile bank account for example, will become a reality. We know passwords are flawed and as the shift online progresses the validity of passwords decreases as people either use the same one for everything or constantly forget them. 

As such, it would seem for progressive organisations that can take on the expense, biometrics is a clever way forward.  

The growth in this area will be a key development to watch in 2017. Also, as biometrics becomes more astute new forms of biometric authentication will be used, for example behavioural biometrics, which uses sophisticated machine learning algorithms to help builds up a unique profile of the user based on how they interact with the device.  

5) Resilience will become a keyword

Resilience will be key in 2017! The cybersecurity industry is rapidly moving towards the model of resilience, essentially meaning how dowe build security into our systems so that our networks are robust. Networks will be built so that they can recover automatically from all these different things that are going on. Artificial intelligence will have a crucial role to play in making this a reality. That’s not to detract – at least in 2017 and in the few years beyond that – from the fact humans will continue to play a crucial role in cyber defence. 

One day though that will change, but certainly not in the next twelve months. 2017 will undoubtedly be an exciting year in the industry. In my opinion a lot of the trends we are already seeing develop will take on new significance and impetus as the threats organisations face develop and create the potential for huge damage. Just think what the data breach at TalkTalk did to that company’s reputation and share price. 

I see the potential for the largest cyber-attack ever in 2017; all the indicators are there with the rise of IoT increasing the threat. The problems resulting from BYOD will need to be addressed in 2017 and the opportunities it creates will put increasing pressure on executives and the industry to find proper solutions. On the security measure front, I believe biometrics are poised to become much more widespread and sophisticated and this has the potential to play a significant role in the fight against cybercrime, especially in industries like online banking. 

Lastly, there will be more resilience built into systems which is good news as the battle rages between those that seek to defend data and networks versus those who want to steal or destroy them.

Jonathan Couch, SVP of Strategy, ThreatQuotient
Image Credit: Den Rise / Shutterstock