As 2016 comes to close, we are faced with many questions about what to expect in the coming year. Will malware ridden homes become the norm? Will mobile payments continue to mature and find their place in major organizations? Will IoT apps and devices face major attacks? As a long-time cybersecurity practitioner, I can’t help but think of the security advancements that are required to keep up with this interconnected, ever-changing landscape. Just as technology advances from year to year, so do hacking techniques.
With that in mind, I’ve developed ten cybersecurity predictions for 2017. If all my predictions come true, we are in for one eventful (and bumpy) year.
1. Financial Losses and Human Lives through IoT attacks
While there is a lot of talk about IoT attacks, 2017 will bring the seriousness of these attacks to the forefront. Not only will IoT attacks result in major financial losses, there is a high likelihood for loss of life or injury when you look at Connected Cars and Connected Medical Devices. While some of the cutting edge vendors in these spaces are working on securing their devices and apps, a vast majority have not taken it seriously enough. Let’s hope that damages will be limited to financial loss.
2. Mobile banking and payment apps will be key targets
Hackers attack banks because that’s where the money is. Banks are moving to more mobile banking to offer ease of use, competitive differentiation, and to achieve operational efficiencies. But security continues to lag in mobile code and hackers are going to have a blast exploiting these apps. Many banks and retailers are creating mobile payment apps to reduce their cost and have better control over the payment chain. Most of these apps are severely lacking in security and hackers can easily manipulate these for major financial gain.
3. Cyberterrorism will become more mainstream
There was a lot of talk about hacking during the election, but the reality is that a proxy cyberwar has been going on for some time between various nations -- and it’s only going to accelerate in 2017. I expect major attacks occurring at the government infrastructure level, as well as commercial companies at the IoT level, to cause serious damage.
4. More regulatory standards for Mobile and IoT security
Industry associations and federal regulators are finally starting to realize that mobile and IoT have become the weakest link in both our commercial and government infrastructure. With legacy servers and networks more secure, hackers are going after mobile and IoT devices and applications with easy to exploit vulnerabilities. Work has already started at the association level with NIST and at the government level with Congress trying to work on new guidelines and standards for securing IoT infrastructure.
5. Drones will offer a new attack vector
Drones have their own unique identity, but they could be considered mobile or IoT devices as they start connecting with other devices. As Drones are used to deliver more goods, expect drone-jacking and other attacks. Hackers can also cause drones to malfunction with a malware resulting in injuries.
6. Insider attacks will continue to grow and get more sophisticated
Whether it’s disgruntled employees attacking to take out anger toward their employer, or employees collaborating with external hackers for monetary gain, these types of attacks will continue to grow because they are easy to execute.
7. Retailers will get attacked at various levels
Retailers are focused on creating new ways to generate more revenue and beating the competition. Mobile and IoT applications are the new and exciting areas for retailers to create differentiators. But in the haste to create these applications, security is usually an afterthought -- and hackers know that. I expect to see cyberattacks at both the mobile and IoT level at some of the largest retailers.
8. Connected Homes will see malware infections grow
More and more, home owners will start using connected devices without understanding the security implications. There will be malware that finds its way into these devices and is exploited at the right time whether for ransomware or some other malicious purpose.
9. More IoT DDoS attacks
Hackers are already selling botnets on the dark web to be used to launch attacks. Mirai was just the beginning which will bring all kinds of new hackers into the playing field.
10. Ransomware will continue to bear fruits
For the hackers that is. And it’s a low hanging fruit. Hackers have realized these are easy pickings as consumers and companies would rather pay and not deal with the hassles and loss of productivity.
About Mandeep Khera
Mandeep Khera is chief marketing officer of Arxan, a provider of application attack prevention and self-protection solutions for Mobile, IoT, and other applications.