6 cyber predictions for 2017
Connecting state and local government leaders
McAfee’s annual report on the cybersecurity landscape holds some tips for government IT managers.
Cybersecurity has long since moved beyond “patch, patch, patch” to focus on big picture problems such securing cloud services, the disappearing perimeter and the managing the flood of mobile devices that push the definition of traditional security. McAfee Labs 2017 Threats Predictions report gives government IT managers a heads up on what to expect next year:
1. Ransomware subsides in the second half of 2017
The scourge of hospitals, government agencies, transit organizations and others, ransomware may be leveling off, with the widespread media attention expected to spur solutions, McAfee predicts. Special interest organizations have done a good job of raising awareness, and companies have taken up the call to find answers.
2. “Dronejacking” places threats in the sky
Consumer drones sold with open ports and weak authentication create opportunities for attackers to take control of unmanned systems. Although vulnerabilities can often be fixed with a software update, “this requires the manufacturer to release a patch,” the report said. Expensive, high-end drones will get patched quickly, but hobbyist drones may fly a long time before a patch is even available. That means exploit kits for unsecured drones will become available, and dronejacking via laptops with directional antennas may emerge. Unsecured drones open up risks for package delivery, aerial photography and law enforcement surveillance. Besides the danger to the devices themselves, look for drones that land on buildings and attempt to hack into the wireless networks inside, McAfee warns.
3. Takedown operations put a dent in cybercrime
Increased cooperation among law enforcement, industry and security vendors will help shut down criminal operations. The report warns, however, that cybercriminals will begin to challenge the relationship between private vendors and law enforcement agencies, so all parties should prepare for legal ramifications of cooperation.
4. Threat intelligence sharing improves
New automated tools will make sharing information easier, and crowdsourced threat intelligence and collaborative analytics help security analysts “connect the dots.” Legislation like the Cybersecurity Information Sharing Act will help overcome barriers to sharing by extending liability protection to the sharing entities.
5. Cyberespionage increases in complexity
Former state-sponsored teams will become information brokers in cyberespionage in 2017, providing “access” for money. “Everyone has information that is worth something, but it takes a creative mind to profit from it,” McAfee says. Additionally, advanced attackers are accessing networks by attacking firewalls, giving them “a great way to fly below the security radar.”
6. Cyber and physical systems merge
The separation between the physical and digital world could begin its erosion in 2017, making the security of one dependent on the security of the other. McAfee predicts that the physical and cybersecurity industries will begin hardening security products and that cybersecurity solution providers will begin to service and support physical security.
Read the full report here.
NEXT STORY: Guidelines for bug reporting