The document provides 15 security predictions for 2017. Some predictions include that internet of things devices will continue to be targeted due to security issues, cybercrime tools will be increasingly available as a service, ransomware attacks will grow more advanced, hacking will be used in political campaigns, cyber attacks will target critical infrastructure, and automation will be used to address the cybersecurity skills gap.

1. Top 15 Security Predictions
For 2017

2. Image courtesy Forbes
Looking into the crystal ball
Not that anybody knows for sure what will be happening even a
month from now, never mind six months to a year. So here are
some of the best guesses about what we will see in 2017 from
several dozen vendors and analysts. There are many more
than 15 predictions out there, of course, but these are the ones
we heard most frequently.

3. Image courtesy Business Insider
Internet of malicious things
Internet of Things (IoT) devices –everything from consumer
devices to smart meters, medical devices, automobiles and
more – have already been conscripted as zombie troops for
cyber attackers, due to their limited computing power and the
firmware running on them, which in many cases can’t be
patched or updated. IoT winners will be those that can code their
own solutions to ensure their products are secure.

4. Image courtesy PYMNTS
Crimeware at your service
Rookie hacktivists and hobby hackers, driven by pop-
culture references and increased media attention, will
increasingly get into the cybercrime game. They will use
off-the-shelf tools for nuisance attacks like web
defacement and port scans, plus more damaging attacks
through DDoS as a service and Ransomware as a
Service (RaaS). While these adversaries won’t have the
skills for lateral movement, their attacks could be costly
and cause reputational damage to the company brand.

5. Image courtesy 1and1
DDoS: Weapon of mass
obstructionDDoS attack firepower in 2016 increased to frightening levels –
rising from 400Gbps bandwidth to 1Tbps or more becoming the
norm – thanks to millions of IoT devices lacking even basic
security. These attacks require specialized protection that very few
organizations in the world today can provide. That firepower will
be used sometime in 2017 to take down critical infrastructure and
even the internet infrastructure of whole countries in support of a
physical military attack.

6. Image courtesy Data Center Journal
Increasing Cloudiness
Financial institutions have been slow to adopt the cloud. However, with
more compliance, and better security features in the cloud, more of these
companies will no longer be able to ignore its benefits. But enterprises will
need to shift their security focus from endpoint devices to users and
information across all applications and services to guard against
ransomware and other attacks. Cloud Security-as-a-Service will cut the
cost of purchasing and maintaining firewalls.

7. Image courtesy PulsaTV
Spy vs. Spy
Drones will be used for espionage and attacks as well, with efforts
beginning to hack into drone signals and allow “dronejacking” in a few
more years. As was the case in 2016 with the Trident incident, which
leveraged mobile browser vulnerabilities and the latest iOS JPEG
zero-day, more espionage campaigns will target mobile, benefiting
from the security industry’s struggle to gain full access to mobile
operating systems for forensic analysis.

8. Image courtesy CNN Money
Hack the vote
Hacking will become a common technique for opposition
research that will trickle down from the presidential
election to House, Senate and state contests. The
damage to public figures could range from
embarrassment, like the hack of the Democratic National
Committee, to physical danger from the use of location
data to launch a physical attack.

9. Image courtesy The Conversation
Taking terror onlineThink takedowns of traffic lights, portions of the power grid,
water systems, etc. – they might not cause catastrophic
damage, but they will disrupt daily life. But because of
attribution difficulty with cyberattacks, made even more difficult
through the widespread use of misdirection (generally known
as false flags) there will be considerable ambiguity about the
attacker’s identity.

10. Image courtesy Daywatcher
Open season on open sourceOpen source has become the foundation of global app
development because it reduces development costs, promotes
innovation, speeds time to market and increases productivity.
But hackers have learned that applications are the weak spot in
most organizations’ cyber security defenses, and that
companies are doing an abysmal job of securing and managing
their code, even when patches are available.

11. Image courtesy Jalubro
Betting on insurance
After spending $81.6 billion on security technology in 2016
(Gartner), and still seeing breaches continue and ROI on
security solutions hitting all-time lows, companies will figure
insurance is a better bet. But insurers, while be happy for the
added business, won’t be handing out claims money easily. As
attacks become more common and damages more widespread,
some insurers will cut back their cyber liability offerings.

12. Image courtesy Oklahoma Cyber Command
Catch the phish
Nearly all enterprise hacks begin with phishing, in spite of
employee training conducted on security best practices –
workers are human, and therefore, will always be fallible. Nearly
all enterprise hacks begin with phishing, in spite of employee
training conducted on security best practices – workers are
human, and therefore, will always be fallible.

13. Image courtesy Ars Technica
Ransomware everywhere
Ransomware will continue to increase, evolve, get
stealthier and use automation to attack the cloud,
medical devices like MRI machines pace makers, critical
infrastructure and mission-critical servers. However, the
unlikely “trust” relationship between ransomware victims
and attackers – based on the assumption that payment
will result in the return of data – will decline as a lesser
grade of criminal enters the space.

14. Image courtesy Lattice Semiconductor
The long privacy goodbyeGovernment surveillance will increase and become more intrusive,
through use of the kind of tracking and targeting tools used in
advertising to monitor alleged activists and dissidents. 2017 will be a
pivotal year in the 25-plus-year debate about information, privacy,
and security.

15. Image courtesy Emerce.nl
Gentlemen, start your attack
surfacesModern cars, typically containing more than 100 million lines of
code, are increasingly intelligent, automated, and most importantly,
Internet-connected. But carmakers don't know exactly what software
is inside their vehicles because it comes from third parties and
almost certainly contains open-source components with security
vulnerabilities – a target-rich environment for hackers.

16. Image courtesy Google Play
Faking it
Fakers are already a problem – users who download your app, log in
regularly and even make purchases might not be real. And with the
decreased effectiveness of CAPTCHAs, SMS and email verification are
also becoming an easy barrier to overcome for fraudsters opening fake
accounts. This will get worse in 2017 as advertisers and ad platforms
adopt more sophisticated tracking technology and fraudsters become
more experienced at mimicking the behavior of real users.

17. Image courtesy Ndigit
Skills gap? Use automation
With the security skills gap approaching Grand Canyon
dimensions, organizations will look to automation so skilled
workers won’t have to waste time on manual, mundane
responsibilities and regularly performed duties. Automation will
also help the pros to do their jobs more effectively. They will
receive fewer notifications with more relevance, relieving them
of the manual task of hunting through a sea of alerts to find the
truly malicious ones.