A half dozen times this year, I have written about what I considered to be major changes in cybersecurity. These changes inform my half dozen predictions for 2017.
1. There will be a major insider attack. In January, I noted a report that found 93% of American executives feel their organizations are vulnerable to insider attack. If 2016 has taught us anything, it’s that large portions of the population feel alienated — from their government, the institutions that claim to serve them, and perhaps their employers. I hope I’m wrong, but I think it’s just a matter of time before a major organization is brought to its knees by an insider.
2. A breached company will suffer more from the fallout than the breach itself. In July, I wrote about the costs Ashley Madison (the adulterers’ dating website) had incurred as a result of being hacked. These costs included a quarter of the company’s revenue (as customers fled), a $576 million class action lawsuit, and an FTC investigation into company business practices. I think we have only scratched the surface of the pain that can attend a successful hack and it’s only a matter of time before we see a company brought down completely not by the damage of a hack, but by its aftermath.
3. Multi-factor authentication will grow apace. In October, I provided a list of the different ways that thieves can steal usernames and passwords. Most of us haven’t the least idea how vulnerable we are. I think the message will break through this year and the pace of adopting multi-factor authentication will grow dramatically. It has to.
4. There will be more — and more powerful — attacks on the net itself. Also in October, I reported on an attack that rendered some of the web’s most popular sites inaccessible for a period of time. There were two remarkable things about this attack: 1) that it was mounted by a bot army of unsecured “smart” devices and 2) that it is so hard to see how anyone could have profited by it. The unsecured “smart” devices are still out there, as is the motivation to create chaos apparently for its own sake. Both continue to put the internet itself at risk.
5. Social engineering will become ever more sophisticated. In December, I wrote about a demonstration of social engineering in which a hacker answered the challenge of obtaining a man’s email address and password without technical assistance. She did it by phone, entirely through persuasiveness and exploiting the natural human desire to be helpful. She can’t be the only one out there with these kinds of skills, and the video showed her to be nowhere near retirement age. She has plenty of time to get even better at this. If she can cultivate this skill for recreation, the miscreants can certainly develop it for profit.
6. International cyber warfare will continue. Two years ago, the Sony hack seemed to tell us that North Korea was at (cyber) war with Hollywood. U.S. intelligence agencies believe that Russia is at cyber war with the Democratic Party. Regardless of who is in the White House, I don’t see the U.S. allowing this warfare to continue without a response. It only remains to be seen how big this will grow internationally. We may already be in a world (cyber) war.
As gloomy as my predictions are, I think you can prepare yourself for them with training. I hope you do. Happy 2017.