News Feature | December 27, 2016

How 2016 Cyber Attacks Will Impact 2017 Security Strategies

Christine Kern

By Christine Kern, contributing writer

Retail Security: Cyber Tech Fuels Cybercrime

Survey finds despite escalating threats, few changes to security are planned in 2017.

Experts speculated 2016 would see an explosion of cybersecurity threats, and they were right. Now, 2017 promises to be an even more dangerous cyber minefield as hackers get more sophisticated, organized, and emboldened in their attacks.

According to Venture Beat, these escalated challenges will be seen in a number of ways in 2017:

  1. Attackers won’t just steal data: they will change it, targeting data integrity. One good example of this is interfering with political elections.
  2. Consumer devices will be held for (cyber) ransom. Attackers will move from targeting large entities to single consumers across a range of connected devices including appliances and cars.
  3. Artificial intelligence will be weaponized to carry out highly sophisticated and persistent attacks.

Yet, despite the alarming escalation of cybercrime activity, it appears many security professionals are maintaining the status quo when it comes to protection. As Jonathon Crowe of Barkly writes, “In a year dominated by the accelerating rise of ransomware, the biggest threat of all may be ¯\_(ツ)_/¯.”

Barkly surveyed IT professionals at more than 100 organizations to gauge how they had been impacted by cyber attacks in 2016 and how that shaping their budgets and strategies for 2017. Surprisingly, despite reporting significant concerns about both new threats and old and persistent ones, the majority of organizations report they are planning more of the same when it comes to cybersecurity strategies and planning. And considering one-third of those polled said their existing security had been bypassed by a cyberattack in 2016, these are surprising results.

Despite the fact 71 percent of organizations targeted with ransomware attacks were infected, nearly two-thirds of IT pros said their organization planned no significant changes to their security stacks in 2017. In fact, “Over half the organizations that suffered successful cyber-attacks in 2016 aren’t making any changes to their security in 2017.”

Why aren’t they responding?

Budget is the number one answer: for nearly 60 percent of the IT pros surveyed, their 2017 IT security budget was set to decrease or remain flat. Just a third said they anticipate having a larger budget to use for implementing security measures.

Data from the Barkly survey suggests there are other factors at work. “Despite the successful attacks and infections,” Crowe writes, “it actually appears the majority of IT pros are happily confident in their protection. Half the respondents rated their confidence in their current security stack four out of five. Another 12 percent rated their confidence a perfect five out of five.”

Even those IT pros whose organizations had suffered a successful cyber attack reported having higher confidence in their security heading into the new year, though increased doubt set in when asked about their ability to prevent and handle ransomware attacks or others infections due to user mistakes. Ultimately, the survey revealed some major disconnect between confidence, concerns, and gaps, highlighting the need to strengthen security solutions that are actively being bypassed by hackers.

Barkly co-founder and CTO Jack Danahy said, “The ability of companies to recover encrypted data from backup has been widely viewed as taking the sting out of ransomware attacks. But it’s dangerous to think of backup as a ransomware solution. For many reasons, tolerating infections and assuming they can be easily remedied with backup is extremely risky.”