The cyber-security landscape is at a critical juncture. From nation-state attacks to an increasing rate of hacks, breaches and disruptions, the online world is facing more threats than ever before.
On both sides of the fight – the good and worryingly, also the bad, the technologies and resources available to hackers and security teams alike are advancing at a terrifying pace.
2017 will bring new attacks and breaches as cyber-criminals up the ante to obtain a new precious commodity – people's data. It will be a year of significant importance for firms which protect such information and one where the cyber-security landscape once again undergoes a seismic shift.
The following points outline my thoughts on what 2017 will hold for the cyber-security industry:
- With Donald Trump as the new US President, nation-state attacks will be influenced by his diplomacy. Such attacks will be more discrete than usual as heads of state try to work out who their new friends and foes are. That said, it would be foolish to assume people across the world are not already collecting information on the Trump family for a rainy day. Expect to see a cyber-breach with a presidential element to it in 2017.
- There is substantial worry over the proliferation of all the intrusion and phishing tools openly available on the dark web. Over the last few years this has bred a new category of DIY hacking through the programmes and technology available. 2016 has expedited this and hacking into companies is no longer as much of a challenging task as it once was – we'll see more of these attacks happening throughout the course of 2017.
- At least one challenger bank will have issues with their login approach in 2017. This will be due to a focus on usability in a bid to attract customers of more traditional banks, rather than on security. Such is the speed that these up-and-coming financial institutions are being formed that they often overlook the crucial infrastructure that their more substantial rivals have in place to keep customers secure.
- The Government, Bank of England and GCHQ have previously stated that they would define a framework for asking online customers to prove their innocence and their devices' security before being compensated for online fraud. If this moves forward in 2017, it would bring a paradigm shift with it. 2017 could be the year where financial institutions and industry bodies will start to implement these in a more public manner.
- M&A and IPO activities are on the rise, and will continue to gather pace in 2017, such is the demand to invest. With this uptick in activity, there is a good chance that we will see data issues such as breaches or hacks uncovered as companies carry out their due diligence before deals are finalised. The most significant example of this in 2016 was in the acquisition of Yahoo! by Verizon. I expect there will be a few more unpleasant surprises uncovered next year.
- 2016 was a record year in terms of the sheer number of data leaks coming to the fore in the public domain, and 2017 looks set to continue this trend to what is an increasingly numb audience. A new industry will emerge, consisting of data sifters and aggregators who will compile stories and sell them on as a way of doing business. This is already happening in the dark web, where you can now order a dossier on an individual, company or government department that details everything from business negotiation to blackmail.
- Cyber-security already is and will continue to become an even larger economy. There will be a severe skills shortage as employers compete against tempting offers from their rivals, social media companies and even criminal gangs. Fundamentally, there are very few companies that will not need to invest in people to manage their online security. The skills gap between this demand and the IT-literacy of the UK workforce will only further exacerbate this issue.
- However, it won't be all negative. Governments are beginning to wake up to the fact that they cannot fight cyber-crime on their own. Take for instance the announcement from the UK Government that it will launch the UK's first systematic National Cyber Security Programme, with £1.9 billion in funding earmarked to help defend against breaches and cyber-attacks. I believe similar initiatives will be announced over the next 12 months.
- We are aware of one particular academic institution making some major quantum computing breakthroughs. They may well decide to announce these achievements in 2017. If this does happen, the way we use computers and the way we protect ourselves in the cyber-world will change dramatically.
Cyber-security is an extremely difficult area to predict. But 2017 promises to deliver on many of these points, and with it fundamentally alter the cyber-landscape once more.
Contributed by Andersen Cheng, CEO, Post-Quantum