WEBINAR: Current State of Ransomware in State and Local Government

TIME: 10:00 AM (PST) / 1:00 PM (EST)

Speaker: Kevin Haley, Director Symantec Security Response

Ransomware has become extremely popular with cyber criminals because it’s easy and very profitable. Organizations can defend themselves and lower the risk of ransomware or other common threats costing them time and money.  



Key Learning Objectives:



- A look at the current state of ransomware



- Simple and inexpensive steps that can advance state and local government security posture



- Better understanding of the cyber security landscape



- Best practices to take in cyber defense



Join us for a review on simple ways, state and local government can protect themselves against ransomware attacks.  



Click here to register

Thank you

This week we’re happy to announce the introduction of Business Email Scam Analyzer to help give Symantec Email Security.Cloud customers increased visibility into business email scams such as business email compromise.

The Business Email Scam Analyzer is a backend component of the Email Security.Cloud Anti-Spam service that has existed for months, developed as a response to Business Email Compromise. Customers do not need to configure any settings to start benefiting from the new visibility of this detection method.

At this point the Anti-Spam service provides visibility to customers by reporting on an additional spam detection method called “Business Email Scam Analyzer”. The data can be reviewed in both the Dashboard and as part of the Anti-Spam-related Summary and Detailed reports.

More information about Business Email Compromise can be found in our blogs

New BEC scams seek to build trust first, request wire transfer later

Billion-dollar scams: The numbers behind BEC fraud

Business Email Compromise – How to Protect your Organization

Symantec President and Chief Operating Officer Michael Fey will join executives from Accenture, Bank of America, Cisco, CA Technologies, Morgan Stanley and others on the Board of Directors for NPower, a nonprofit organization that aims to create pathways to economic prosperity by launching digital careers for military veterans and young adults from underserved communities. Their goal is to empower under-represented talent to pursue tech futures by teaching the digital and professional skills demanded by the marketplace, and engaging corporations, volunteers and nonprofits in the long-term success of students.

NPower is the link between non-traditional job seekers and companies hiring diverse technology workers, creating an alternative fast-track to IT jobs on a national scale and engaging employers in curriculum.

“Mike joining the board is a natural progression after all the meaningful support NPower has received from Symantec over the years as an education partner, an employer of our interns and graduates, and as funder of our programs,” said Dan Petrozzo, Chairman of NPower Board of Directors. “Symantec continues to be deeply committed to helping our students succeed to their utmost potential and having Mike officially join our executive leadership will take this partnership to a new level and allow us to deliver even more to the communities we serve.”

“I’m incredibly excited about the chance to become more involved with NPower,” said Michael Fey, Symantec President and COO. “They’re doing important work connecting the tech industry with the nonprofit community. They’re building excitement about the power of technology to enable social missions and education, and training people how to harness that power. I’m looking forward to great things.”

Symantec’s Cyber Career Connection program is a part of NPower’s advanced training initiatives, and focuses on closing the global workforce gap in the cyber security field. Participants receive targeted education, training and certifications that position them to fill in-demand cyber security jobs and enter long-term careers. 

“We are thrilled to welcome Mike to the NPower board,” said Bertina Ceccarelli, NPower Chief Executive Office. “Mike’s passion for and belief in the transformative power of technology will be a great contribution to our strategic direction and the execution of our mission.” 

Learn more about the Symantec Cyber Career Connection program.

Symantec Email Security .cloud’s Email Quarantine service intercepts and stores emails that have been identified as spam. This prevents unwanted email from reaching users’ normal email inboxes, which increases security and reduces inbox clutter for Email Security .cloud users. 

In addition to this basic quarantine functionality, end users have come to expect clean, modern interfaces that are optimized for mobile devices, and that allow separation of bulk mail newsletters from conventional spam. Managers and administrators want to improve their organization’s security posture by preventing users from receiving or sending data or images that violate compliance policies.  Symantec’s new Email Quarantine platform delivers these improvements for managers, administrators, and users alike.
 

What is changing?

The new Symantec Email Quarantine Portal improves quarantine functionality and replaces the existing quarantine tools (Spam Manager and Message Manager) that have previously been available in different geographical areas.  The new Quarantine Portal is being rolled out in two phases: the first phase became available in late summer of 2016, and users are now being migrated worldwide. The second phase of the migration begins in early 2017.
 

Quarantine Portal first phase changes (now underway)

The first phase includes the Spam Manager functionality as well as other features and enhancements:

• New end-user portal with improved mobile experience
• Differentiation between spam and bulk mail (such as newsletters)
• Ability to approve senders directly from digest notifications
• Ability for administrators to see all quarantined message in a single view
• Customizable digest notification content
• More scheduling options for digest notifications
   

Quarantine Portal second phase changes (coming soon)

The second phase includes the Message Manager functionality, while also addressing user requests:

• Administrators can quarantine both inbound and outbound emails based on Data Protection and Image Control policies
• New, mobile-optimized experience for users
• Users can release emails to administrators for further investigation
• Administrators have greater visibility into quarantine usage through enhanced reporting
• Clear differentiation between spam and new data protection/image control emails
• New email information such as attachment names and email direction
   

Email Security.cloud Admin Console Changes

The Symantec Email Quarantine platform consists of two components: Symantec Email Security’s primary portal (Email Security.cloud admin console), and the new Email Quarantine Portal described above.

Until the second phase of the migration begins, quarantine settings remain available in Email Security.cloud admin console under Dashboard -> Services -> Email Services -> Anti-Spam for Spam Manager users.

For Message Manager customers, the quarantine settings are located under Dashboard -> Services -> Email Services -> Message Manager.

Once customers are migrated to the second phase, these two screens will be replaced by a single screen: Dashboard -> Services -> Email Services -> Email Quarantine. 
 

Is any customer action required?

For existing customers using the Email Quarantine in Symantec Email Security.cloud, no action is required to obtain these additional capabilities.

Current Symantec Message Manager customers will automatically be migrated and new emails will be directed to the new Email Quarantine so that customers can access their email using the new Email Quarantine portal. Migration dates will be published in the News section of the Email Security.cloud admin console.

Data Protection and Image Control Settings: If your organization is using the Email Safeguard bundle (which includes Data Protection and Image Control), then you will need to use the Email Security.cloud admin console to update individual policy rules for those services to select Quarantine as the action when an email triggers a rule.

Custom Templates: If you have created custom templates in the Quarantine Portal to generate email notifications for your end users, then you will need to re-create these templates after the second phase of the migration. Standard templates will be migrated automatically; no action is required.

Where can customers get more information?

We’re confident that you’ll find the portal changes intuitive and easy to use. In order to provide customers and partners with necessary resources and knowledge to support the new functionality, we have posted quick start guides containing helpful content on the new look and feel.

Videos:

• Configuring Your Services to Use Symantec Email Quarantine
• Managing User Permissions for the Symantec Email Quarantine
• Managing the Symantec Email Quarantine Platform
• Configuring Defaults in the Symantec Email Quarantine

Quick Start Guides:

• Quick Start for Administrators with Approved and Blocked Lists
• Quick Start for Administrators
• Quick Start for Users with Approved and Blocked Lists
• Quick Start for Users
• Quick Start for Administrators on How to Setup the Quarantine

In addition you can access our online help, and our customer support team is always available to answer your questions via chat, email, and phone.
 

The "Reputation check timed out" event is annoying when an environment is isolated from the Internet.
The External Logging->Log Filter configuration does allow for some control, but only operates on entire classes of events.

NOTE: The following configuration is specific to syslog-ng (https://syslog-ng.org/).

source syslog_udp {
        udp(port(514));
};
destination df_sep {
        file("/var/log/sep.log");
};
filter reputation_filter {
        not message("Reputation check timed out");
};
log {
        source(syslog_udp);
        filter(reputation_filter);
        destination(df_sep);
};

Blog Feature Image: 

Romulancloakingdevice.jpeg

Malware attacks have become part of our daily life. In just the past six weeks, we’ve seen a major DDoS attack take down Twitter, Spotify and other high-traffic internet properties, a ransomware attack on the San Francisco Municipal Transportation Authority, and perhaps most notably, the new “Gooligan” attack on Android phones – reportedly responsible for “the biggest single theft of Google accounts on record.”

According to AV-TEST, there are 578.7 million malware programs in existence today, with four to five new malware threats per second. Many of these malware programs make use of “packers” – software programs used to compress and encrypt files for transport, which are then executed in memory upon arrival.

While packers themselves are not malware, attackers use them to hide malware and obfuscate the code’s real intention. Once unpacked, the malware executes and launches its malicious payload with impunity – often bypassing firewalls, gateways and malware protection. Over the past 10 years, attackers have shifted from using commercial packers (UPX, PECompact, ASProtect, Themida, etc.) to creating custom packers, which use proprietary algorithms to bypass standard detection techniques.

Many of the emerging custom packers are polymorphic, which simply means that they use an anti-detection strategy whereby the code itself changes frequently, but the purpose and functionality of the malware remains the same. Custom packers are also able to use clever ways of injecting code into a target process and change its execution flow, frequently throwing off unpacker routines.  Some of them are computationally intensive, calling special APIs that make unpacking difficult.

In short, custom packers are growing increasingly sophisticated, operating like “cloaking devices,” to steal a Star Trek metaphor, to hide the attack until it’s too late. (Romulans may or may not be involved). In fact, custom packer usage has become so widespread that by 2015, Symantec saw them deployed in upwards of 83% of all malware attacks, with Upatre, Virut and Sality malware families being particularly virulent.

Symantec Endpoint Protection 14 has introduced a powerful new malware killer – called the Emulator – to counter custom packer attacks. The Emulator fools malware into thinking it will run on the regular machine, and instead unpacks and detonates the file in a lightweight virtual sandbox on the endpoint. The malware then opens up and shows its true colors, causing threats to reveal themselves in a contained environment.

While this sounds straightforward, it requires incredibly sophisticated technology that mimics operating systems, APIs and processor instructions, while managing virtual memory and running various heuristics and detection technologies to examine the payload. All this takes place in milliseconds – an average of 3.5ms for clean files and 300ms for malware -- to minimize impact on the user experience. The sandbox so created is ephemeral and goes away after the job is done.

The real power of Emulator is that it works in concert with Symantec’s full endpoint suite to protect and respond at scale. This includes a broad array of powerful techniques including advanced machine learning, memory exploit mitigation, behavior monitoring and reputation analysis. Sometimes multiple engines come into play, collaborating in an orchestrated response to prevent, detect and remediate attacks.

All of this is fueled by the world’s largest civilian threat intelligence network. Thanks to our broad footprint across endpoint, network and cloud security, we have threat data from more than 175 million endpoints and 57 million attack sensors being monitored in real time every day, minute by minute. Our Security Technology and Response team also monitors malicious code reports from 200-plus countries, tracking more than 25,000 vulnerabilities affecting more than 55,000 technologies from more than 8,000 vendors.

The advantages to this approach are easy to see:

1. Our customers’ security teams are able to expose and evaluate the deepest layers of malware, maximizing protection and minimizing the impact of malicious payloads.
2. Threat intelligence can be used to educate security systems and protocols, while informing new techniques to stay ahead of the bad guys.
3. Threats can be detected quickly with minimal performance and productivity impact, so people can focus on getting their jobs done.

Attackers are always on the lookout for new ways to penetrate the enterprise, and custom packers have been a big open hole in the security landscape. We’re excited to deliver new techniques like the Emulator to help our customers fight back.

# # #

Check out our webinar with Adrian Sanabria from 451 Research to learn more about next-generation endpoint protection, and watch this space for regular blog posts that drill deeper into key capabilities with insights from Symantec and third-party experts.

Blog Feature Image: 

ThinkstockPhotos-479877054.jpg

Ashwin Kashyap, Symantec Corporation, and Julia Chu, Guy Carpenter

Cyber risk is now an embedded feature of the global risk landscape, and preventative risk management and post-event remediation are gaining importance as shareholders, customers, supply chain partners, and regulators are increasingly focused on how companies are managing cyber risks. Insurance is becoming an important piece of the strategy to help businesses address these risks.  

Cyber insurance is one of the fastest growing lines for insurers and reinsurers. While insurers are developing pricing tools for underwriting cyber risks, the focus on aggregation has increased – how to understand and control the potential exposure.   Unlike traditional property insurance where aggregation is monitored by physical locations, cyber insurance aggregation can span connected systems that extend beyond physical geographies.  While a large systemic risk has not yet materialized, it does not mean the risk is not present. Moreover, there is limited history and lack of data for this emerging exposure, which makes it difficult for insurers to measure cyber risk and calculate capital needs. In other words: it’s a huge challenge to profitably grow a portfolio of cyber risk, without exceeding risk tolerance.

For decades, insurers have considered aggregation from natural perils, and developed catastrophe models.  These models go beyond the insured loss experience by blending the historical evidence and expert understanding of the nature of the peril, and provide a more robust understanding of future exposure.   Modeling for cyber risk introduces new challenges, including:

• Changing perils – The types of cyber attacks, as well as the nature/motivation of the attackers, are in constant flux.
• Extended duration – Related attacks against different defenders may take place simultaneously, or may repeat over a period of months.
• Definition of damage  - Cyber damage is harder to quantify, due to the gap between the technical and business impact.
• Reporting lag – It may take months or years to discover a cyber attack.

Symantec Cyber Insurance, in collaboration with Guy Carpenter, has developed a series of frameworks to systematically break down this complex problem into tractable components.   Many of these components are impossible to observe directly from insured exposure or historical loss (much as wind or tides could not be inferred purely from insured hurricane loss).   But as the global leader in cyber security, Symantec has spent decades tracking the emergence of new cyber threats and attack vectors, and has unparalleled proprietary telemetry database, providing a unique capability to identify and quantify the nature of each phase of cyber attacks.

First and foremost, it is important to distinguish between the technical and business impacts of a cyber attack. The technical impact provides a mechanism to understand how an attack was carried out, but rarely provides a handle on the far greater consequences on a collection of businesses. To resolve this, Symantec has invented the CUBE framework that clearly articulates every facet that is relevant to a business user.

The framework consists of six complementary dimensions to break down the technical complexity of a cyber attack: Attackers, Targets, Objectives, Vulnerabilities, Impact and Consequences.

We will take a specific aggregation scenario to illustrate how this framework plays a useful role in describing these events. A cloud service provider disruption scenario has been widely regarded as one of the manifestations of aggregation on cyber portfolios. In the narrative below, the business impact on a leading cloud platform lasts for 24 hours and causes cascaded impacts on other businesses dependent upon its services. This scenario can play out in many different ways, and we can use the CUBE framework to showcase one such realization of this scenario.

The multi-dimensional view of risk provided by the CUBE framework not only helps insurers understand the key aspects of a scenario but also helps them control risk aggregation by avoiding higher degrees of exposure in their portfolios to the “footprints” of each of the attacks. The framework also minimizes the possibility of a misrepresentation of the description of a scenario and, consequently, the quantification of its frequency and severity. In essence, the CUBE framework provides a foundation to create an event set that can be understood easily by business users in the context of managing cyber aggregation risk.

It may be essential to think beyond the CUBE framework for building sophisticated risk models where uncertainty quantification becomes the primary goal. For this purpose, Symantec recommends using the “kill chain” methodology for a technical persona to capture the different phases of a cyber attack. For example, an insider attack on a confidential database in a large data aggregator will have a very different likelihood when compared to a financially motivated threat actor carrying out the same attack through a phishing campaign. A sequential model can capture this differentiation, specifically in the area of frequency quantification. More importantly, the quantification can be driven by Symantec’s security telemetry.

The kill chain tends to fall closer to the technical end of the spectrum in cyber security and is not as business-friendly as the CUBE framework. It is, however, extremely useful in understanding the diminishing probabilities of success as you move down the kill chain, where each subsequent step in the attack process poses a challenge to the attackers that not only depends on the motivation and capability of attackers but also the security controls that exist within the target(s).   

The relative importance of each of these frameworks is context dependent. If you are trying to model the frequency and severity of scenarios, you will find the kill chain much more appealing, but if you are a portfolio manager or a business stakeholder within an insurer, you are likely better served by the CUBE framework which transforms layers of complex cyber security concepts into simplified “snackable” content.

An unabridged version of this article was published in the MMC handbook 2016. Ashwin Kashyap is a Director, Product Management at Symantec where he specializes in creating and commercializing data-driven analytic products for cyber risk modeling to the insurance industry. Julia Chu is a New York-based Managing Director at Guy Carpenter where she focuses on strategic advisory.

Webinar: January 31, 2017

Time: 9:00 AM (PST)

Speaker: Ken Durbin, CISSP Strategist: CRM and Threat Intel Sharing

The Digital Privacy Act (DPA) from Canada is here…are you ready? The Government of Canada passed the Digital Privacy Act (DPA), which amends and updates the existing federal privacy legislation. As a business in Canada what does this mean to you and are you ready?

Aside from the obvious ramifications of a breach such as lost data and revenue, one of the many new requirements of the DPA requires all Canadian organizations to “keep and maintain a record of every breach of security safeguards involving personal information under its control.”

Attend this Webcast to learn how to use the National Institute of Standards and Technology (NIST) with Cybersecurity Framework (CSF) as a tool to help determine if you’re ready for this new, important legislation.

Key Learning Objectives:

-Basic overview of NIST Cybersecuity Framework (CSF)

-Review what the Canadian Digital Privacy Act (DPA) requirements are to your organization

-Understand how to utilize the CSF to prepare for the Digital Privacy Act

Click here to registerhttps://www.symantec.com/about/webcasts?commid=225577&cid=70138000001Bge0AAC
 

Webinar:  Securing Higher Education Institutions in the Cloud

Time: 10:00 AM (PST)

Date: February 7, 2017

Speaker: Frank Torrence, Channel Technical Enablement Manager, Symantec

With the rise of cloud adoptions and ease of access to business and learning applications, higher education institutions are finding it increasingly difficult to maintain data integrity, authentication, and security for its students and faculty. Join Symantec’s Frank Torrence, to discuss industry best practices for higher education to leverage Cloud Access Security Broker (CASB) and Data Loss Prevention(DLP) capabilities to provide auditing, reporting, and security for applications data wherever it resides. In this webcast you will learn how to: - Ensure secure cloud application and data access for students, teachers and faculty - Secure your network from the cloud to the ”ground” - Maintaining data integrity and security without sacrificing access - Provide an environment that allows freedom and ease of use for all connected users.  

Click Here to Register

WEBINAR: Demystifying NIST Cybersecurity Framework for Healthcare

TIME: 10:00 AM (PST)

Speakers:  Don Kleoppel, Chief Security Officer from Cerner and Ken Durbin, Strategist CRM & Threat Intel, Symantec

As cyber-attacks are growing more sophisticated and focused on the healthcare industry, it is paramount that these organizations put in place an effective, robust, and dynamic approach to identifying, managing and/or mitigating critical threats on an ongoing basis.



This quarterly webinar series is designed to discuss how healthcare organizations are adopting the 5 core functions of the NIST Cybersecurity Framework-Identify, Protect, Detect, Respond, and Recover- to help them defend against cybersecurity threats on an ongoing basis, prioritize security risks and incidents based on potential impacts, and mitigate the most significant problems first, all while maintaining compliant with HIPAA and other federal and state regulations. 



Join us for Part 1 of this series as Cerner’s Chief Security Officer, Don Kleoppel discusses how Cerner is using the NIST CSF as the foundation to building out their cybersecurity strategy, lessons learned through the process, and what the framework means to not only their organization but also to the customers they serve.



During this webinar, we will also cover:



•Mapping current investments to the NIST CSF as well as identifying security gaps to efficiently manage your cybersecurity posture



•Symantec’s involvement with NIST in building out a framework specific to meeting healthcare requirements and regulations



•Leveraging the CSF to shift from a “check the box” compliance mindset to an automated risk management approach

 

Click Here to Register

Last week, the Human Rights Campaign announced its 2017 Corporate Equality Index, which rates workplaces on Lesbian, Gay, Bisexual, and Transgender (LGBT) equality. For the 9th consecutive year, Symantec earned a 100% score, earning the designation of a “Best Place to Work for LGBT Equality.”

In honor of this year’s announcement we invited Beck Bailey, Deputy Director, Employee Engagement, HRC Foundation Workplace Equality Program to contribute to Symantec’s #iamtech, a Medium publication that features authors from inside and outside Symantec exploring the experience of minorities and women in the technology industry.

The article “My Year Violating NC’s HB2 as an LGBTQ Workplace Advocate” discusses Beck’s experience, perspectives and insights as an LGBTQ rights advocate with the United State’s largest LGBTQ advocacy organization. 

The article discusses Beck’s role at HRC as part of the team producing the Corporate Equality Index, the evolution he’s seen in approaches to LGBTQ workplace rights, and the increasing ownership by companies to ensure people of all backgrounds are respected and represented. For example, he cites the increase in companies that earned a perfect score/designation of “Best Place to Work for LGBT Equality” from 411 in 2016 to 517 this year.

“You see, these businesses know that LGBTQ equality isn’t just the right thing to do, they know it makes them stronger in the global economy. In an industry as competitive as tech, companies know that to attract, retain and engage the very best workers they must create environments welcoming across the broad spectrum of diversity, including LGBTQ folks. A perfect score on the CEI reflects a company’s commitment to LGBT inclusion — from non-discrimination protections, to equitable and inclusive benefits, to internal competency and external engagement efforts. The index acts as a robust yardstick for measuring the progress of corporate America as ‘employers of choice’ for LGBTQ people.”

Beck also opens up about his own experiences as a transgender male, and what it is like to be integral to one of the leading communities advocating for LGBTQ rights while also experiencing the challenges that still exist for this community.  

“All of this to say, my experience of repeatedly flying through HB2 territory while on my way to work with pro-Equality champions in the private sector certainly created an interesting contrast. Every time I had to experience even a momentary hesitation before entering the men’s room at the Charlotte airport, I was bolstered by the knowledge that increasingly LGBTQ inclusion is a key business imperative for our country’s largest and most successful employers.”

You can read Beck Bailey’s article on #iamtech here: https://medium.com/iamtech-series/my-year-violating-ncs-hb2-as-an-lgbtq-workplace-advocate-165171ea7805#.ypjokxav6

Blog Feature Image: 

ThinkstockPhotos-469109385.jpg

Over the past year, we have seen a profound change to how enterprise information data has been targeted by cybercriminals. IT leaders are on high alert after attacks on organizations like the Democratic National Committee and threats like the Dyn attack have brought information security to the top of their priorities. The rise of the Cloud Generation will dictate a change in the information security focus as businesses continue to adopt a modern, digital workplace that allows employees the flexibility to work any time, from anywhere on any device.

With the consistently changing security landscape, it’s important to take the time to assess potential risks and determine the areas the security industry needs to focus their attention. As we approach 2017, Symantec has taken a close look at the trends we can expect to see in the years ahead.

Cloud Generation dynamics define the future of the enterprise

• The enterprise network will expand and become increasingly undefined and diffuse. With the workforce more mobile than ever, the need to primarily protect an on-premise network will become increasingly short sighted. The need for firewalls to defend a singular network becomes unnecessary if it is connected to the cloud. All enterprises will start to move towards WiFi and cloud-based services, rather than investing in expensive and unnecessary network solutions.

• Ransomware will attack the cloud. Given the significant shift towards cloud-based storage and services, the cloud is becoming a very lucrative target for attacks. The cloud is not protected by firewalls or more traditional security measures, so there will be a shift in where enterprises need to defend their data. Cloud attacks could result in multi-million dollar damages and loss of critical data, so the need to defend it will become even more crucial.
   
• AI/Machine Learning will require sophisticated Big Data capabilities. In 2017, machine learning and AI will only continue to grow. As new forms of machine learning and AI continue to enter the market, enterprises will need to invest in solutions that have the capabilities to collect and analyze data from the countless endpoints and attack sensors across different organizations, industries and geographies. These solutions will prove to be instrumental in teaching machines how to operate on the front lines of a global battle that changes every day, minute by minute.

Cybercrime becomes mainstream

• Rogue nation states will finance themselves by stealing money. There is a dangerous possibility that rogue nation states could align with organized crime for their personal gain, such as what we saw in the SWIFT attacks. This could result in down time for countries’ political, military or financial systems.
   
• Fileless malware will increase. Fileless infections – those written directly onto a computer’s RAM without using files of any kind – are difficult to detect and often elude intrusion prevention and antivirus programs. This type of attack increased throughout 2016 and will continue to gain prominence in 2017, most likely through PowerShell attacks.
   
• Secure Sockets Layer (SSL) abuse will lead to increased phishing sites using HTTPS. The rise in popularity of free SSL certifications paired with Google’s recent initiative to label HTTP-only sites as unsafe will weaken security standards, driving potential spear-phishing or malware programs due to malicious search engine optimization practices.
   
• Drones will be used for espionage and explosive attacks. This could be seen in 2017, but is more likely to occur further down the road. By 2025, we can expect to see “dronejacking,” which will intercept drone signals and redirect drones for the attacker’s benefit. Given this possibility, we can also expect to see anti-drone hacking technology being developed to control these devices’ GPS and other important systems.

IoT comes to enterprise business

• The proliferation of the Cloud Generation. We’ll continue to see businesses allow employees to introduce new technologies such as wearables, virtual reality and IoT connected devices onto the network while supporting a rapidly dispersed workforce made possible by cloud applications and solutions. Enterprises will need to shift their focus from safeguarding endpoint devices toward protecting users and information across all applications and services.
   
• IoT devices will increasingly penetrate the enterprise, leading to increased IoT DDoS attacks. Beyond looking exclusively at computers and mobile devices for vulnerabilities, incident response teams today need to consider thermostats and other connected devices as jumping points into the network. The Dyn attack in October demonstrated a vast number of IoT devices don’t have enterprise-level security and are tremendously vulnerable to attacks. As more IoT devices are installed, the risk of security breach will increase. Once insecure devices are in the market, it becomes almost impossible to fix the issue without recalling them or issuing security updates.

While 2016 presented new challenges for the information security industry, 2017 has the potential to be just as critical of a time. By raising awareness of potential threats, we can better prepare ourselves to protect and respond in the face of an attack.