7 security predictions for 2017

If you thought 2016 was bad, fasten your seat belts -- next year is going to be even worse

1 2 Page 2
Page 2 of 2

"A lot of attention is focused on 'smart devices' as proof of IoT's growing influence. The reality is a connected device doesn't make it a smart device. The 'things' that are being connected often 'fire-and-forget' in their simplicity, or are built-in features and tools we may not even know are there -- like the routers used in the Mirai botnet. This leads to a mindset of ignoring these 'dumb' devices without paying attention to the fact that these devices, while inherently 'dumb', are connected to the biggest party-line ever made: the internet," says Bomgar's Matt Dircks.

This isn't just a problem for smaller consumer devices, or even for connected homes and cars. Dircks isn't even particularly focused on the possibility of another DDoS attack. What's more troubling is the potential for an attack on large, widespread infrastructure systems like the power grid, or even avionics or railway systems, he says.

"I'm not worried about things like if my connected showerhead turns on hot or cold. I think there's a fairly significant chance we'll see a major hack on power grids or on transportation systems like rail in 2017. This is the 'dumb' IoT that's still out there -- the technology from the 1950s and 1960s that's powering these critical infrastructure systems that is almost totally unsecured," he says.

This is a perception problem; the general public doesn't tend to see these systems as being similar to the IoT devices they use with increasing frequency -- even mobile phones can fall into that category, says Millis.

"Like smartphones before them, IoT devices are assumed to be new, separate, and not subject to the same limits, as older technology, but think about it. It's nonsense: Smartphones are the most plentiful internet device around. IoT is the next hyper-jump in scale. Some organizations are wisely ahead of the curve a little bit this time, trying to head off the same security issues that mobile devices are facing now. So far, activity here has all come down to prevention yet again, but we believe every device and/or connection can be compromised. Shortening dwell time and securing IoT depends on being able to tell when that inevitably happens, as quickly as possible and with the highest level of confidence," Millis says.

Related Video

This story, "7 security predictions for 2017" was originally published by CIO.

1 2 Page 2
Page 2 of 2