- Internet of Things (IoT) security and cloud security threats are key areas to watch for critical developments in 2017, according to Intel Security’s McAfee Labs 2017 Threats Predictions Report.
The report also highlighted 14 trends to keep an eye on in the next year, and also listed the six “most difficult-to-solve” cybersecurity challenges.
“To overcome the designs of our adversaries, we need to go beyond understanding the threat landscape to changing the defender-attacker dynamics in six key areas: information asymmetry, making attacks more expensive, improving visibility, better identifying exploitation of legitimacy, improving protection for decentralized data, and detecting and protecting in agentless environments,” Intel Security’s McAfee Lab Vice President Vincent Weafer said in a statement.
He added that it’s necessary to change the “rules of the game” between attackers and defenders in order to neutralize the greatest advantage that adversaries hold. The effectiveness of a new defense technique will increase “until attackers are compelled to develop countermeasures to evade it.
In terms of cloud security threats, McAfee noted that there will be greater interest in attacking the cloud. More organizations will put their trust in the cloud, which will lead to more sensitive data and processing in the cloud.
“Cloud service providers have significantly improved and will continue to improve their security controls and assurances to customers,” the report’s authors predicted. “Absent a major breach or outage affecting multiple companies, countries, or segments of the economy, trust in the cloud will continue to rise.”
Additionally, there will be continued conflicts of speed, efficiency, and cost battling control, visibility, and security in cloud offerings.
Security is the top barrier when it comes to cloud computing for organizations that have not yet implemented it, the authors observed. However, for entities that have started to utilize cloud, security is the second or third barrier. Cloud services providers will need to find the right balance between offering speed, efficiency, and cost versus the desire for control, visibility, and security.
The weakest link in cloud protection will continue to be antiquated authentication schemes and their control systems, with gaps in coverage between service layers, and inconsistent settings or controls being the second weakest link. Attackers will likely take advantage of the latter issue, according to McAfee.
“Technologies will emerge to better protect data at rest and in transit,” the researchers explained. “To address the volume and speed of threats, behavioral analytics, security automation, and shared threat intelligence services will be leveraged to improve detection and correction capabilities.”
For IoT security, McAfee explained that IoT devices are attractive to cyber criminals because they are a potential source of data or metadata or they are a potential attack vector to cause damage. Overall, the report listed 10 predictions as the most prominent and probable outcomes during the next two to four years:
- The threat of IoT attacks is real, but opportunities for profit-seeking criminals are still unclear
- Ransomware will be the primary threat
- Hacktivism will be the biggest fear
- Nation-state attacks on critical infrastructure will be an ever present concern, but will occur sparingly due to concerns over physical or cyber retaliation
- IoT will significantly reduce consumer privacy
- IoT devices will be useful attack vectors into control, surveillance, and information systems
- Device makers will continue to make rookie mistakes as they IP-enable their products
- The control plane of IoT devices will be a prime target
- Aggregation points, where data from devices is collected, will also be a prime target
- Ransomware will attack Internet-enabled medical devices
IoT threats and breaches will prompt political and regulatory responses, according to McAfee. However, technology’s quick advancement will hinder effective legislation. To that same effect, legislation will also hinder further advancement.
“Loss of consumer privacy and legislative responses to citizens concerns will capture headlines,” the authors explained. “However, the conveniences and efficiencies made possible by IoT devices will outweigh their disadvantages, so adoption rates will remain high.”
IoT vendor response will include developing a wide array of responses to encourage and support market adoption. New technological options will likely include device control systems to automatically manage and secure IoT devices, as well as new encryption options.
“An important change will be a better understanding of the intrinsic value of personal data,” McAfee wrote. “Consumers will expect options for sharing personal data collected by IoT devices, including compensation.”