What does 2017 hold for cybersecurity? Our mystics have drawn cards, checked crystal balls, and cast runes to peer into the future. See what the signs have in store for you in the new year.

Sage Corey Thomas, Rapid7

Gazing into the future of 2017, I believe we will continue to see market consolidation of security vendors. With a focus on increasing productivity, organizations will move further from disparate, point-solutions that solve just one problem to solutions that can be leveraged throughout the IT environment. This will drive security and IT vendors to integrate, consolidate, and better collaborate. It will become increasingly clear that IT and security professionals want to manage fewer solutions that are easy to use. I also expect to see the skills gap start to right itself. Security has reached a state of accessibility, by necessity. In most cases, you don't need an advanced degree to enter the security field and you can often gain skills through certifications.

K Seer Ellis (aka: Casey Ellis, Bugcrowd)

In 2016, we reached a level of dystopian weirdness that will be hard to top in 2017. Toasters brought down half the Internet, a hacker accidentally bricked an entire metropolitan transit system – and then got hacked himself by a vigilante, and there was a steady stream of "biggest breach ever" events. But we know that it will be topped. Gazing into the future, I see DDOS and Ransomware evolving and becoming more pervasive in both consumer and corporate contexts, leading to the rapid formation of policy around security best practices for consumer products and increased consumer pressure on vendors to demonstrate their proxy indicators of security. Finally, as companies learn how to use the crowd, we'll see an evolution and improvement of penetration testing and eventually the widespread adoption of vulnerability disclosure programs as a means to achieve and maintain resilience faster.

The Todonomicon (aka: Tod Beardsley, Rapid7)

Peering into my BlueTooth-ready crystal ball, I can see that many, many more hobby hackers publishing vulnerabilities in IoT. Cost of entry is low, there are tons of new devices with old bugs and the DMCA now exempts consumer device research, which means boatloads of public vulnerability disclosures. Which is good – and also chaotic. You could say that how IoT manufacturers respond to these disclosures will be make or break for the industry. On the one hand, you might expect more mature companies to respond quickly and positively – patching and updating devices – but it's also plausible that smaller, younger companies will be more nimble, and therefore able to respond faster.

Katie Moussoothsayer (aka: Katie Moussouris, Luta Security)

Gazing into the future, not everything is as clear as my crystal ball. Attribution for cyber attacks will still be hard. You can bet your nation-state-sophisticated-actor that ThreatButt.com may give as credible, if not more credible, attributions for attacks then the leading expert firms or intelligence agencies. Because who wants facts and experts, when you can instead have a pew-pew map and a nifty sticker. Besides, ThreatButt has Viking-grade encryption, unlike APTFriendFinder.com, which is basically the MySpace of parody attribution - ahead of its time. Additionally, the next US administration's cybersecurity policies will likely defy most conventional wisdom in this area, known as "the Cyber" to the president-elect. Not just any Cyber, but THE Cyber. Who knows, we may see some interesting funding for new cyber offense capabilities. Just who may find the capabilities truly offensive defies prediction.

And while there is no such thing as a "cyber Pearl harbor," next year will likely be one where Cyber Claus rains down with lumps of coal for the masses, both naughty and nice. On DDOS, on botnet, on malware, on clicked 'em! On ransom, on car hack, on Bitcoin, on victim! We're all on the list. Sleep tight.

Hierophant Geiger (aka: Harley Geiger, Rapid7)

The dual nature of Gemini reflects both the progress and work still to be done this year. We may see a flat warrant standard for government access to stored digital content may pass Congress, but there is increased likelihood that there will be important exceptions that undermine the standard. Additionally, it's possible that we'll see action on standards for government access to stored data across borders, either through legislation and/or renegotiated trade agreements. As

Saturn makes its way through the policy house, law enforcement access to encrypted data will continue to be a hot issue. If Congress attempts to require a backdoor into encryption standards, or attempts to forbid private use of end-to-end encryption, a major battle may ensue.

Herald Deiland (aka: Deral Heiland, Rapid7)

There's no such thing as retrograde for IoT in 2017. If 2016 was the year IoT exploded, 2017 will be the year that IoT comes to life. I believe 2017 will be the first year IoT is used to inflict physical harm on a human. I also believe that audio information – voice data – gathered from home automation systems, such as the Amazon Echo will be used for the first time to solve a crime. I also expect to see MFP device security issues directly tied to a major corporate breach.

Madame Bell LaPadula (aka: Wendy Nather, Duo Security)

As Mars passes into the Upper Right Magic Quadrant of the heavens, we will see the influence of cyberwar grow across the world. This will take the form of pitched battles over botnet assets rather than land, but just as civilians get caught in the real-world crossfire, consumers will pay the price for DDoS attacks, ransomware and other disruptions. Beware of empty promises and standards.

Robsputin (aka: Robert Graham, Errata Security)

When Jupiter aligns with Mars, regulation of software will become a thing. "Contraband" software and IoT will become a thing, as our only choices will be boring IoT devices from big corporations like GE and Apple, or innovative new devices from the Chinese grey market. Kickstarter IoT products will be dead. IoT botnets fail to become larger than they are now, not because of regulation, but because most devices around the world are behind firewalls.

Teleparsons (aka: Trevor Parsons, Rapid7)

Relationships will blossom this year as more organizations look for synergies between their technology departments, namely IT and security. Connections will become deeper and more meaningful when these departments start thinking more about how they're leveraging data, what tools are giving them the best visibility, etc., rather than accepting and managing several desperate solutions that aren't necessarily helping to increase productivity. The year will not be without complexities for IT environments however, so monitoring tools will need to become more flexible and comprehensive in terms of data collection and correlation. Consolidation will result in more meaningful insights as we expect to see more technologies combining data sources (e.g. logs, metrics, endpoint data) to give a richer view into their environments.

Cyber Oracle Squirrel


While 2017 may be the year of the rooster, for us it is of course always the year of the squirrel. We will continue our cyberwar operation disrupting your power over 400 times in 2017. Your pundits will continue to shout Cyberwar! from the podium and yet it is doubtful that any such cyber action will impact your power in 2017.

Craigvoyant Smith (aka: Craig Smith, Rapid7)

Much as a series of eclipses block Venus from influencing travel, we will see malware used to shut down a major transportation sector. I anticipate that the malware will be intentionally targeted to halt a transportation sector either for the purpose of ransomware or political gain. There will be a large uptick in hardware related security attacks. As security research increasingly bleeds into hardware, we will see creative ways to patch vulnerabilities when no update mechanism is readily available.

We will see the concept of an internal trusted network deteriorate. Internal networks will be treated the same as any external non-trusted network. With the increase of IoT devices, phishing attacks, and social engineering, even the concept of a corporate trusted laptop will need to be re-evaluated.

Mystic Scutt (aka: Mike Scutt, Rapid7)

Under Saturn's watchful eye, we can expect breaches to take an earthier standpoint. We're
expecting a significant uptick in "living off the land" style compromises and malware, a lot more script-based malware (powershell, js, vbs, etc.), and an increase in the use of native operating system tools to execute malware, persist, and perform recon.