- Security TWENTY Home
Wieland Alge, VP and GM EMEA at Barracuda Networks, pictured, shares his thoughts on the trends that will shape the IT landscape in the coming year.
In 2016, increasingly dispersed enterprise networks, the rise of new malware variants and the growth of sophisticated social engineering attacks resulted in companies – and governments – facing a surge in threats on numerous fronts. For me, 2016 was characterised by a rapid acceleration in SaaS usage as organisations and individuals migrated to cloud email services like Office 365. It was also the year that ransomware established itself as one of the most dangerous and enduring threats facing organisations and consumers. Alongside wide-scale indiscriminate ransomware campaigns, 2016 saw ransomware gangs evolve their practices and operational models to launch highly sophisticated targeted attacks. Make no mistake; crypto-ransomware is now a highly profitable criminal business.
The convergence of these two trends in 2016 has impacted the IT landscape. With public cloud now firmly established as a sustainable option for productive workloads, specialised security approaches like network and web application firewalls for such infrastructures are fast becoming the norm. Similarly, the spike in demand for e-mail SaaS has driven a move towards a greater consolidation of email security and archiving. Backup is now a critical element of any attack defence strategy – especially when it comes to protecting against crypto-ransomware – as is the ability to achieve agile and flexible restore capabilities.
The pressing need to assure security in public cloud infrastructures also regenerated interest in software optimised firewalls. Any application exposed to the outside world represents a security risk, and in an increasingly virtualised network, next-generation firewalls are now a must have. So, what trends might we see in 2017? Here are my expectations for the coming year:
Get ready for more ransomware attacks
Designated the ‘year of ransomware’, 2016 saw strains like Locky dominating the headlines. Cyber criminals sent out billions of messages with malicious attachments that, once opened, encrypted the victims’ data. New Locky variants, designed to make detection trickier, appeared throughout the year, and it’s unlikely that 2017 will see any let-up in this lucrative form of extortion. Especially as we’ve seen a rapid increase in the ransom demanded by criminals to unlock data.
In 2016 we saw a major uptick in ransomware attacks on SMBs as cyber criminals recognised their greater vulnerability generated rich pickings. Frequently less prepared to cope with spear-phishing attempts, SMBs will again bear the brunt of cyber attacks in 2017.
Mid-market enterprises step into the firing line
Cyber attackers historically focused their attentions on large enterprises, who typically were early adopters of new ‘untested’ technologies that hackers could potentially compromise. By the time these technologies had trickled down to the mid-market, established processes and security tools were in place to protect usage – and the cyber criminals moved on to more tempting options.
But today it’s the mid-market enterprises that are leading the digital transformation race. These first movers are embracing new business models and newer technologies much faster than their enterprise counterparts – a trend that now makes them a primary target for cyber attackers.
IoT attacks will hit the headlines – again
The wide scale adoption of IoT devices is fast becoming a reality. Everything from household appliances and meters to industrial freezers, smart kiosks, cars and even children’s toys are becoming connected. The hope is that these devices are also secure and protected.
The DDoS attacks towards the end of 2016 highlighted the consequences of putting poorly secured IoT devices into the market. But until legislators step in and force manufacturers to adhere to a set of prescribed standards, it’s likely that the security credentials of many IoT devices will continue to be poor.
Rumours abound that many large-scale business critical IoT deployments have already been compromised and held to ransom by cyber attackers. Expect 2017 to be the year in which such incidents become a more regular occurrence and one that is widely publicised.
The Mirai botnet DDoS attacks should serve as an early warning of a clear and present danger for 2017: a cyber attack that takes control of hundreds of thousands of connected devices to create a supersized botnet could prove catastrophic – especially if attackers target critical infrastructure.
Demand for managed security services will grow
2017 will see businesses, large and small, initiating large-scale digital transformation projects. In each of these projects, companies will find that they now need to manage and secure increasingly complex and agile infrastructures from a rapidly changing threat landscape. This is set to drive up demand for managed security services, as organisations look to bring in specialist expertise to operate, manage and secure their burgeoning IT estates.
The coming year will present an array of challenges for businesses as the modus operandi of cyber criminals becomes increasingly sophisticated. In hand with rapid internal digital transformation, re-assessing the effectiveness of cyber security strategies will be the key to keeping these businesses secure.