The rise in cybercrime exposed numerous cybersecurity weak spots across a multitude of businesses and industries. The key trends that took place in 2016 include artificial intelligence entering the domain of cybersecurity, the dramatic growth in ransomware attacks, the increase in cyber-attacks on critical infrustucture (SCADA systems), the rise in APT attacks and cybercrime-as-a-service, and a reminder that DDoS attacks are still relevant and disruptive. 2016 was filled with cybersecurity triumphs and pitfalls. Looking ahead to 2017, here are our forecasts of the acheivements and challenges to come:
1. AI-based cybersecurity solutions will boost protection capabilities
The availability of Big Data combined with the powerful processing power of Graphic Processing Units (GPUs) has rushed in a Renaissance period for artificial intelligence (AI). Moreover, the accessibility of powerful algorithm-based software through open-source products and services in enterprise platforms has further facilitated the application of machine learning. As a result, we’ve seen quite a few cybersecurity companies incorporate AI capabilities, mainly machine learning, to their solutions. In 2017, we expect more companies to integrate AI into their solutions as a way to enhance their protection capabilities and catch up with industry leaders.
The dramatic shift will come from leveraging deep learning, an advanced branch of artificial intelligence that mimics the way a brain learns. Deep Instinct is the first company to apply deep learning to cybersecurity. We offer customers a new approach that protects against brand new (zero-day) threats and advanced persistent threats (APT) – the most sophisticated type of cyber-attacks. In 2017, we expect more companies to attempt, and perhaps some will succeed, at meeting the high barrier of applying deep learning to their cybersecurity poducts.
2. Ransomware attacks will remain a valid threat to operations, especially corporate ones
With its high ROI, from being easily purchased on the Dark Web, having a low risk of getting caught, and gaining high profits with little effort, ransomware will continue to pose a serious threat to public and private operations. From a technical standpoint, the difficulty of being protected against zero-day exploits means that this will continue to be a threat, especially as it expands in scope and magnitude onto IoT devices and cloud services.
In 2017, we expect to see mutations of ransomware that are not only encryption-based but use other extortion methods such as theft, data wiping or corruption, denial of access to the entire operating system, and the prevention of the operating system from booting by overwriting the MBR. Furthermore, ransomware families that target enterprises will evolve to have different variants for each operating system, or even be cross-platform. Moreover, although the majority of ransomware families currently target only Windows, ransomware attackers will likely be able to attack every server, client, mobile device, or any other network component in the organization, leaving no end-point uninfected or no recoverable backups.
Another trend we expect to see is a severe ransomware attack on industrial networks. This attack might not necessarily involve encrypting files, but disrupt operations, such as electric, water, gas, or nuclear utilities, until the ransom is paid.
3. IoT attackers shift their attention to the enterprise
The Dyn DDoS attack in October that disrupted internet access to some of today’s most popular sites is a forerunner of cyber-attacks to come. This past year we’ve seen IoT-related cyber-attacks simulated on cars and carried out on CCTV cameras, domestic devices and toys. In 2017, we can expect these attacks to increase in volume and extent of damage.
Moreover, with IoT devices remaining vulnerable due to default passwords do not being changed or security patches not getting updated, we expect the attacks to start targeting enterprises, focusing on devices such as thermostats and security cameras to gain access onto the enterprise’s internal network.
4. The growing appeal of critical infrastructure and the industrial industry to cyber-attacks
The attacks on two power distribution companies in Ukraine and sophisticated malware that targeted energy companies in Western Europe demonstrate that these networks are becoming a prime target for attacks, and are often backed by nation states. Furthermore, as ICS/SCADA networks shift from old and legacy systems to newer wireless communications protocols, we expect to see more attack attempts on industrial networks and infrastructure, such as trains and railway systems, as well as ransomware that targets SCADA systems.
5. SMBs will ramp up cybersecurity solutions
SMBs are increasingly becoming growing targets for cyber-attacks because they are perceived as low hanging fruit. As a result, we anticipate that SMBs will increase their security spending and budgets as a direct result of the increase in the frequency and scale of cyber threats, as well as from the high stakes of suffering from serious financial and reputational losses in the wake of a cyber-attack. This will likely be facilitated by the increase in advanced cybersecurity solutions offered with cloud management.
6. Prevention: The new focus of cybersecurity
Revisiting the biggest attacks from the past year make it clear that an endpoint detection response that does not include a prevention solution is no longer enough. The increase in new threats and attacks that can evade current cybersecurity solutions, as well as the limitations inherent in detection-focused ones, raises the need for cybersecurity solutions that offer real-time prevention. Groundbreaking solutions, such as Deep Instinct’s which instantly identifies and blocks Zero-day threats and APT attacks, are the ones that can meet the challenge by providing the protection needed in an evolving cybersecurity arena.
Cybersecurity attacks launched against businesses, organizations and individuals will only continue to grow, making it even more vital to seek out suitable solutions and processes to prevent attacks before they can cause damage to the organization.