We are putting together all the cyber security predictions for the coming year
Yes, it’s that time of the year again, already! The who’s who of cyber are putting out their cyber security predictions for the 2018 and we are collating them all for you. We will endeavor to update this entry as new predicts come to light, feel free to reach out if we are missing something.
What you need to worry about in 2018 – Cyber Security Predictions
CSO’s Cybersecurity trends to watch for 2018
Ready for the General Data Protection Regulation (GDPR)?
If your preparations for the European Union’s new GDPR, explaining how companies should process, store, and secure the personal data of EU citizens are not complete, or at least well underway, then you better get moving. The GDPR will be enforced from May 25, and infringements can provoke fines of up to 20 million euros ($23.6 million at the time of writing) or 4% of the total worldwide annual turnover of the preceding financial year.
AI and machine learning can boost cyber defenses
As artificial intelligence and machine learning gathers pace, and starts to impact more and more industries, it’s sure to play a bigger role in cybersecurity.
Be proactive about ransomware
Ransomware has been a growing threat for the last few years, but it continues to claim high profile victims. It’s not yet clear what everyone learned from the WannaCry ransomware attacks, but we hope that it highlighted the need to back up regularly, keep patching and updating systems, and strengthen your real-time defenses.
Handling data breaches gracefully
It may prove impossible to eradicate data breaches completely, but every organization has the power to lessen the blow by handling the aftermath correctly. Equifax gave us a masterclass in how not to handle a data breach earlier this year.
The IoT is a weak link
We’re rolling out more and more sensor-packed, internet-connected devices, but the Internet of Things remains a major weak point for defenses. All too often these devices lack basic security features, or they aren’t properly configured and rely upon default passwords that can give attackers easy access.
More cyber security predictions from CSO Here
Other predictions below…
Cyber security predictions 2018 – Forrester
Governments will no longer be the sole providers of reliable, verified identities
The Equifax breach demonstrated that no single entity—including any government—can safeguard identity data and provide trusted and reliable identity verification for a large number of consumers, especially as customers increasingly engage with businesses through digital channels.
More IoT attacks will be motivated by financial gain than chaos
The Mirai botnet that hit in late 2016 demonstrated how hackers can use a botnet army of compromised IoT devices to launch a massive DDoS attack. IoT-based attacks will likely continue to grow in 2018
Cybercriminals will use ransomware to shut down point of sale systems
Many merchants have updated their payment systems to use end-to-end encryption and prevent criminals from obtaining credit card data from point of sale (POS) systems. This has led criminals to turn to ransomware as a means of monetizing an attack, as opposed to stealing and selling data.
Cybercriminals will attempt to undermine the integrity of US 2018 midterm elections
The US has not addressed the systemic vulnerabilities that can be found in its voting systems, which depend on software to cast votes, count them, verify them, and report them, the report stated.
Firms too aggressively hunting insider threats will face lawsuits and GDPR fines
It’s become easier for firms to monitor employees and their activities as a means to thwart malicious insiders, employees making mistakes, or an attacker with compromised employee credentials. However, employees may find this to be an invasion of privacy. In September, the European Court of Human Rights ruled that companies must inform employees in advance if their work email accounts are going to be monitored.
More cyber security predictions from Forester Here
Cyber security predictions 2018 – McAfee Labs
An adversarial machine learning “arms race” will develop between defenders and attackers.
Machine learning can process massive quantities of data and perform operations at great scale to detect and correct known vulnerabilities, suspicious behavior, and zero-day attacks. But adversaries will certainly employ machine learning themselves to support their attacks, learning from defensive responses, seeking to disrupt detection models, and exploiting newly discovered vulnerabilities faster than defenders can patch them.
Ransomware will pivot from traditional extortion to new targets, technologies, and objectives.
The profitability of traditional ransomware campaigns will continue to decline as vendor defenses, user education, and industry strategies improve to counter them. Attackers will adjust to target less traditional, more profitable ransomware targets, including high net-worth individuals, connected devices, and businesses.
Serverless apps will save time and reduce costs, but they will also increase attack surfaces for organizations implementing them.
Serverless apps are vulnerable to attacks exploiting privilege escalation and application dependencies. They are also vulnerable to attacks on data in transit across a network, and potentially to brute-force denial of service attacks, in which the serverless architecture fails to scale and incurs expensive service disruptions.
More cyber security predictions from McAfee Labs Here
Cyber security predictions 2018 – Gartner
Skills and organization for cybersecurity continue to change
With a zero percent unemployment rate, security skill sets are scarce. The industry needs and will continue to need new kinds of skills as cybersecurity evolves in areas such as data classes and data governance. It’s a problem that security experts have avoided, but the reality is that in the next three to five years, enterprises will generate more data than they ever have before
Cloud security becomes a top priority for many
As the cloud environment reaches maturity, it’s becoming a security target and it will start having security problems. It’s possible cloud will fall victim to a tragedy of the commons wherein a shared cloud service becomes unstable and unsecure based on increased demands by companies. When it comes to cloud, security experts will need to decide who they can trust and who they can’t.
Shift your focus from protection and prevention
A dedicated, well-financed actor who is after something in your enterprise is going to get it, even if they use the weakest link–people–to do so. This means adapting your security setup to focus on detection, response, and remediation. That’s where the cybersecurity fight is today. In the future it will most likely move to prediction of what’s coming before anything happens.
More cyber security predictions from Gartner Here
Cyber security predictions 2018 – ISF/CIO
Crime-as-a-service (CaaS) will expand available tools and services
2017 has seen a “huge increase in cybercrime, particularly crime-as-a-service.” The ISF predicts that process will continue in 2018, with criminal organizations further diversifying into new markets and commodifying their activities at a global level. Some organizations will have roots in existing criminal structures, the ISF says, while others will emerge that are focused solely on cybercrime.
The internet of things (IoT) will further add unmanaged risks
Organizations are increasingly adopting IoT devices, but most IoT devices are not secure by design. Additionally, the ISF warns there will be an increasing lack of transparency in the rapidly evolving IoT ecosystem, with vague terms and conditions that allow organizations to use personal data in ways customers did not intend. On the enterprise side, it will be problematic for organizations to know what information is leaving their networks or what data is being secretly captured and transmitted by devices like smartphones and smart TVs.
Regulation will add to the complexity of critical asset management.
Regulation adds complexity, and the sweeping European Union General Data Protection Regulation (GDPR) will come online in early 2018, adding another layer of complexity to critical asset management.
SF notes the additional resources required to address the obligations of GDPR are likely to increase compliance and data management costs, and to pull attention and investment away from other activities.
More cyber security predictions from IFS/CIO Here
We will post more cyber security predictions for 2018 as they come to hand.