Skip to main content

The changing face of cybersecurity – A look back at 2016 and a look forward to 2017

Cybersecurity has come a long way over the past five years. Controls have been invented to monitor a user’s every move without violating their privacy and the chief information security officer (CISO) is now a fixture in many modern organisations.

With the last quarter of 2016 upon us and 2017 looming large, I've thought about look at what companies need to do as 2016 draws to a close, and what may be in store during 2017.

Stay on top of vulnerabilities: Microsoft states that 41.8 per cent of vulnerabilities are given a highly severe rating these days. This is a three-year high! Ensure you’re prioritising and managing your vulnerabilities accordingly.

Wean your people off of Flash: According to Microsoft, 90 per cent of malicious web pages contained Flash. HTML5 is great at streaming video. As such, Flash is no longer necessary and should be removed from your systems.

Prepare for ransomware: Ransomware has become ubiquitous. 61 per cent of exploit payloads are now ransomware, according to MalwareBytes. Keep good backups, monitor your files for encryption activities, and – ideally – employ endpoint protection with application whitelisting or encapsulation.

Emphasis on detection: Prevention eventually fails. So, put your money on detecting threats or breaches as quickly as possible. 2016 saw several next-generation platforms come into being; machine learning and user behaviour analytics, along with big data, are helping to detect malicious behaviour more efficiently.

Get a CISO!: The Price Waterhouse Cooper Global State of Information Security survey  states that in 2015, 91 per cent of organisations were following a risk-based cybersecurity framework, but only 54 per cent have a CISO running their cybersecurity programme. Roughly half of respondents are running security awareness training, conducting threat assessments, or are monitoring cyber intel. A risk-based framework is a great foundation, but less effective without a CISO dedicated to driving the initiatives forward.

Five years ago, the term CISO was not popular, ransomware was only a twinkle in its daddy’s eye, and Flash vulnerabilities were (relatively) few and far between - but times are changing.

What's in store for 2017?

It looks as though there will be at least three heavy hitters next year:

(Further) Proliferation of mobile malware: Mobile malware seems to be growing at an exponential rate. Security researchers at Check Point Software have found upwards of 10 million Android phones infected with auto-rooting malware. The idea that some mobile malware can embed itself in a phone’s bootloader and remain persistent even after factory reset is a scary thought.

Internet of Things leveraged for attacks: In September 2016 Brian Krebs’s blog, KrebsOnSecurity, went down due to a 620Gb/s(!) Distributed Denial of Service (DDoS) attack carried out by IoT devices. The Mirai malware code - used in the attack on Krebs - has recently been released, which means that attackers will be able to recruit vulnerable IoT devices for similar attacks.

Emphasis on obtaining, training, and retaining cybersecurity staff: Over the past few years, much focus has been placed on buying the best tech, hiring consultants and auditors, and putting employees in place to monitor and respond to cyber threats. Unfortunately, there are more positions than there are qualified cybersecurity analysts. This is a problem. Requirements for employment should be reduced (i.e. no bachelor’s degree required), or employees must maintain certifications and regular training to stay up to date with the latest threat trends and technologies.

User Behaviour Analysis and AI: Artificial intelligence and UBA may be one of our saving graces next year. Leveraging AI and UBA will provide new means for detecting threats, reducing the need for “eyes on glass” and allowing the good guys to actively remediate threats as they appear.

Many of the trends of 2016 are going to stick with us and new ones will emerge over the coming months – so it’s important to keep cyber security as a priority.

Jamie Graves, CEO of ZoneFox (opens in new tab)

Image source: Shutterstock/Sergey Nivens

Jamie is the CEO of ZoneFox, which focuses on detecting insider threats and other fraudulent activities by examining human behaviours using machine-learning. He has PhD from Edinburgh Napier University.