This article was originally published on Help Net Security.
1. Cybercrime recognized as a dark industry
Over the last several years, cybercrime has evolved from separate efforts of threat actors to a full-blown industry. While security professionals have observed this gradual “corporatization” of cybercrime, 2017 will be the year non-security folks begin to recognize this fact as well.
Reports of ransomware unleashed on hospitals have brought cybersecurity discussions into people’s living rooms. Free rides on the San Francisco Muni transit system in the U.S. are an indirect result of another ransomware attack. Botnets able to launch massive DDoS attacks are why users couldn’t access Twitter, Spotify, Netflix and other apps and services common to everyday life.
These events are the result of the new era of cybercrime, one which has been driven by the development of the deep web, outstanding and innovative achievements of criminal groups and advanced TTPs developed by nation-state actors. The biggest driver, though, is the validation of business models that have made cybercriminals very, very wealthy.
Criminal “companies” now operate together, employing similar tactics as legitimate industries: selling packaged tools and platforms to their customers; providing malware-as-a-service; demonstrating innovation, usability and professional excellence; and offering outsourced capabilities with training and technical support.
For any legitimate businesses still thinking cybercrime doesn’t have industrial strength behind it, they will likely find themselves the next target.
2. Enterprise demand for threat intelligence skyrockets
Those organizations that are paying attention to the warnings signs of cybercrime recognize the need for real-world threat intelligence.
To keep pace with cybercriminals, cyberdefenders must understand which vulnerabilities are being exploited in the wild, which have been packaged in exploit kits and which are being used to target their industry. This requires examining available exploit kits, malware and other threat actor tactics used in the real world, as well as internal incidents and incidents in similar organizations.
By combining external imminent threat intelligence with context of the network, security controls and business, organizations will be dramatically more effective at reducing the risk of a damaging cyberattack.
3. Intelligent vulnerability management targets cyberattackers’ weak spot
Kaspersky’s report on ransomware from 2014 to 2016 identified 62 new ransomware families with roughly 45K new ransomware variants. Despite this, the amount of vulnerability exploits used by threat actors is much lower: Verizon’s 2016 Data Breach Incident Report shows only 900 vulnerabilities were exploited in 2016.
This leaves a much smaller stack of potential client-side threats to address proactively. With knowledge of the tools in the cybercriminal’s toolkit, organizations will be able to take vulnerability management programs to the next level.
Combining real-world threat intelligence, CVSS-based scoring and security factors of the network and business will provide the needed context to accurately prioritize vulnerabilities and focus remediation.
4. The great security vendor crunch
In the crowded cybersecurity market, mergers and acquisitions of vendors and service providers are sure to take place. But in 2017, cybersecurity M&A will be driven by the customer’s need to consolidate more than ever before.
The growing cybersecurity skills shortage is forcing customers’ hands in two ways. The first is to consolidate the tools they use under centralized management, increasing the automated integration between solutions. The second is to decrease reliance on niche talent to operate a patchwork of point solutions from various vendors. These market drivers will likely produce several point solution mergers and buyouts as the demand for integrated platforms rises.
5. The Race to GDPR compliance and increasing global regulations
If you’re a company based outside the European Union, you may have heard of the EU’s impending General Data Protection Regulation (GDPR) going into effect in 2018. If not, you’d better get informed and do so quickly. If you’re a company in the EU, you are likely already panicking. GDPR doesn’t care much where your headquarters are – if you have business operations in the EU or handle EU citizen data, it applies to you.
These aren’t your grandma’s cybersecurity regulations. Current penalties in the EU stand at around €750K. Under GDPR, fines will reach as high as €20M or four percent of turnover. Other tough regulations have gone into effect in recent months and are on the horizon. New York State is implementing March 1 new cyber regulations for the financial sector, which could potentially open executives up to criminal liability for non-compliance.
2017 will be the year organizations are forced to overcome the compliance burden without sacrificing security. This will mean an automation boom – from network modeling to gain visibility over systems processing personal data to change tracking to risk assessments and, of course, to reporting for audit purposes.