Cyber security predictions are tough, but security is on everyone’s minds, from Donald Trump to congressmen and women on both sides of the aisle to big business to your dear sweet grandmother. Given all that we have seen in 2016, we asked our founders and research team to spell out the top 5 cyber security predictions they expect to see in 2017.
1. The biggest trend for 2017 is that social media attacks are going to get worse
Overall, the trend through 2016 and into 2017 is that social media attacks are growing worse and worse. As enterprise adoption of social collaboration skyrockets, so too will rise a new litany of risks impacting data security and safety. We believe that we will see more adversaries take advantage of social media to target business operations as well as their employees and customers directly.
We also expect to see corporate social networks infiltrated by attackers. This infiltration will drive a need for businesses to offer social media security services in a similar fashion as they’ve been providing antivirus services to employees. Services providing social media security for individual employee protection will be paramount in 2017. These new services will need to be implemented in order to safeguard not only the employee, but also the entire business from the new wave of social media attacks.
2. The rise of ransomware
Ransomware was already a very hot topic in 2016, but it’s only going to get worse. Ransomware is getting more sophisticated and more professional — some ransomware criminals have customer support lines to help process your payments. The security has yet to come up with a solution for the problem. The best we can do it continue to try to prevent it.
This will be an uphill battle, considering ransomware have more attack vectors than ever, from email to social media to digital web.
3. More malicious actors will amass the PII we share on social to steal identities and footprint attacks
In 2017, organizations and individual users can certainly expect to see more and more organized crime groups, foreign powers, and corporate competitors increasing their use of social media to conduct reconnaissance and steal PII. Surpassing email, social media has become the most important personal communication platform and businesses are using social media to fuel growth, engagement and connectivity. Social media platforms can contain a wealth of publicly available personal information, and many networks encourage users to over share. This information allows attacker the easiest possible platform for footprinting an organization and planning an attack.
We may also see a rise in attacks against in-house social collaboration platforms like Slack, Workplace [by Facebook], and Microsoft Teams. While these platforms are huge productivity enablers, they also come with significant risk, security compliance, and governance challenges.
Social identity has become increasingly important over time, and this momentum is only going to increase throughout 2017. We’re expecting a rise in social identity being used more and more by businesses and individuals, becoming a staple for identity management. For example, mortgage lenders are evaluating potential clients’ social presence to assess risk for credit-worthiness. Not having a social presence can hurt you because this can be interpreted by evaluators that you don’t have any social pressures to be trustworthy. Additionally, some organizations are also looking to utilize social media for background checks for hiring employees. All this information is publically facing and ripe for identity thieves.
4. Adversaries will get more sophisticated
Adversaries are getting more sophisticated; long gone are the days of the obvious “Nigerian Prince” scam. We have been seeing mass-phishing scams such as Ray Bans that are advertised at 90% off and include clickbait tempting, such as “click here and some money even goes to charity”; inclining people to click and potentially share personal information, credit card information, and even log-in credentials. Users need to be watchful of all potential malicious and phishing links — even if they’re sent from a “friend”. As a best practice, we recommend that users hover over any shortened links, which can provide a preview of the expanded link before clicking.
A variety of research was published in 2016, including by our own team, demonstrating that data science techniques can now be used on the offensive, not just the defensive. Automated phishing bots can operate with more efficiency than a human. Most alarming, these tools can learn, ultimately getting more effective over time.
5. Security will retain its place at the top of the newspaper and the top of the political conversation
The second half of 2016 was the busiest year for the security industry in terms of media coverage. Between Hillary Clinton’s email scandal, Russia’s involvement with the elections, and more major breaches than you can shake a stick at, the national conversation around data security has never been more mainstream. As the baton of power is passed from the Obama administration to the Trump administration, expect to see cyber security remain center stage. While we at ZeroFox hope for a time when the good guys have won the fight and breaches are a thing of the past, there is still work to do. National politics and media will keep cyber security very high on their list of priorities.