Security and the mid-market… let’s take a look at the past year because there’s no doubt that CIOs and CISOs everywhere will be in dire need of a stiff drink this New Year’s eve. We witnessed:
- Ransomware rake in hundreds of millions of dollars.
- Hospitals get held hostage by crypto-malware.
- Tens of millions of dollars vanish before banks’ eyes.
- The hacking of the DNC, RNC, IRS, DOJ and voter registration systems in several states.
- An Internet of Things botnet take out a DNS company.
- The Panama Papers leak.
- And much, much more.
But as 2016 recedes into the past, the tide of the year to come will bring in a treasure trove of new trends, some of them good, some of them not so good. Let’s take a look at what 2017 has in store for us:
Researchers forecast the total number of ransomware families will rise 25 percent in 2017. What’s more, new strains may heavily target smartphones and other mobile endpoints using new and advanced social engineering scams. Some cybersecurity firms optimistically predict a drop off in ransomware by mid-2017 in response to enhanced security posture (our fingers are crossed, but we’re not holding our breath).
As of now, the only certainty regarding ransomware is that there will be more of it, and it will target the smallest business to the largest enterprise with clever social engineering schemes.
2. IoT botnets
Internet of Things distributed denial-of-service attacks are the closest we’ve come to creating an army of robots that can be used against us. As the number of IoT devices increases (which it will, according to Gartner) that botnet army only gets bigger. We already saw what a well-placed IoT DDoS attack can do after Dyn was overwhelmed with traffic requests in October from a mere 100,000 devices. In 2017, we can expect to see more attacks like this. What’s more, some of these will likely be diversions for data infiltration efforts, underscoring the importance strong incident response.
Again, no company is immune to DDoS, and that includes the mid-market. On more than one occasion, these attacks have been used for extortion against SMBs.
3. Morphing perimeters
Cloud deployments will continue to increase in 2017, and so will the use of mobile endpoints. As a result, strengthening security posture will become more difficult, and will require an advanced, holistic approach to cybersecurity that is dependent upon perimeters, and more reliant on identity access management and other user security controls.
In other words, the rules of the cybersecurity game are about to get shaken up even more than they already have. If you need help finding the ropes in this brave new world, this is a good place to start.
4. The solutions-based approach crumbles
“Mid-market businesses will gravitate toward enhancing overall security posture.”
Out-of-the-box cybersecurity will always have some value, but it’s no longer the centerpiece of a cybersecurity strategy. And while the “managed” approach to cybersecurity has become a welcome alternative, it’s still not a panacea. Outsourcing to MSSPs has one of the same pitfalls as packaged cybersecurity, which is that there are so many niche solutions. This puts mid-market companies at risk of paying for a service that may not be essential. Furthermore, putting control of security solutions entirely in the hands of a third party means relinquishing threat lifecycle visibility.
In 2017, more mid-market businesses will start to gravitate toward enhancing their overall security posture. We saw this start happening in the second half of 2016 with the birth of Managed Detection and Response (MDR) services, which aim to improve a business’ overall detection and response strategy.