Why API Dependancy, IoT Expansion, and GDPR Will Define Cybersecurity in 2017, According to (ISC)2

As the digital economy accelerates, 2017 is poised to be a pivotal year for cybersecurity. Experts from (ISC)2 highlight that increasing API dependancy, the rapid growth of the Internet of Things (IoT), and the enforcement of GDPR will fundamentally reshape how businesses approach data protection. These forces are not just technological shifts—they are catalysts for a new era of accountability and risk management.

The Growing Risk of API Dependancy in a Connected Economy

Application Programming Interfaces (APIs) have quietly become the backbone of modern digital interactions. They enable software and systems to communicate seamlessly, powering everything from mobile apps to smart home devices. However, this increasing API dependancy also introduces significant vulnerabilities.

Consider Transport for London’s open API, which supports over 500 travel apps, or the Amazon Echo’s API that connects kettles to cars. While these innovations enhance convenience, they also create potential pathways for cyberattacks. A single weak API in an app store could compromise millions of smartphones. As a result, businesses must embed security into the design phase of every API-driven system.

IoT Expansion: New Threats and Shared Responsibilities

The Internet of Things (IoT) is expanding at an unprecedented rate. By 2020, there could be up to 20.8 billion connected devices, from traffic lights to medical implants. This growth, fueled by initiatives like the UK’s £40 million IoT investment and the EU’s €365 million Smart Cities funding, promises efficiency but also introduces complex security challenges.

In a connected world, a cyberattack on one sector—say, energy—can quickly cascade into others, such as transportation or healthcare. This interconnectedness demands cross-sector intelligence sharing. The cybersecurity profession must evolve from siloed competition to collaborative defense. As GDPR compliance looms, companies will be legally obligated to protect data across the entire supply chain, further driving this convergence.

GDPR Compliance: Shifting Accountability to the Boardroom

The General Data Protection Regulation (GDPR) represents a seismic shift in data privacy. With fines of up to 4% of global turnover, it gives regulators real enforcement power. Crucially, GDPR places responsibility squarely on corporate boards, not just IT departments.

Boards must now appoint data privacy officers and oversee privacy strategies. This change is already driving demand for cyber insurance and forcing businesses to integrate cybersecurity into risk management. As a result, 2017 will see cybersecurity earn a permanent seat in the boardroom.

How GDPR Affects Data Integrity

Beyond fines, GDPR aims to restore consumer trust. High-profile data breaches have made users wary of sharing personal information. Some are already falsifying details online, undermining the data-driven economy. GDPR’s transparency requirements will compel companies to disclose breaches, but this could further erode trust if not handled carefully. Businesses must prioritize data integrity to maintain the fuel of the digital economy.

3D Printing and the Industrial Supply Chain

Another emerging threat comes from 3D printing, which is transforming manufacturing. Printable files contain millions of lines of code, effectively creating a “data supply chain.” However, without universal cybersecurity standards, these files are vulnerable to sabotage.

Imagine a drone crashing because a hacker altered its propeller design during printing. Such scenarios are not far-fetched. The digitalization of manufacturing means that cybersecurity can no longer be an afterthought. Industry 4.0 demands built-in protections at the design stage to ensure product safety.

Cross-Sector Collaboration: The Future of Cybersecurity

As API dependancy and IoT blur industry boundaries, cybersecurity professionals must adapt. The threat landscape is no longer confined to one sector—an attack on a smart city’s traffic system could disrupt emergency services. Therefore, intelligence sharing across energy, healthcare, and finance is essential.

GDPR will accelerate this trend by making every link in the data supply chain accountable. Companies are already calling for co-operation, and 2017 may herald a new era where cybersecurity thrives on partnership rather than competition. For more insights, explore our guide on cybersecurity strategies for 2017 and learn about GDPR compliance steps.

In conclusion, the convergence of API dependancy, IoT proliferation, and GDPR enforcement will define 2017. Businesses that embrace proactive security, board-level accountability, and cross-sector collaboration will be best positioned to thrive in this new landscape.

Exploit Threats Evolve: The Emergence of TrickLoader and TrickBot

Cybersecurity experts have identified a troubling shift in the exploit landscape. The market for malicious tools is diversifying, giving rise to fresh dangers. Among the most recent are TrickLoader and a revived version of the older TrickBot. Originally flagged by Arbor Networks in 2014, TrickBot has resurfaced with new capabilities. These exploit threats highlight how attackers recycle and refine code to bypass defenses.

Understanding the Evolution of TrickBot and QuantLoader

According to Recorded Future, the code behind TrickBot was reused and rebranded as QuantLoader in 2016. This transformation was fueled by distribution through multiple exploit kits, including the notorious RIG. ForcePoint tracked the bot as it changed names but retained core functions from the earlier Madness Bot. This means that the malware still modifies local firewall rules using the netsh command and adjusts file permissions via CACLS. Such behavior allows it to maintain persistence and evade detection.

How Exploit Kits Deliver These Threats

One key differentiator for QuantLoader is its delivery mechanism. Unlike many rivals, it relies heavily on exploit kits—particularly the RIG exploit kit. In late November 2016, researchers observed compromised websites using .top domains to host landing pages. These pages then dropped QuantLoader onto victims’ systems. This approach gives attackers a flexible and scalable infection vector. Similarly, the RIG kit also deployed TrickLoader, which borrows code from the earlier Dyreza botnet. Dyreza, first identified in 2015, used compromised routers as part of its toolkit.

Indicators of Compromise for QuantLoader

Security teams should monitor for the following indicators linked to QuantLoader:
– Command-and-control server: 195.161.62.222
– URI pattern: GET / ba/index.php
– RIG landing page: Unspecified.mtw.ru (IP: 194.87.238.156)
– SHA-1 hash: 4b8ac2ae5ae8a4fff43b88893ee202ffc4c5ac16

Indicators of Compromise for TrickLoader

For TrickLoader, watch for these signs:
– RIG pages: 70.39.115.202 and hxxp://um8ycv.v9rg6k.top/
– Trick URL: 78.47.139.102
– Possible fake SSL certificate address: 207.35.75.110
– SHA-1 hash: abeb1660ddda663d0495a5d214e2f6a9fac6cb80

Defending Against Modern Exploit Threats

In today’s threat environment, organizations cannot afford complacency. Cybersecurity must be a boardroom priority. To combat these evolving exploit threats, companies should implement a multi-layered defense strategy. This includes an effective security education program for employees, a robust threat intelligence system, and a well-practiced incident response plan. By staying informed about indicators of compromise and leveraging tools like threat intelligence platforms, businesses can protect their data assets. Additionally, regular security awareness training helps staff recognize phishing attempts and other attack vectors.

Building a Resilient Security Posture

As the exploit market continues to diversify, new threats will emerge. However, with proactive defense measures, organizations can reduce their risk. Start by reviewing your firewall rules and file permissions regularly. Use network monitoring to detect unusual outbound connections. Finally, ensure your incident response plan is up to date. By taking these steps, you can stay ahead of cybercriminals who rely on recycled code and evolving tactics.

Cybersecurity Skills Gap 2017: What to Expect and How to Prepare

As the calendar turns to a new year, the cybersecurity industry faces a persistent challenge: the cybersecurity skills gap. For years, organizations have struggled to find qualified professionals to fill critical roles. According to research from (ISC)², the global shortfall could reach 1.5 million unfilled positions by 2020. But what does 2017 hold for this ongoing crisis? Experts weigh in on the trends, obstacles, and potential solutions that could reshape the talent landscape.

Why the Cybersecurity Skills Gap Persists

The demand for security talent continues to outpace supply. Rapid technological advancements, evolving threats, and new regulations like the General Data Protection Regulation (GDPR) have created a need for specialized skills. However, the talent pool has not expanded quickly enough to meet these demands.

Adrian Davis, a senior figure at (ISC)², predicts another tough year. “We expect to see a greater emphasis on understanding and implementing resilience, incident management and business impact of cyber risk from all security professionals,” he explained. “There will be a continuing skills shortage, especially of individuals who can link business and security together, and of individuals who can build GDPR compliance.”

Similarly, Dr. Bob Nowill, chair of the Cyber Security Challenge UK, noted that short-term shortages will persist as new threats emerge. Yet both experts acknowledge that 2016 laid important groundwork for change.

Positive Steps Taken in 2016

Despite the grim outlook, the industry made notable progress last year. Initiatives such as the launch of the Extended Project Qualification (EPQ) in Cyber Security and the integration of cybersecurity into UK computing science degrees signal a shift toward long-term workforce development. The UK government’s commitment to making cyber a chartered profession also marks a significant milestone.

“The skills landscape will continue to evolve, shaped in part by the new National Cyber Security Strategy and NCSC and DCMS initiatives,” said Nowill. “2017 will be an exciting year particularly for new programs such as the new Cyber Security EPQ and via QUFARO as they start to have impact, while school curriculum changes in STEM and Computer Science will see more cybersecurity concepts being introduced at a younger age.”

How Companies Can Close the Skills Gap

While government and educational bodies play a role, organizations themselves hold the key to bridging the cybersecurity skills gap. Davis urged companies to rethink their hiring practices. “To improve our position, we need to stop over-specifying positions, recruit more junior staff and recruit from outside the ‘usual’, tech-oriented, pools,” he said. “We also need to stand up and tell people about what we do, why it is important and the opportunities open to bright, problem-oriented, communicative people.”

James Jardine, CEO of Jardine Software, echoed this sentiment. In his article on hiring application security talent, he outlined five common mistakes that hinder recruitment:

• Not understanding your current needs
• Ignoring existing resources
• Not sharing the workload
• Not defining the role
• Overly broad job requirements

By avoiding these pitfalls, companies can attract and retain the right talent more effectively.

The Role of Education and Training

Building a robust pipeline of future professionals requires investment in education and training. Programs that introduce cybersecurity concepts at a younger age, such as those in STEM and computer science curricula, are essential. Additionally, professional development opportunities for existing staff can help close immediate gaps.

For more insights on building a cyber-aware workforce, check out our guide on cybersecurity training best practices. Organizations that prioritize continuous learning will be better positioned to adapt to evolving threats.

Looking Ahead: A Turning Point?

Although the cybersecurity skills gap remains a pressing issue, there is reason for optimism. The combination of educational reforms, government initiatives, and a shift in hiring strategies could make 2017 a year of tangible progress. As the industry continues to collaborate and innovate, the message is finally getting through: closing the talent deficit is not just a necessity—it is an achievable goal.

For further reading, explore our article on cybersecurity workforce development strategies to learn how organizations can build resilient teams in the face of ongoing challenges.