With festivities under way and less than two weeks before Christmas Day, many begin looking towards the new year and what it may bring. Organisations have encountered yet more security challenges, which underlines that change is the only certainty for the cybersecurity landscape. Given the events of the last 12 months, below we offer five predictions for 2017 that could shape the next 12 months in cybersecurity.
Consumers will demand transparency
Recent research by NTT Security into online shopping behaviour highlighted the growing demand from consumers around transparency of both policy and incidents from organisations. High profile breaches – particularly of well-known household names – have heightened consumer awareness and understanding of data breaches. This trend is likely to continue into 2017 and beyond. Those businesses that can demonstrate their security policies and response plans to customers will help lower their exposure to risk and drive competitive advantage against their peers.
Innovation will continue to fuel consolidation
This year has seen significant consolidation within the cybersecurity market – both from a services and vendor perspective. This included the BlueCoat acquisition by Symantec, Cisco’s various acquisitions and, from our own perspective, the formation of a specialised security company, NTT Security, bringing together advanced analytics technologies, threat intelligence and security experts. Market consolidation is fuelled in part by innovation, where smaller organisations with a particular specialism are integrated into a larger organisation, with a view to providing a more rounded offering to customers. But it also means larger companies can foster innovation through incubation programmes, made possible by efficiencies and expertise gained through economies of scale. This will continue, underpinning the importance of innovation in security to stay relevant to customers.
The Identity of Things
The emergence of the Internet of Things has further blended the physical and digital worlds and has driven both convenience and efficiency gains. IoT is driving an enhanced user experience and more effective way of doing things. However, criminals are looking at ways to exploit vulnerabilities that may exist. We have seen evidence already of cybercriminals using internet-connected home devices, like CCTV cameras and printers to launch DDoS attacks to immobilise sites like Twitter and Spotify. 2017 is likely to see further exploits of IoT devices and highlight the need to wrap them into a comprehensive security policy and ensure the identity and operation of these devices is legitimate.
DDoS attacks will cost businesses
Most businesses are failing to realise the potential impact of distributed denial of service attacks (DDoS) which is why they are not budgeting for them or implementing the right controls and response plans. DDoS attacks aim to disrupt or block an organisation’s web services, and recent high profile incidents like the attacks though US company Dyn using connected home devices (as above) and the one on security website Krebs, will help push it up the corporate security agenda. But increasingly these will be driven by extortion, with ransom-based attacks becoming more common and companies prepared to pay off cyber criminals to avoid customer attrition and financial loss.
Advanced analytics will be a game changer
One of the big data challenges for cybersecurity is how to drive relevance and insight from all of the various pieces of technology used to protect an organisation. Data analysis has been used to give meaning but, as the threat landscape evolves, so too must the way we interpret and drive context from information. Advanced analysis will be key in making sure the right risk management decisions are made. This is far more than just looking at what is going on right now; it also means looking at historical patterns, and employing artificial intelligence that continually learns patterns of behaviour and ultimately anticipates or predicts when an attack may occur. A balance of sophisticated machine learning, automated analysis and “eyes on glass” security experts will be a powerful combination that will change the dynamics of managed security.