If you’ve been following our 2017 predictions series closely over the last few days, you might have noticed one reoccurring theme: cybersecurity. So what exactly can we expect when it comes to cybersecurity? I spoke to Andy Powell, VP in Cybersecurity at Capgemini UK, to find out:
The AI arms race
In 2017, we’ll see Artificial Intelligence (AI) and machine learning used by both sides of the cybersecurity battle, resulting in more sophisticated threats and even more advanced means to combat them.
From a hacker’s point of view, AI will power malware, and will use data from the target to send phishing emails that replicate human mannerisms and content. Seeming more lifelike, these AI powered attacks will resonate with the target better than ever before, meaning they’ll be more likely to fall victim.
On the flipside, cybersecurity teams will implement AI and machine learning to bolster their encryption tactics. We’ll see a rise in AI systems that are able to frequently re-write encryption keys to prevent them being unlocked. There will also be further implementation of AI that can spot unusual activity both on the inside and at the perimeter of an organisation’s walls, to help meet the need for advanced, agile, and tailored cyber intelligence feeds that adapt to the battleground.
ISPs: The answer to IoT standardisation
IoT enabled devices are increasingly entering our homes, and they’re continuing to create opportunities for hackers. Manufacturers have some work to with keeping them secure, though. This is particularly the case for devices such as baby monitors or web cams where there isn’t much of a post-sales lifecycle at play, meaning there’s little perceived incentive for manufacturers to invest in software patches and security upgrades.
In 2017, there will be numerous attacks that in turn create a greater call for an implementation of an IoT standard. Internet service providers in particular, will take a greater role in securing the IoT. In the same way that they can block particular types of websites, so too can they filter malicious traffic on networks that are driven by malware. We’ll start to see warnings being sent regarding malicious traffic to customers, to help them to secure their devices with the manufacturer or a third party.
GDPR: Start now or face fines
Organisations are all aware of the General Data Protection Regulation (GDPR) deadline, but 25th May 2018 is the date they need to be ready by, not the day in which they should start preparing. We’ll see the Information Commissioner’s Office (ICO), the UK's independent body set up to uphold information rights and enforce GDPR, having little sympathy for any company that suffers a data breach. The law is catching up with public sentiment when it comes to personal data, and it’s set to impose more stringent penalties for those affected.
GDPR should not be tackled in isolation – everyone needs a seat at the table, from HR, to legal to the boardroom. Preparing for it will be no easy task, with complex encryption and authentication measures to implement, to company-wide education on best-practice. With the law set to be enforced in 2018, next year should be a critical time for organisations to start preparing.
Utilities under attack
The cyber attack on the Ukrainian power grid in 2015 gave the world a real insight into what hackers are capable of. With an increasing amount of smart devices entering the utilities space, and with phishing tactics and malware becoming more refined, a similar attack could very well be imminent.
In 2017, we’ll expect to see cyber-attacks to take a more sinister turn. It’s possible that we might even see the first real world hack of a connected medical device.
If hackers use ransomware for attacks of this nature, it will have a debilitating effect for the healthcare, utility and, in particular, the manufacturing industry, in which ransomware is becoming more prevalent as the tools are now being made available by state actors.