By Tamlin Magee
Jan. 4, 2017
"We will begin to move towards a more unified national approach to cybersecurity based on information sharing communities", Vincent says, "rather than a fragmented, secretive, organisation-by-organisation approach."
Kaspersky Labs agrees that attribution will be a central issue to cyber threats in 2017.
"The pursuit of attribution could result in the risk of more criminal dumping infrastructure or proprietary tools on the open market," says Juan Andrs Guerrero-Saade, senior security expert for the global research and analysis team. "Or, opting for open-source and commercial malware - not to mention the widespread use of misdirection, generally known as false flags, to muddy the waters of attribution."
'Internet of Threats'
The things that we typically associate with cybersecurity are changing too - it's no longer just our computers and smartphones or other devices that provide potential access points for an attacker. As cities over the world embrace the internet of things - to create smart cities or other connected infrastructure projects - there are possible access points not just on our devices but in our homes and streets, and it takes just one weak link in a chain to compromise an entire network.
According to Catalin Cosoi, chief security strategist at Bitdefender, 2017 will see a "marked rise" in attacks on the internet of things for both individuals and organisations.
"As penetration of IoT devices in industry grows, so will the threats posed to security by their uncontrolled deployment and use," Cosoi says. "Personal IoT devices will also increasingly get carried across physical and logical security boundaries by employees, compounding the issues."
A particular problem is that many IoT devices are built with affordability in mind rather than with security baked in.
"As the market penetration of smart devices grows, the population of legacy devices which remain unpatched and thus vulnerable 'forever' will only grow," Cosoi explains. "This creates the possibility of crossover threats - as 60 percent of those surveyed keep private files in their PCs or laptops, which share the home network with smart devices."
According to the CTO for data protection at security company Gemalto, Jason Hart, 'data integrity' will continue to be a serious issue for businesses. The premise behind data integrity is that information can be accessed or modified only by authorised users - so a data integrity attack involves manipulating that data for other ends.
"Data integrity attacks are nothing new," Hart says. "But they remain under the radar of businesses who have an ever-increasing reliance on data, and make huge business decisions based on its analysis.
"The first generation of cyberattacks focused on stopping access to the data, which quickly moved on to stealing it," he explains. "Today we're seeing more evidence that the stolen data is being altered before transition, affecting all elements of operations. Data integrity attacks have the power to bring down an entire company - stock markets could be poisoned and collapsed by faulty data, the power grid and other IoT systems could be severely disrupted, and perhaps the greatest danger is that many of these could go undetected for years before the true damage reveals itself."