While many people are happy to see the year 2016 come to an end as far as Internet of Things security failures go, we aren’t optimistic that 2017 is going to be much better. In fact, we think there is real potential for the new year to be much more challenging. Why? Well, cybercriminals have a big head start and we feel too many organizations are still not protecting their IoT devices well enough, and they are not responding fast enough to the looming threats.
With that in mind, the ZingBox crew got together and pulled the company’s crystal ball out of the closet and came up with a few predictions for the next 12 months. Using our IoT security industry experience, expertise, and foresight, we came up with the following forecast:
- 2 million IoT devices will come under the control of Mirai malware or its derivatives
- Ransomware on mission critical IoT devices will become more frequent and create more fear, in effect, like cyber-terrorism
- Healthcare will remain the No.1 attacked industry due to connected medical devices
More of What We Foresee for IoT Security in 2017
Okay, you don’t have to be Nostradamus to foresee this one coming: there will be more DDoS attacks leveraging IoT device botnets. Why? The miscreants behind the major DDoS attacks released the Mirai malware to the wild, i.e., posting the code on hacker forums for all to (mis)use. And because there are going to be more DDoS attacks, Internet service providers are going to feel the pain in their wallets when their clients’ websites go dark and their owners insist on being compensated for the loss of revenue.
We also foresee cyber-attacks will cause physical damage/harm next year. We’re mighty sure that 2017 will be the year when the convergence of cyber and physical space will be exploited to cause damage.
Ransomware attacks on IoT are going to be the next “big and scary thing” in IoT security. The prospects are frightening when you consider the idea that instead of taking your data hostage, cybercriminals might threaten to take control of vehicles, industrial and manufacturing plants, or medical devices unless they are paid a whopping ransom.
The Blame Game
IoT security is a shared responsibility between IT, OT, and device vendors. What we expect to see in 2017 is a game like musical chairs, where the ownership of security will remain unclear within organizations. Eventually, this will lead to the restructuring of many IT organizations to address this issue.
We can foresee some regulations finally being established. However, we believe whatever regulations see the light of day, unfortunately, they will be loosely enforced. Businesses that are ahead of the curve on security will adopt the best practices while the rest will sit on the sidelines waiting for when the regulations will be enforced. Security will be the driving force in 2017 and it will pass the baton to Compliance in the following year.
Real Solutions Will Emerge
In 2017, fragmentation will need to be tackled head-on and security will no longer be an afterthought for IoT vendors. Manufacturers will start designing products with security in mind, but the fragmentation in the market will make it even harder for businesses adopting IoT solutions to manage and control the infrastructure. Businesses will long for a vendor agnostic/independent security solution.
IoT is a very loosely defined term that means different things to different people. Currently, there are various security architectures and deployment models that are cluttering the market and clamoring for attention. In 2017, we think we’ll see real IoT security solutions that cut through this noise. These solutions will be use-case driven rather than generic platforms.
Unsupervised machine learning will become the primary tool in fighting IoT attacks. We believe that soon, when hundreds of analytics features are piped into IoT machine-learning models, it will lead to more accurate results for data applications, including device identification, device profiling, and anomaly detections. It is this actual data that ultimately gives the real power to security of things to fight against IoT cyber-attacks.
Healthcare Will Lead the Way
The high-water mark for HIPPA fines for non-compliance reached $20 million in 2016. We’re darn sure with the growing threats to unsecured IoMT (network-connected medical devices) that penalties are going to grow as well. However, we are confident that healthcare institutions are going to lead the way in addressing IoT security weaknesses. And ZingBox fully expects to be part of that effort.
What do you think about our 2017 prognostications? Are we in line with your ideas about the near future? Let us know what you think in the “Comment” section below. Thank you.