3 Predictions for 2017 from Former Special Agent in Charge of FBI Cybercrimes
2016 continued the trend of aggressive cyber attacks. The key takeaway is that this trend is not going away. As we look to 2017, I believe we’ll see three major trends.
1. Context is the next evolution of identity and people will, finally, stop caring about giving up privacy to prevent attacks.
We’ll see identity finally move beyond a username and password: things like what device you’re on, what’s the context, enterprise vs. mobile origination, etc. that are seamless (invisible to the user) will take precedent and they’ll be embedded in use, and travel wherever users do.
The resource (device, company, network, app, etc.) will care about who you are in the move to cloud/BYOD environments and as part of this, users will give up privacy to access the resource. This trade-off is fair—you must provide enough proof of who you are when asking for access to a valuable, shared resource. Users already sign end-user license agreements (which most don’t read, and scroll as fast as possible to click accept) granting necessary access. The vast majority of the population views this as a fair and acceptable trade.
2. The US will take a more aggressive position on international cyber security that will lead to cyber escalation between Nation States.
Typical to any transition of Presidential power, we’re in a honeymoon period between Nation States. Make no mistake, however: the first thing our adversaries are doing is figuring out where to “pick a fight” to see what they can get away with.
Russia, for example, has a track record of positive initial meetings with President-elects, while they test how much they can extract from them. But soon enough, Russia’s concerns will be intractable and President-elect Trump will be forced to face reality: Russia will not change its behavior. We are already seeing Russia test Trump. Just this month, Putin said about Russia’s military, “We can say with certainty: We are stronger now than any potential aggressor. Anyone!” These kinds of comments will not sit well with an aggressive President-elect, and a Cabinet full of former US military.
The strained relation between Trump and the Obama Administration has caused negotiations between the US and Russia to have already been sent into a tailspin. All of this will lead to cyber escalation. While Trump has been playing nice – some say too nicely – with Russia, he’ll eventually overact and take proactive measures, which is more his style.
Another “Russia intractable” is the Ukraine. Since the US’s influence in Ukraine is threatening to Russia, and the US won’t leave Ukraine’s fate in Russia’s hands, both countries will use cyber tools to try and get what they want: information.
Another example is China. Cyber relations with China are already unstable with the incoming US leadership. Trump is taking China head on, with regular comments on its currency devaluation, abuse of trade policies and the volatile Taiwan relationship. In response to a new, perhaps more hostile Trade Secretary, China’s Foreign Ministry spokeswoman has indicated that “China like every other country is closely watching the policy direction the US is going to take,” according to the Wall Street Journal.
In September 2015, Obama agreed with China that neither side would engage in cyber espionage in business. It was a gentleman’s agreement, based on goodwill, that isn’t binding or enforceable. From detectable cyber activity, there seems to have been a decrease in cyber espionage, supporting the notion that both sides have been honoring the agreement. If that goodwill ceases to exist with China—and it seems that it will not with the President-elect’s approach—all bets are likely off.
3. The world is not equipped to handle sophisticated, multi-site cyber attacks, especially against financial institutions. Stolen money will be reinvested in “hacker R&D” creating future chaos
Countries and corporations are not prepared to deal with advanced cyber attacks. In the February, 2016 Bank of Bangladesh hack against the SWIFT system, criminals stole $81M—and most of it is still unrecovered. Hackers are already re-investing these funds to develop techniques to target lesser protected institutions, which isn’t good news for network defenders.
The Internet of Things (IoT), DDoS attacks will be a problem in 2017.
- IoT is becoming even more commonplace and the lack of set standards/regulations leave us with more and more unsecured devices, widening the playing field of opportunity for hackers.
- DDoS is becoming sexy again because we’re entering a different era in terms of volume, in part due to the number of IoT devices now online. We should anticipate an acceleration in DDoS attacks because some of these devices simply can’t be fixed and/or properly secured. The October 2016 DYN DDoS attack is a good example of the above two trends. And the IoT botnet (Mirai) used in this attack shows signs of evolving as its source code was released publicly.
Companies will soon make the official transition to cloud, as they’ll stop viewing it as a risk and more of a sanctuary. They’ll also start establishing a “TSA-type security pre-check in line” to services for approved clients that will isolate channels for customers (i.e. they won’t be public facing) in order to avoid the internet cesspool.
In 2017, it’s now more important than ever before to evaluate your traditional security solutions with what’s disrupting the market. New methodologies to combat hackers are needed to ensure organizations can keep their networks and precious resources safe.