Richard Henderson, global security strategist, Absolute
Household devices will be the source of a major breach. As more and more devices connect to enterprise networks, IT and security teams are ill-prepared to deal with the security considerations around them. Most IT teams are already stretched thin supporting the typical desktop/laptop/telephony infrastructure all organizations need, so what about IoT?

Ensuring that the untold scores of connected devices are safe to use inside a corporation’s walls is no easy task, but it cannot be ignored. From printers to refrigerators to the fitness tracker on your wrist, all have been shown to be vulnerable to exploits. The situation will only escalate as new versions are released and device manufacturers stop patching outdated devices. We expect that this problem will come to the forefront in 2017 with a massive breach resulting from an infected or compromised device unknown to IT teams monitoring the network.

Enterprises will ban IoT devices on the company network. I’ve been talking about the inherent threats surrounding connected devices for quite some time, and 2016 proved that machine-to-machine attacks are here to stay. Millions of connected devices have been subverted and used to launch Distributed Denial of Service (DDoS) attacks on scales that weren’t even conceived of in the past. Major sites are knocked off the internet in a blink, causing e-commerce grinds to come to a halt. Millions of dollars are lost in revenue, clean-up and additional defenses.

What’s an organization to do when devices inside their networks are exploited and used in attacks elsewhere? What sort of liability will companies face when it’s determined that the thousands of internet-enabled security cameras being used to monitor their facilities are being used to take out online properties? It’s likely that conservative and risk-averse corporations will declare such devices off limits for their IT teams to use. They will either require the most stringent of routing and security controls added to them or just ban their use outright.

Imposter apps feed data brokers. Imposter apps, also known as “me-too” apps that try to cash in on tidal waves of popularity when the next big app hits, are not new or novel. Both Google and Apple have been swatting down these copycats with limited success for years, but the torrent continues unabated. In the world of Android, many of these apps are thinly-veiled clones rife with adware and spyware – whereas in the iOS world, Apple’s walled garden has, with some very rare exceptions, done a much better job of keeping those apps out.

The following year will bring with it a whole host of new, malicious impostor apps that pretend to be popular programs, but are really designed to syphon off every little bit of personal information on your device and send it back to someone who will bundle it up and sell it to illicit data brokers. Among the most targeted will be young adults, who have shown they hold little value in keeping their information private in recent research.

A stolen device will uncover major political scandal. As we saw in 2016, securing email seems to be very difficult for politicians… from hacked email servers to leaked files posted online, it’s clear that politicians and their staff need to beef up their security game by many orders of magnitude.

But with all the attention being put on securing backend infrastructure, groups will forget to educate and secure the endpoint devices being used by the politicians themselves. A stolen laptop without full disk encryption or asset tracking software can very easily be broken into and ransacked. Why hack the hardened email server when you can just get the emails from the user directly? Expect to see at least one embarrassing incident where leaked emails that came directly from a stolen device are sent to the press. Don’t forget, the inauguration of President-Elect Trump is January 20, 2017, so expect this prediction to jump-start the new year.

2017 data breaches will dwarf 2016. 2016 may go down in the history books as the year of the breach… it’s estimated that more than 2 billion pieces of stolen data were pilfered from companies before 2016 was complete. We keep preaching about the dangers around data breaches, but it seems the message isn’t being heard. From misconfigured servers leaving entire databases free to download, to leaked troves of emails, the number of breaches continue to grow.

We firmly believe that 2017 will make 2016 pale in comparison. Based on the extensive adoption of cloud services, third-party processing of data, and the huge attack surface that’s available to attackers – I predict we’ll see 4-5 billion records exposed this coming year. Attackers are hitting networks with a level of unrelenting assault simply unimaginable a couple years ago… and they’re not going to slow down. Defense is a seemingly herculean feat: defenders have to get it right 100 percent of the time. Attackers? They only need to be right once.


Reuven Harrison, CTO and co-founder, Tufin

Security skills gap approaching Grand Canyon levels. Increasing complexity has made protecting the enterprise network more difficult today than in the past. Compounding this issue is the expanding skills gap and staffing the right people to do the job. Since the security skills gap will pour into 2017, we expect automation to really take off in an effort to decrease manual, mundane responsibilities and regularly performed duties, and help shorthanded IT pros focus on what really matters. Skilled workers wasting time on tasks that could be done automatically are eating away at IT departments.

DevOps data breach. Of particular importance in 2017 is the need to apply security within the DevOps process, ensuring compliance to internal and external security rules without slowing down the primary mission of the DevOps team. This will be a challenge, as security is not inherently baked into a DevOps culture of “move fast, break stuff.” In 2017, DevOps oversights could be the new data breach. We may see a major breach that gets tracked back to the DevOps approach, causing DevOps and security teams to become new best friends.

Trumped by government regulations. The thought of a Trump administration inevitably failing to uphold regulations will keep IT departments tossing and turning at night. If Trump implements his de-regulation promises, and penalties for non-compliance with industry-wide security regulations are relaxed, security teams will need to be self-disciplined to maintain a high level of security by turning to outside resources for security best practices.


Stephen Gates, chief research intelligence analyst, NSFOCUS

The weaponization of industrial IoT. Industrial and municipal IoT is growing rapidly and not only can these devices potentially be used to attack others externally, their vulnerable nature may be used against the industrial organizations operating critical infrastructure themselves, opening them up to intrusion and critical infrastructure outages.

Targeting the cloud operators. Reprobates, hacktivists, nation-states, and terrorist organizations will likely take aim at the cloud in 2017. All cloud operations are defendable, but they are not immune to those who are looking for the next big challenge – and we expect to see some of the largest DDoS and ransomware attacks of all time.  

The advancement of laterally-spread ransomware worms. The days of the single-target ransomware will soon be a thing of the past. These new epidemics will be capable of infecting thousands of endpoints in less than a day. The future of ransomware will be modular and stealthy, capable of moving laterally, and even bridge air-gapped defenses.

The growth of crowdsourced, actionable threat intelligence. Although threat intelligence is still in its infancy, it won’t be for long. Soon, the industry, governments and influential institutions will heavily encourage crowdsourced TI data. All cyber defenses will be fully capable of consuming TI in real-time, acting on the intelligence gained, and also delivering upstream crowdsource capabilities. All organizations, devices, applications, operating systems, and embedded systems will soon be fed TI and in turn, feed it to other organizations. 

The rise of the automated, machine learning, and artificial intelligence (AI)-enabled defenses. New attacks will force corporations and governments to heavily fund automation, machine learning and AI-enabled technology research. These defenses will not only be able to detect anomalies in any type of traffic, user, or device, they will also be capable of inoculating systems on the fly; adapting their immunizations to whatever infection is presented to them.


Brian NeSmith, Arctic Wolf Networks

SMB attacks will increase. Large enterprises are very aware of their security weaknesses, and they have made significant investments to fortify their security. Most of the low hanging fruit, however, has not been picked yet. In 2017, we’ll see cybercriminals shift more of their focus to SMBs who are easier targets since they are less sophisticated and do not have the budget and/or resources to implement enterprise-class security. According to research from earlier this year more than half of small businesses were targeted in the last 12 months. In 2017 we’re predicting 75 percent of all SMBs will be a target.

Ransomware gets smarter and more dangerous. Ransomware stole headlines in 2016, but the gig isn’t up. New variants of ransomware that are able to evade detection will become prevalent in the coming year. As ransomware has become an epidemic, detection methods have been created, forcing cybercriminals to continually enhance their data-stealing tactics In this cat and mouse game, ransomware will evolve to be more self-contained and thwart today’s detection methods. Expect to see another spike in ransomware in health care and financial services as the criminals get smarter in the New Year

Cyberwars among nations become official. Cyberwarfare among nations has been all cloak and dagger up to now. Everybody knows it happens, but it is never covered as widely as a traditional military campaign. As threats become more advanced and intelligent the severity of their impact on international conflict will force nations to bring the issue to the forefront, publicly acknowledging their intent and actions. Expect to read about cyber attacks and defenses in the 6 o’clock evening news.

Cyberinsurance will become a line item on IT budgets. We know by now that businesses should be worried about if they will be breached, but when. As more organizations accept this reality and consider how they will recover from a potentially crippling financial losses of a data breach, incident response plans are evolving to include cyberinsurance. The guarantee that complete data recovery is attainable and affordable is peace of mind that businesses are finding more and more value, and a trend that we can expect to grow in 2017.

IoT threats will become a concern for SMBs. IoT is all about creating more connections, but more endpoints mean more attack surface and SMBs already have their hands full trying to secure traditional and mobile devices. The addition of connected “things” will muddy the waters even further and complicate cybersecurity to a point we haven’t experienced to date. 2017 will open the eyes of many who aren’t yet taking this threat seriously as unexpected devices/endpoints are accessed.

Blockchain will be used to fight against malware (and ransomware). Blockchain applications are on the rise, and while cybersecurity use cases are beginning to crop up, the full potential of the technology is yet to be tapped. Void of points of entry and a permanent record of the data trail, blockchain will present a new level of security options for many businesses and in 2017 security pros will begin incorporating it into their cybersecurity roadmap.


Corey Thomas, president and CEO, Rapid7

In terms of industry trends, I believe we will continue to see market consolidation of security vendors. With a focus on increasing productivity, organizations will move further from disparate, point-solutions that solve just one problem to solutions that can be leveraged throughout the IT environment. This will drive security and IT vendors to integrate, consolidate, and better collaborate. It will become increasingly clear that IT and security professionals want to manager fewer solutions that are easy to use.

I also expect to see the skills gap start to right itself. Security has reached a state of accessibility, by necessity. In most cases, you don’t need an advanced degree to enter the security field and you can often gain skills through certifications. You’ll also see employees that have been traditionally IT shift to security through the redefining of their roles. It’s similar to what we saw in the devops space years ago.

In terms of threats, we’ll see attackers continue to focus on the seams — where organizations connect to exchange data; the SWIFT breach was an example of this. We’ll also see the commoditization and standardization of attacks. You’ll still have some highly specialized, sophisticated attacks, but we expect to see fewer types of attacks, the majority instead fitting into a few common buckets, at much higher volumes that we see today. It’s worth noting that basic security shortcomings (ex. failing to patch) are keeping these attacks relevant.


Tod Beardsley, senior security research manager on IoT vulnerability management, Rapid7

We will see many, many more hobby hackers publishing vulnerabilities in IoT. Cost of entry is low, there are tons of new devices with old bugs and the DMCA now exempts consumer device research, which means boatloads of public vulnerability disclosures. Which is good — and also chaotic. You could say that how IoT manufacturers respond to these disclosures will be make or break for the industry. On the one hand, you might expect more mature companies to respond quickly and positively – patching and updating devices – but it’s also plausible that smaller, younger companies will be more nimble, and therefore able to respond faster.


Mark McClain, CEO and co-founder, SailPoint

Global security market will face consolidation through M&A. The security market is incredibly fragmented. Although there are many interesting companies in the various “silos” of the market, it seems clear that the industry is likely to undergo further consolidation in 2017. Part of this is driven by the consistent interest that enterprises have in reducing their number of vendors. So, there will likely be attempts by some of the largest players in security to aggregate a broader array of solutions into their portfolio. This will be true of some of the “pure play security” vendors like Symantec, McAfee and Palo Alto, as well as by some of the broader technology companies who continue to signal an increasing focus on security (e.g. Cisco, IBM, and others). At the other end of the market, emerging platform players (like SailPoint) will likely add to their portfolios with various tuck-in acquisitions or even “mergers of equals” in order to take advantage of the overabundance of niche security players who are unlikely to survive as independents in the next 3-5 years.

Companies will get creative in handling the talent shortage. The security market is experiencing a significant talent shortage, which is being exacerbated by the continuing evolution of the market. In other words, there aren’t enough experts out there, and the experts are sometimes in danger of becoming out of date if they’re not constantly reinventing themselves. The industry will respond to this in two ways. First, there will be lots of education and training to retrofit general IT staff into many of these roles, due to the increasing importance of security within the general IT landscape. Second, vendors will continue to look for leverage from artificial intelligence and automation. As the complexity and volume of security-related issues increases, companies will expect vendors to help them “separate the signal from the noise” so they can focus their efforts on the areas of greatest risk and impact.

Identity will become a unifying factor in the security landscape. As companies accept the growing reality that much of their critical applications and data will be managed outside the control of their core IT organization (cloud, SaaS, mobile) they will begin to recognize the importance of identity as a “unifying factor” in tying together the disparate security technologies that they are deploying to help enable and empower their digital business initiatives securely and safely. The industry will increasingly be pressured to provide “identity awareness” for such capabilities as endpoint security, perimeter network security, security event management, and behavior analytics. 

Click here for Predictions 2017, Part 1