What will be the single biggest security threat of 2017?
Trends

What will be the single biggest security threat of 2017?

At the very end of 2015 we ran a straw poll of individuals in the security space to determine what the single biggest security threat of 2016 would be. We divided the 74 “unstructured” comments into a number of lose sections with “people” emerging as the most popular response.

Last year the security breaches came in even more thick and fast, so, we decided to run the same poll again. To achieve this we simply asked industry professionals to tell us what they think the single biggest security threat of 2017 will be along with a short explanation as to why.

Out of the 86 usable comments we received, over a quarter (26) selected the Internet of Things. Within this section there was a lot of talk about the rise of DDoS attacks and botnets. Breaches related to staff and users came in a not-so-close second with 13 responses.

Amongst the general comments a wide number of different threats were highlighted. Data – and the vast glut of personal details now for sale on the dark web got a mention. While the continued reliance on passwords, rise of criminal AI and the increased professionalisation of cyber skills were also called out.

Of course, in some ways this is a spurious exercise. It is hard to reliably pull out a “single biggest threat” of the year, especially when so many trends are so closely interlinked. But the wide range of response is interesting. For example, although passwords were mentioned by a couple of individuals as a problem, the main alternative, biometric authentication itself was also singled out as a core security threat.

All 86 comments are listed below – I’ve just roughly grouped them into four sections:

  1. Some interesting answers – 12
  2. Some topical trends – 35
  3. Breaches related to people –  13
  4. The Internet of Things  – 26

 

Some interesting answers…

Criminal AI
“Because of its potentially catastrophic ability to learn and adapt without re-programming, making an AI criminal attack very difficult to trace and deflect and to stop criminals who use this software.”
Paul Briault, Director of Digital Security and API Management at CA Technologies

Biometric authentication
“A password can be changed, but a face, fingerprint or voice isn’t so easy to change if that data is breached and replicated.  As an industry we need watertight methods of storing this data securely before we play with people’s identities.”
Andre Malinowski, Head of International Business at Computop

Car Security
“There’s a push by automotive manufacturers to install more intelligence, functionality and automation into vehicles but with these additions, come more vulnerabilities which can be catastrophic.”
Javvad Malik, Security Advocate at AlienVault

Increased targeting of drones by hackers
“With frequent reports of low-cost, commercially available drones being flown in unauthorised areas, even models used by amateurs are able to inflict injury and damage; imagine what a cyber criminal with disposable income could do.”
Robert Page, Lead Penetration Tester at Redscan

Sophisticated, state-sponsored security breaches
“Adversaries are becoming more adept at bypassing traditional security measures, and as the breaches rise, network engineers will increasingly be called upon to help security investigations by making critical network packet data available that efficiently answers the who, what, when and how of the intrusion even weeks or months after discovered.”
Larry Zulch, President & CEO at Savvius

Geo-political threats
“US companies are now legally required to provide the US government with any data it requires.  Similar legislation may follow in other countries as governments, highly sensitive to risks such as terrorism, try to get ‘control’ over the data that resides in their multi-national corporations. This is a huge risk to businesses, as it puts them at the mercy of government policy.”
Simon Persin, Director at Turnkey Consulting

AI cyberattacks
“As AI becomes commoditised, we can expect cyber attackers to take advantage in a similar way as businesses: 2017 will be characterised by the first AI-driven cyberattack, which will transform the ‘advanced attack’ into the common place, and attacks that were typically reserved for nation-states and criminal syndicates will now be available on a greater scale.”
Matt Middleton-Leal, Regional Director, UK, Ireland and Northern Europe at CyberArk

Cyber espionage
“Following the US presidential race, cyber skills will continue to be used to infiltrate other governments and perform attacks on critical infrastructure, while increased budgets for targeting cyber by the UK & US governments will seek to tackle this growing threat.”
Eldar Tuvey, CEO and Co-Founder of Wandera

The skills arms race between companies and cyber criminals
“With technology developing at a rapid pace, cyber criminals are becoming ever more sophisticated, and it’s proving extremely difficult to find skilled talent to mitigate the risk.”
Geoff Smith, Managing Director at Experis UK & Ireland

The undiscovered breach
“…that offers unlimited access to the company’s data, or the suspicious activity that goes unchecked and leaves the back door wide open to hackers; so detecting these weaknesses in real-time will be more critical than ever.”
Piers Wilson, Head of Product Management at Huntsman Security

Radio
“Radio (invented by some Russian guy back in 1895) is going to be the main threat of 2017 because a lot of modern critical systems including transport, banking, home automation and energy supply became very dependent on networking via radio channels (GPS, GSM, Wi-Fi, NFC etс) - all this wireless communications are easy to intercept or spoof.”
Alex Mathews, EMEA Technical Manager at Positive Technologies

The huge surveillance apparatus that the Trump regime will inherit from Obama's presidency
“Not only does this give the upcoming president powers to turn the United States (and, indeed, the rest of the world) into a police state, but by compromising every citizen's data integrity, it will also make them more vulnerable to criminal hackers.”
Douglas Crawford, Cybersecurity Expert at BestVPN

 

Some topical trends…

Advanced exploit tools
“This will pose a major threat to businesses and consumers alike, as everyday cyber criminals will be able to capitalise on the methods adopted by sophisticated adversaries.”
Mike East, VP EMEA at CrowdStrike

Attacks on critical national infrastructures
“In 2017 I believe we will witness a surge in sophisticated attacks across industrial control systems. The shift from legacy systems towards process control networks and increased enterprise connectivity with the internet, will create more extensive backdoor exploits around the industrial control systems (ICS).”
Azeem Aleem, Director of Advanced Cyber Defence Practice EMEA at RSA

Data
“As data usage continues to increase, the biggest security threat will be the disclosure of valuable data through unsecure Wi-Fi connections where cellular networks are unavailable.”
Achilles Rupf, CEO of Naka Mobile

Traditional premises applications
“Major cloud app vendors have invested heavily in security personnel and security infrastructure, and have proven their ability to effectively protect against threats. Premises applications, by contrast, commonly suffer from slow or non-existent patching, and less comprehensive security strategies than their public cloud counterparts.  The balance between keeping internal privacy and security will also be a big issue. Keeping the company data safe and keeping the privacy laws in-line.”
Eduard Meelhuysen, VP EMEA at Bitglass

The Industrialisation of malware
“Malware won’t just impact on corporate data; in 2017 we will see the escalation of threats from pure digital attacks such as Ransomware to attacks that cause physical damage and could even endanger life such as the Stuxnet attack on the Iran nuclear power plant and the attack on the Ukraine national power grid where 80,000 people lost power to their homes following a malware attack.”
Matt Walker, VP Northern Europe at HEAT Software

Unpatched vulnerabilities
“The biggest security threat of 2017: Unpatched vulnerabilities on any kind of device, leaving devices at the mercy of malicious threat actors whose goal is not to make our world safer.”
Kasper Lindgaard, Director of Secunia Research at Flexera Software

The cloud
“The single biggest security challenge of 2017 will be how to leverage public cloud for mission-critical applications and data storage with complete surety of security, now and in the post-quantum computer world.”
Andersen Cheng, CEO of Post-Quantum

Over-the-air attacks
“So much critical user data now flows over WiFi and mobile phone networks that users can suffer life-impacting losses from over-the-air compromises, without ever knowing they should have protected their communications.”
Andy Lilly, Director and Co-Founder of Armour Comms

The evolution of Ransomware
“The growth in Ransomware shows no sign of abating so I suspect we will see continued campaigns by the criminal fraternity and, very likely, new ransom targets as the attacker looks for more avenues for easy money. As the recent ransomware infection of the San Francisco Light Rail System shows, we can expect our transport, power and water systems to be targeted in a similar fashion.”
Tony Rowan, Chief Security Consultant at SentinelOne

Data integrity attacks
“Hackers will no longer simply be stealing data, but instead aim to gain unauthorised access to manipulate vital data – which businesses will make important decisions on – for a number of ulterior motives, such as financial or reputational.”
Jason Hart, CTO Data Protection at Gemalto

APT (Advanced Persistent Threat) groups of attackers
“These prepare attacks very thoroughly and focused on getting to know its target and its weak spots. As an example, a HR team member in a company opens a CV sent by an APT group. This CV includes malware – and the group easily gains information on the business's structure, which leads to more attacks across the business. Without advanced prevention, audit and visualisation tools implemented through IT, the ATP group can, by abusing the well-chosen computers, control important financial systems for a long time period.”
Daniel Olsson, Chief Operating Officer at Soitron Group

Intellectual Property
“While typically not very accessible outside the core development team, many security problems can stem intentionally or accidentally in the software creation process. Large organisations can have billions of dollars of this kind of IP in version control systems, so a goal for next year should be to have more fine-grained user access to code, plus greater traceability and visibility of the software development environment.”
Sven Erik Knop, Principal Solutions Engineer at Perforce Software

Cyber criminals
“In the modern age, the business world is an interconnected mesh of connectivity and as such, cyber criminals are the single biggest security threat to companies around the globe. They have the potential to bring a business to its knees and won’t stop attacking an organisation until there is nothing left to gain.”
Glenn Temple, Head of Operational Security at Redcentric

Web applications
“Web applications will definitely be among the top threats for companies and organizations. According to Verizon Data Breach Investigation Report 2016, web application attacks are the #1 source of data breaches. This is confirmed by Gartner Hype Cycle for Application Security 2016, saying that applications, not the infrastructure, represent the main attack vector for data exfiltration. Almost every modern system or device (including IoT) have web interfaces, many of which contain custom or unverified code, exposing easily-exploitable vulnerabilities that lead to huge data breaches.”
Ilia Kolochenko, CEO of High-Tech Bridge

SSL / TLS encryption
“A key threat for 2017 will be the continued surge in Secure Sockets Layer / Transport Layer Security (SSL / TLS) encryption that will provide cybercriminals with more opportunities to conceal malware from firewalls. Last year we saw this encryption encrypt 64.6% of web hits and lead to under-the-radar hacks which affected hundreds of millions of users, something that will only increase in 2017.”
Florian Malecki, International Product Marketing Director at SonicWall

Password vulnerabilities and customer verification
“It is at the core of every modern interaction consumers have with organisations, from the Government to banks, retailers, and utility companies. The contact centre is the key portal here, and biometric solutions will be at the forefront in the 2017 battle against the fraudsters.”
Michiel Lely, VP Practices EMEA at Verint Systems

Mobile payments
“Mobile payments is a new avenue of attack for hackers and is a potentially lucrative channel for hackers to exploit as they would be able to gain access to users’ money as well as their personal and financial information too.”
David Midgley, Head of Operations at Total Processing

The proliferation of highly scalable attacks
“It seems that the one-off exploits and attacks have lost their shine in the hacking world, and large scalable attacks (such as the Mirai botnet taking down Liberia) are far more interesting due to the enormous impact.”
Mike Ahmadi, Global Director – Critical Security Systems at Synopsys

Increasingly complex attacks
“Criminals are modifying malware to execute increasingly complex attacks, using multiple techniques to deliver end-point Trojans, plus malware modules to infiltrate, drop ransomware payloads and steal credentials – this will be the new normal and there will be fewer ‘simple’ ransomware attacks.”
Ian Trump, Global Security Lead at SolarWinds MSP

Breaches focused on theft of Intellectual Property
“The financial incentive for data breaches continues to grow and the black market for stolen intellectual property is recognised as lucrative and challenging to protect, while the actors, typically insiders, go unmonitored.”
Ken Spinner, VP of Global Field Engineering at Varonis

Compromised credentials
“Compromised credentials can happen to any company and they’re very difficult to detect until it’s too late because traditional security tools like anti-virus software and perimeter defences will not pick up a cybercriminal using legitimate logins — as we’ve seen with high-profile organisations recently like Three, Sony, eBay, Sage and Anthem.”
François Amigorena, CEO at IS Decisions

Identity Fraud
As businesses continue to move online, legally required know-your-customer (KYC) measures that were previously conducted face-to-face are getting harder to execute.”
Husayn Kassai, Co-Founder and CEO at Onfido

Continued breach of secure data
“Enterprises will continue to suffer data security theft in 2017 simply because the perpetrators of such crimes have access to the same technology as the data owners and are placing greater amounts of human resource behind their efforts as they realise data is a rapidly appreciating asset class.”
Brian Donegan, Head of e-Business Operations for the Isle of Man Government’s Department of Economic Development

Snoopers Charter [in Britain]
“This new law extending the reach of state surveillance in Britain will actively be used in 2017 by public agencies, and malicious attackers will no doubt take advantage of the information that will be made available, so we're going to see more data breaches splashed across news headlines.” 
Ben Rafferty, Global Solutions Director at Semafone 

Ransomware
“Increases in ransomware, and as a result, companies may start to actually budget money to buy back their own data after a ransomware event – as long as the majority of ransoms remains relatively low, companies will continue to pay them, and they may do so without involving law enforcement to avoid disruption to their business and affecting their brand.”
From Tom Kemp, CEO of Centrify

Crime as a Service – CaaS’
“Why do the crime yourself when you can get paid for someone else doing it?”
Dave Nicholson, Technical Sales Consultant Sales at Axial systems

Account takeover fraud
With millions of usernames and passwords revealed in major data breaches in 2015 and 2016, this year will see cyber criminals reaping the rewards by using these stolen credentials to hijack a wide variety of other online accounts, from flight reward programs and online betting accounts, right through to supermarket loyalty point schemes and event ticket exchanges.”
Graeme Newman, Chief of Innovation at CFC Underwriting

Password re-use
“When people use the same, easy-to-remember passwords across multiple accounts, they’re putting themselves and their companies at greater risk of being compromised. If a hacker can get into one of your accounts, they can access them all.”
Joe Siegrist, VP and General Manager at LastPass

Malware
“This intrusive software secretly accesses a device without the user’s knowledge - one of the reasons malware has become such a huge issue is that hackers are hiding it within encrypted internet traffic on a massive scale, going undetected by organisations.”
Keiron Shepherd, Senior Security Specialist at F5 Networks

Budget
“Simply because some companies are not prepared to protect their systems due to the expense, leaving them vulnerable to hazards and attacks.”
Andy Hinxman, Managing Director of Keybridge IT

Network attacks involving data manipulation
“Attackers can still largely go to work on a network without fear of being detected, and they will see a bigger payoff from data manipulation than outright theft. This kind of data manipulation ‘hack’ was popularised in the movie Ferris Bueller’s Day Off where his friend breaks into the school’s attendance system and wipes out all of Ferris’ absences.”
Peter Nguyen, Director of Technical Services at LightCyber

Lack of foresight  
“People’s awareness of network security is on the rise so we expect more investment in high strength - in depth solutions to protect sensitive customer data.  However, we expect that some companies will continue just as they are and make it into the news for unwanted reasons.”
Ant Smith, Network and Security Architect at Timico Technology Services

Complacency
“... not making security a core tenet of business operations, will continue to result in breaches, bad publicity and brand damage, and financial losses for organisations. Consumers, shareholders and government regulators are quickly losing patience and tolerance for security issues.”
Robert Capps, VP of business development at NuData Security

Open source vulnerabilities
“With the persistent use of open source components, developers are unwittingly creating a systemic risk in organisations’ digital infrastructure and many are not being furnished with the tools to write better, more secure code. Recent analysis, drawn from code-level analysis of billions of lines of code, has revealed that as many as 97 percent of Java applications contain at least one component with a known vulnerability. Unless we see a significant move towards secure application development practices, this threat won’t just persist throughout 2017, but extend far beyond.”
Colin Domoney, Senior Product Innovation Manager at Veracode

New strains of Mirai
“Mirai was just the beginning. As that code has morphed already from its initial incarnation, new strains and code variants will only increase attack size, complexity, and ferocity in 2017. As defences continue to adapt and mitigate Mirai-based attacks, there will be substantial ebb and flow in online combat as attackers and defenders work to one-up each other.”
Deborah Clark, Snr. Director Security Services at Neustar

 

Breaches related to people…

The good guys
The good guys: the unintentional insider threats. The people diligently working in your organisation who are unwittingly creating vulnerabilities for cyber criminals to latch onto through accidental carelessness, a lack of education and zero user behaviour analysis in an organisation. Make no bones about it, insider threats are a major issue - organisations need make staff education on cyber threats, including the simple ways they can be prevented, a priority.”
Dr. Jamie Graves CEO at ZoneFox

A failure to understand digital locks
“Because they lock the doors to their homes but don’t password protect their devices and data.”
James Wickes, CEO and Co-Founder of Cloudview

Careless password users
“The users of digital services (consumers and business) are the biggest threat by being naïve and careless with passwords, lending their devices to other users, accessing unprotected open networks and clicking on unknown domains via fraudulent links and apps. Google, Apple and Facebook have all been working tirelessly since the recent iCloud leak to protect their users better but all businesses need to consider this, whether it’s through 2-way identification, predictive analytics of security threats or improved education of staff. If users get hacked then it impacts the business as well.”
Magnus Jern, President of DMI International

The socially engineered
“…usually by email, of a company’s staff or an employee turning ‘bad’ in the absence of employee training, threat management systems and a layered approach to email and document security.”
Roy Russell, CEO at Ascertus Limited

The ‘uneducated’
“In our opinion, people may be the weakest link in cyber security for 2017. With social engineering attacks on the increase people are fast becoming the biggest vulnerability; particularly to organisations. We believe that a lack of available consumer education about cybersecurity is the biggest security threat because without education, consumers may be more likely to fall victim to phishing and malware traps.”
Andy Thomas, Managing Director at CSID Europe, a part of Experian

People will always be the weakest link
“The biggest security threat is people - it always has been and for the foreseeable future will continue to be the number one vulnerability in any IT security issue.”
Richard Blanford, Managing Director at Fordway

Staff taking risks
“Staff often don’t understand the value of the information they are handling and fail to protect their data communications accordingly, so secure communications need to become ubiquitous and provide ‘secure by default’ protection.”
David Holman, Director at Armour Comms

Cyber-Insiders
“Cyber-Insiders are employees (or contractors and others with ‘inside’ access) who hack into internal systems and data belonging to their employers.”
Matthew Brennan, President at VirtualArmour

Malicious insiders
“The way that files are managed, monitored and shared by staff or partners is key. Someone with malicious intent can download data to a disc or USB key, unless there are safeguards built in to the infrastructure that flag this movement of data.”
Michael Hack, Senior Vice President of EMEA Operations at Ipswitch

Silly internal employees
“Most will be unwilling vessels for phishing, social engineering, or malware propagation. Employees have always been a weakness in defences. In fact, the Great Wall of China, an example of security perimeter was circumvented by Mongols by bribing wall guards.”
Paul Calatayud, CTO at FireMon

Human error
“Human error is such a big threat because mistakes can happen so easily: an employee could accidently share their details, click a malicious link, access their account on an insecure network, or simply have a weak password that is easy to crack. It was the cause of 52 percent of data breaches this year, and is only predicted to rise.”
Graham Hunter, VP Certifications, Europe and Middle East at CompTIA

Those who flout the rules
“There will always be a small percentage of people who do not adhere to security policy and best practices. They will either do this on purpose with some criminal intent or through ignorance and/or carelessness.”
Martyn Davies, Director, Product Development at Rocket Software

You can’t ‘patch’ people
“Given the rise in polymorphic malware, end users remain the biggest security threat in 2017, as no amount of blacklisting, software patching or awareness training can account for the fact that someone will always click the link in a half-decent phishing email, or open the attachment - so we need to try a different approach to security; one that allows traditional malware, ransomware and whatever other nasty new tricks the hackers have up their sleeves to run, without posing a risk.”
Fraser Kyne, EMEA CTO at Bromium

 

The Internet of Things…

Loss of life is next
“Criminals will continue to take advantage of security holes in devices that make up the Internet of Things (IoT).  Either through direct tampering or remote control takeover of critical devices, I fear we will see loss of human life result from cases of hijacked IoT devices.”
Cesare Garlati, chief security strategist at pprl Foundation

Connectivity
“As attackers continue to exploit the ‘always on’ capabilities of smart devices and the first line of defence to those devices: the home gateway. We’ve seen numerous examples of this in the past year, but the problem will get worse as security vulnerabilities in these devices are discovered and taken advantage of, leaving consumers at risk.”
Art wift, President at prpl Foundation

Massive DDoS attacks
“This is due to the release of the Mirai source code and Gartner’s estimate that by 2020, 50 Billion connected ‘things’ will be on the internet, this is up from the 6.4 billion last year.”
Michael Patterson, CEO of Plixer International

The botnet made up of not-so-smart things
“A single IoT botnet (Mirai) managed to cripple the Internet for several hours by simply targeting one of the major DNS providers. This is, simply put, a level of control over worldwide communications that was previously reserved for the most powerful state actors, now in the hands of unknown individuals.”
Catalin Cosoi, Chief Security Strategist at Bitdefender

Larger botnets
“2017 will see further growth in malware and the exploitation of IoT to develop even larger botnets to add a yet another twist on ransomware with complicated denial of service attacks.  In terms of domains, the healthcare sector is likely to come under more sustained attack and this will bring data integrity strongly into play.”
Bryan Lillie, Chief Technology Officer at QinetiQ

Insecurity by default
“IoT as it is insecure by default. How do you update millions of devices in homes and on people?” 
Steve Nice, Security Technologist at Node4

Legacy systems have not been updates
“Legacy systems adapting to the IoT will continue to vex many organisations - the question will be how IT can successfully apply modern security practices to these older devices as they move forward.”
Jason Allaway, VP of UK & Ireland at RES

The internet of botnets
“The IoT genie is well and truly out of the bottle.  The poor security of millions of consumer-grade connected devices provides a massively distributed network that can be and will be used to perform attacks on an unprecedented scale.”
Alex Ayers, Co-Founder & Consulting Director at Turnkey Consulting

Security standard needed
“The IoT will be the greatest risk of 2017 until the negligent security culture within the industry is addressed, and a common set of security standards is established. The desire to meet demand before competitors is leading to unsecure programming and devices, which has huge security implications.”
Oscar Arean, Technical Operations Manager at Databarracks

Botnets will target service providers
“With the continued expansion of the number of IoT devices and the known vulnerabilities which are not being rectified, the potential for large IoT based botnets to attack major service providers is a growing concern as the disruption to the service provider could have a massive impact on users and organisations.”
Phil Brett, Consultant at EACS  

Critical infrastructure is at risk
“IoT is the biggest security threat in 2017, major industrial control system attack, water treatment plant or similar facility are at risk of attacked. DDoS attacks aimed at a facility like this represent a real threat especially IoT enabled devices.”
Dr. Chase Cunningham, Director of Cyber Operations at A10 Networks

IoT data is also a concern
“After multiple reports on critical vulnerabilities in consumer and industry devices, IoT security has now become a massive cause for concern, even at the federal government level. Several measures are already being taken to gap holes and prevent security breaches at the device level; however, more needs to be done including securing IoT-related data and security updates on IoT devices.”
Nazar Tymoshyk, Security Consultant Lead at SoftServe

Sloppy manufacturing hygiene
“The challenge is network-connected devices are plagued with known vulnerabilities and exploitable weaknesses often due to sloppy manufacturing hygiene.”
Joe Jarzombek, Global Manager at Synopsys

The weaponisation of unsecured IoT
“The increasing weaponisation of unsecured IoT devices to magnify sustained volumetric cyberattacks and to enhance scope of reconnaissance campaigns.”
Cameron Brown, an Independent Cyber Defence Adviser

Malware on a large scale
“Recent and escalating attacks in 2016 are proving that malware can affect a mass of IoT devices are a variety of type, making them part of a large botnet that can be very difficult to clean up.”
Dr. Giovanni Vigna, CTO and Co-Founder of Lastline, Inc

OT connected to IT creates a fundamental weakness
“In our hyper connected world attackers will take even greater advantage of the vulnerabilities introduced when Operational Technology (OT) connects with Information Technology (IT) with potentially catastrophic consequences affecting not just the continuity, integrity and availability of data, but also the operation of physical systems that could impact our wellbeing and ultimately safety.”
Luke Beeson, Vice President at BT Security

Lack of endpoint protection
“Lack of endpoint protection in interconnected IP systems: IoT devices tend to be vulnerable to security threats, often because they're either running old software or because security was not prioritised at product design stage. As consumers and businesses bring more Internet-connected devices into their homes and premises, many fail to realise that they have inbuilt sensors, putting them at greater risk of their systems being hacked and controlled or being the victim of DDoS attacks.”
Marc Sollars, CTO at Teneo

IoT will be the ultimate victim of Ransomware
“As attackers discover the potential of IoT devices, DDoS and R(ansom)DoS attacks will grow bigger and attack vectors will become more sophisticated, at the same time other classes of IoT devices will fall victim to Ransomware.”
Pascal Geenens, EMEA Security Evangelist at Radware

The internet of hacking
“The emergence of IoT hacking. As more people integrate IoT devices into their home and work environment, it will create opportunities for hackers to hack into these areas and exploit the vulnerability of the IoT devices, as IoT security is often an afterthought. This will lead to an increase in personal data breaches.” 
Myles Bray, Vice President, EMEA at ForeScout Technologies Inc

Ransomware is a huge risk
“IoT applications are a key feature of the home of the future and these could easily become at risk to ransomware, as attackers deny access to underlying hardware and services, unless the owner is willing to pay a sum of money. The industry must look at how security should be adapted and guidelines introduced as this will be crucial to ensuring security is made a fundamental part of all future IoT products by the industries own hand and not enforced by legislation.”
Quentyn Taylor, Director of Information Security at Canon Europe

The rise of botnet armies
“With Mirai highlighting the massive amount of insecure, easily accessible devices exposed to the internet, IoT will become a target of choice for the creation of botnet armies leveraged for dubious and impactful activity.”
Gavin Millard, EMEA Technical Director at Tenable Network Security

IoT software suppliers need to invest in security
“We hope that responsible suppliers of these devices will invest further in software security to harden against malware infiltrations, however what of those grey import / low cost / vendor unspecified devices that will most likely sit in people’s homes? ISP’s and National CERT’s must be on guard to gain situational awareness so as to catch and manage such abuse traffic coming from malware infestations which are no longer limited to server and desktop platforms.”
Adam Brown, Manager – Security Solutions at Synopsys

IoT is being increasingly fundamental to infrastructure
 “Compromising these devices can have the biggest human impact; since they’re designed to keep our energy, communication, and transportation grids safe and operational.”
Stephen Gates, Chief Research Intelligence Analyst at NSFOCUS IB

Opportunistic hackers can target everything
“Anything connected to the internet – be it a smart city, power grid or transport infrastructure – is not safe from opportunistic cyber hackers.”
Richard Parris, CEO at Intercede

DDoS attacks 
“Botnets like Mirai, which in 2016 was involved in a number of high-profile DDoS attacks after it targeted internet infrastructure firm Dyn, use the increasing number of IoT devices which often lack basic security features. These botnets are readily available on the dark web for little or no money so businesses should prepare themselves for further DDoS attacks in 2017.”
Cath Goulding, ‎Head of IT Security at Nominet UK

A false sense of magic
“IoT and IIoT devices offer a false sense of ‘magic’ and intelligence in controlling the physical world, but they are not designed to be as intelligent to protect the system they are controlling. Think about the recent IoT-botnet attack, the Ukraine attack, etc – all were made possible by inadequate security architectures/solutions of such complex cyber-physical systems.”
Moreno Carullo, Co-Founder & CTO at Nozomi Networks

 

Also read:
What will be the single biggest security threat of 2016?
The IoT “time bomb” report: 49 security experts share their views
The dark web & business report: A seedy Dickensian underworld online
Botnets: Why does everyone forget the unwitting DDoS foot soldiers?

PREVIOUS ARTICLE

«Quotes of the Week: "An insult to life"

NEXT ARTICLE

The need for ICT research in Africa»
author_image
Kathryn Cave

Editor at IDG Connect

  • twt
  • twt
  • Mail

Add Your Comment

Blogs

martin-veitch-thumbnail

My day in the Jeff Bezos and Amazon forest

Martin Veitch's inside track on today’s tech trends

phil-muncaster

China Rising

Why WannaCry might make Microsoft cry in China

Phil Muncaster reports on China and beyond

dan2

Doubting Disruption

Can we stop with all the Snapchat clones?

Dan Swinhoe casts a critical eye on the future

Most Recent Comments

Our Case Studies

IDG Connect delivers full creative solutions to meet all your demand generatlon needs. These cover the full scope of options, from customized content and lead delivery through to fully integrated campaigns.

images

Our Marketing Research

Our in-house analyst and editorial team create a range of insights for the global marketing community. These look at IT buying preferences, the latest soclal media trends and other zeitgeist topics.

images

Poll

Should we donate our health data the same way we donate organs?