So rather than continue to make predictions as to which technologies to watch this year, which organization will be hacked and who is doing the attacking, I thought I’d focus on the ten key security words to watch out for. Understanding their significance in securing your tomorrow will go a long way in both preparation and progress in your defenses for 2017 and beyond.

So without further ado, here are your ten security words for 2017:

Change is a word you’ll hear a lot, as in “what we’re doing isn’t working, so we have to change.” This change directive will come from agency heads and boardrooms more than CIOs and CISOs, and will be both general in details and demanding in nature. Change will be critical to a successful defense in 2017.

Acceptance is both a blessing and a curse.  We’ll see more governments and executives following the lead of German Chancellor Merkel, who – when asked about the Deutsche Telekom breach – stated, “such cyberattacks, or hybrid conflicts as they are known in Russian doctrine, are now part of daily life and we must learn to cope with them.” While lowering the hyperbole around simple phishing and social engineering attacks is good, complacency and fatalism belies the need to keep up our defenses in the face of intensified attacks. Acceptance is not the same as resignation.  Understanding the difference will make a difference.

Automation is key to matching the speed and agility of 2017’s attacks.  Yesterday’s advanced persistent threats seem quaint when compared to the speed of 2017 attack vectors.  Defenses need to be  predictive and automated in order to finally get ahead of the attack curve.  Speed kills; so automating a speedy defense is necessary in 2017.

Resilience will trump secure as a key word for 2017.  The WEF mantra that “Your risk is my risk” when it comes to cybersecurity in critical sectors like government, finance, transportation, energy and communications adds dimension to the cyber equation. Threats cannot be addressed in isolation – now that we are all connected virtually – and that will drive organizations to partner with their stakeholders on a strategy of resilience designed to overcome inevitable failures.  Designing for resilience will be mandatory for inclusion in global eco-systems in 2017 and beyond.

Consequence is perhaps the most radical of new security words coming in 2017, but it will be a key plank in the new administration’s national security and cyber strategies.  Focusing on the ‘gray zones’ between simple defense and outright counterattacks, groups from governments to industry will be looking to assign appropriate consequences to attackers who heretofore have hacked without any costs.  Consequence could drive escalation as well as deterrence, making it a key word to watch in 2017.

Trust continues to grow in importance and will outpace security on the agenda of public and private sector leaders.  Earning and maintaining trust with constituents will require an attitudinal change from leadership but will begin to show both qualitative and quantitative results. Expect to see trust driving business decisions, security decisions and privacy decisions going forward.

Micro-segmentation replaces firewalls as the technical approach to minimizing the effects of cyber attacks and become the new normal. As new business models drive changes to old legacy architectures, organizations will focus on microsegments to protect endpoints within specific user communities, regardless of whether they reside in data centers, public clouds or as private mobile devices or integrated eco-system supply chain partners.

Insider threats will become the focal point of the security space, because we’re quickly realizing all threats are inside.  Focusing on perimeters has become outdated, because threats ultimately operate within the enterprise regardless of where they originate.  The industry will begin moving past a focus on whether the insider has hostile intent or was simply duped, and focus instead on reducing the harm they can do.

Lateral threats that move freely across an enterprise once they inevitably sneak in will become an important focus of security officers as they accept that someone somewhere will click the wrong thing or leave their phone somewhere.  Blocking lateral movement of attackers looking to access personal info or state secrets will make leadership happy as they keep their organizations’ security off the front pages.

Enabling agile, efficient and required new technology will be a new necessity for security decision makers. Security that simply tries to stop bad things is so last year, and 2017 will bring business and mission drivers to the fore in deciding how best to secure these agile new environments. Demonstrating how you can use cloud, mobile and IoT securely will become an RFP staple in 2017.

Yes! Longtime followers will know that I always provide a little lagniappe to my top ten lists, and for 2017 the word is “Yes.” CISOs that are Dr. No will be pushed aside by creative problem solvers who utilize everything in order to further their organization’s goals. Dr. Yes CISOs, CSOs and Chief Trust Officers will all get much better receptions from leadership and will lead in 2017 and beyond.