Greg Day, European Chief Security Officer at Palo Alto Networks discusses his set of cyber predictions for 2017.

The innovations in today’s digital world continue to advance at a tremendous pace, and 2016 didn’t fail to have an impact on society. As a hobbyist in remote flight, the introduction of drones to deliver blood and medicines in Rwanda from a Silicon Valley startup was an amazing example of how IoT can have a hugely positive impact on society. I can’t wait for the completion of the US$10million Tricorder Xprise to be announced in early 2017, when fiction is expected to become fact, as a portable wireless device is anticipated to be able to monitor and diagnose health conditions.

From a cybersecurity perspective

What can we expect in 2017 from a cybersecurity perspective? Personally, I believe 2017 and early 2018 will be the most exciting years in terms of evolving our cybersecurity capabilities as businesses prepare for the May 2018 deadlines imposed by upcoming EU legislation changes. This is a rare opportunity to step back and take stock of our capabilities, and to validate if they are still fit for purpose, both for the approaching deadline and for the future thereafter. This is a welcome driver to look to the future, as security professionals are often so caught up in enabling ongoing technology innovations and managing evolving cyber risks.

So here are my predictions for the next 12 months:

1. 2017 is the year that businesses need to get prepared for the May 2018 deadline for upcoming EU legislation in the form of the GDPR and NIS Directive. This will mean that businesses finally have to gain control of the mountains of data they have gathered and generated and to understand both the value and risks they create for the business. We can expect some early examples to be made, as the EU looks to ensure that business take their digital societal responsibilities Cybersecurity leaders will need to validate that their cybersecurity capabilities are relevant to the risk they face and that they leverage current best practices, referred to as ‘state of the art’, with clearly documented processes and measures.  Too often security experts continue to hold onto legacy practices as they perceive that continuing to do the same things as before is enough. As such, 2017 will be the year for change.

2. Businesses will be vulnerable as they are immobilised by the confusion of what a good next-generation endpoint strategy looks like. With the growing volume of unique attacks, organisations have, for a long time, been looking for new solutions to either complement or replace signature-based approaches.  However, with many different new approaches to choose from, businesses are hesitating for too long while they look for validation to define their future next-generation endpoint strategies. With the growth of ransomware, one instance has become one too many, and now is the time when next-generation capabilities are needed.

3. We will see the cybersecurity landscape continue to change. Ransomware will continue to have business impact.  Expect ransomware to target a broader range of platforms and to further leverage historical cyberattack techniques, such as APT-style attacks, as those behind them look to increase their profits. This threat remains lucrative and will continue to be a focus for attackers, which could distract them from developing threats leveraging other areas of technology. DDoS will refocus on the retail space as retailers become increasingly dependent on online revenue streams. Targeted credential theft will allow attackers to move the attack out of the business network.  As more businesses in Europe embrace cloud, credential theft, whether through social engineering or attack, will mean that adversaries have to spend little or no time in the businesses network to achieve many of their cyberattack goals.

4. While senior cybersecurity skills are in reasonable shape, practitioners are in demand and outsourcing capabilities are not scaled for evolving demands (volume of work, hybrid cloud/on-premise services, incident response, next-generation SOC requirements, training and running AI/big data systems). With the continuing growth of information to draw on in order to prevent and protect against cyberthreats, we can only expect more security events that need to be managed.  The scale of security experts has not and will not keep pace, therefore businesses must rethink how and where human skills should be leveraged in cybersecurity.  Today there are too many siloed human-dependent cybersecurity processes that, with evolving best practices, can and should be consolidated and automated.  In a market with limited skills, usability and automation should be treated as being equally important as capability.

5. Most companies will confirm whether cyber insurance will become a part of their investment strategy, and will realise that insurers are a valuable point for CISOs wishing to translate and validate risk to senior executives to help better understand their business’s cyber risks.

6. Cross-domain incidents will stop organisations siloing IoT/OT and business/home systems, and will help them start to realise it is actually one, big cyber mesh. It’s likely that essential services will suffer more outages, following the early examples in Ukraine, the recent Mirabot DDoS attack and others. In recent years, we have seen more attacks on automotive systems, so inevitably attackers will start to look move laterally into other autonomous systems, as they grow in popularity.  These may vary from driverless city centers to the Amazon button or the increasing use of drones for commercial businesses.

What will 2017 hold

It will be interesting to see how many of these come true over the next 12 months. If experience has taught me anything, some will have been achieved in half that time. Others will continue to emerge slowly. And as always, I’m sure we’ll be thrown a few curveballs. The only near-guarantee I can give is that the digital world will continue to have an amazing and positive impact on our lives, and I’m proud to be part of the global cybersecurity community that supports its enablement.

Edited for web by Jordan Platt.