In the world of cybersecurity, 2016 was a banner year – and not in a good way. From the Bank of Bangladesh/SWIFT heist in February to the Dyn DDoS attack a few weeks ago, the year’s wild attacks have one thing in common: They were proof that hacker innovation is on a growth trajectory.
That’s the bad news. The good news is that businesses and consumers are also much more aware of cyber threats than they were 12 months ago, and that’s the jumping off point of my cybersecurity predictions for 2017.
1. Consumers will care a lot more about the security of the companies they do business with.
With hackers hitting organizations from the Internal Revenue Service to the University of California, Berkeley in 2016, consumers are more anxious than ever about the downstream financial crime that follows data breaches. In 2017, consumer demand will emerge around wanting to understand more about the security of the organizations they do business with. Just as companies promote “seals of approval” for accomplishments like being “green,” (environmentally friendly), promoting gender equality or having accident-free workplaces, consumer facing businesses will start looking for ways to promote their security posture as a differentiator to reassure wary consumers.
2. Consumers will care a lot more about their own cybersecurity.
The great doorbell hack of 2016 kicked off the year with a loud “ding-dong.” Hackers figured out that smart home devices such as doorbells and refrigerators are gateways to home WiFi networks and Gmail logins, respectively––and surely that is just the beginning. As consumers embrace more Internet of Things (IoT) devices within the home, and more and more of their daily affairs (like banking and shopping) are conducted online, the security of their home technology environment will become extremely important. I predict that in 2017, new services will emerge that allow consumers to not only protect, but evaluate and improve their own cybersecurity.
3. Businesses will care a lot more about the cyber security of the companies they do business with.
Led by the Office of the Comptroller of the Currency (OCC) directives requiring banks to manage risks, including cyber security risk, in their third-party relationships, companies in all industries will start paying a lot more attention to their business partners’ cyber security posture in 2017. The web of risk is incredibly wide; I recently spoke with executives at a large US company about the FICO® Enterprise Security Score (ESS) and how it can help them reduce their risk exposure through partner networks. This particular company is connected with more than 30,000 business partners, and reckons that ESS can help it track and manage risk across thousands of the most critical of these relationships.
4. Consumers and businesses will finally recognize the kinetic threat potential of IoT devices.
Beyond hacked doorbells and refrigerators, IoT devices like self-driving cars can present serious security threats that are very real, impacting not only data but physical safety. While I hope no tragedy will precipitate my prediction being realized, in 2017 I predict that people and businesses will make security considerations a priority in their decisions to use IoT devices, not an afterthought. IoT-dependent manufacturers will respond positively to publicly discussed risk mitigation strategies and differentiators.
5. Biometric security data may become the biggest security vulnerability of all.
Starting with Apple TouchID, biometric identification has now gone mainstream. (Even three-year-old kids’ fingerprints are being captured when they visit Disney World.) Hailed as being safer than digit-based passwords, biometric security data presents explosive potential in hackers’ hands.
In the aftermath of the compromise of 5.6 million US government military, civilian and contractor personnel fingerprints, Eva Velasquez, CEO of the Identity Theft Resource Center, explained that stolen fingerprints may be a big problem in the future if biometric technology is used to verify bank accounts, home security systems and even travel verifications. You always have the option of changing your password, but you can’t change your fingerprints. Recovering from compromised biometric intel is very challenging indeed.
Say hello to 2017.
Follow me on Twitter @dougoclare.