2016 wasn’t a good year for computer security where ransomware and DDoS attacks flourished to all new levels. 2017 will see new and bigger problems, but also new methods of defense to counter them. Let’s look at six trends which we can expect in 2017.
Massive attacks through the Internet of Things
Internet-connected devices with horrible security have proliferated. They’re cheap, and people don’t think about them, but it’s easy for malware to scoop them up into botnets. A massive DDoS attack on October 21 disrupted traffic to websites such as Twitter, Comcast, and PayPal without directly touching them.
Even if every new device in 2017 had proper security, the existing devices on the IoT wouldn’t disappear. Large-scale attacks will be a fact of life in 2017 and beyond.
From social engineering to individual engineering
Phishers love social engineering tactics. A ruse that appeals to common fears, concerns, or sympathies will trick some people. They’ll give away personal information or open hostile files. As more people catch on to these tricks, criminals need something new, and they’re turning to ways to capture or impersonate people at a time, with carefully crafted messages.
Email targeting or impersonating individuals are called “spearphishing.” It can fool people who wouldn’t fall for typical phishing.
Redundancy and failovers
A company’s cyber defense must adapt to new circumstances. It is an absolute must to minimize an organization’s risk or vulnerability to the growing threat of DDoS attacks; companies must set up redundant servers so that there’s no single point of failure. If one system is overloaded or fails, another can take over. DNS services can be the weakest link; the October 21 attack was on a DNS provider. Sites will use more than one service to hold their domain information.
“Containers” are a hot technology that offers security advantages. A container is like a virtual machine but more lightweight, so that a computer can rapidly deploy and remove many containers. Each one is almost entirely isolated from the others. It’s tough for malware to spread from one container to another.
New security regulations
Manufacturers create inexpensive devices for the IoT and don’t pay much attention to security. Purchasers install them with equal indifference. Each device is tiny but added together they pose a significant threat. We’re sure to see proposals for new laws or regulations to mandate some level of security in these devices. Regulations of rapidly changing technology often have unintended consequences, and existing devices will continue to be a risk so that the remedies won’t solve everything.
Security experts have conceded that it isn’t possible to stop all attacks cold. Networks are more porous than ever, and the number of threats is enormous. The new approach is a multi-layered, coordinated defense. Attacks may get through one layer, but the next should stop them. If they get through, security software will detect abnormal activity and quarantine the affected system or alert an administrator.
Throughout 2017, everyone involved in computer security will have to stay alert to the latest threats and defenses. They’ll have to put in their best efforts to keep up.