18 Cyber-Security Trends Organizations Need to Brace for in 2018

18 Cyber-Security Trends Organizations Need to Brace for in 2018
Africa Emerges as New Area for Threat Actors and Targets
AI vs. AI
Cyber-Security as a Growth Driver
GDPR Means Good Enough Isn't Good Enough
Consumerization of Cyber-Security
Ransomware Will Continue
More Encryption Will Be Needed
Denial of Service Will Become Financially Lucrative
Goodbye Social Security Number
Post-Quantum Cyber-Security Discussion Warms Up the Boardroom
Market Consolidation Is Coming
Health Care Will Be a Lucrative Target
2018: The Year of Simple Multifactor Authentication for SMBs
Automation Will Improve the IT Skills Gap
Industrial Security Gets Overdue Attention
Cryptocurrencies Become the New Playground for Identity Thieves
GDPR Compliance Will Be a Challenge
Data Security Solidifies Its Spot in the IT Security Stack
1 of 19

18 Cyber-Security Trends Organizations Need to Brace for in 2018

Enterprises, end users and governments faced no shortage of security challenges in 2017. Some of those same challenges will continue into 2018, and there will be new problems to solve as well. Ransomware has been a concern for several years and will likely continue to be a big issue in 2018. The new year is also going to bring the formal introduction of the European Union's General Data Protection Regulation (GDPR), which will impact how organizations manage private information. A key trend that emerged in 2017 was an increasing use of artificial intelligence (AI) to help solve cyber-security challenges, and that's a trend that will continue to accelerate in 2018. What else will the new year bring? In this slide show, eWEEK presents 18 security predictions for the year ahead from 18 security experts.

2 of 19

Africa Emerges as New Area for Threat Actors and Targets

"In 2018, Africa will emerge as a new focus area for cyber-threats—both targeting organizations based there and attacks originating from the continent. With its growth in technology adoption and operations and rising economy, and its increasing number of local resident threat actors, Africa has the largest potential for net-new impactful cyber events." –Steve Stone, IBM X-Force IRIS

3 of 19

AI vs. AI

"2018 will see a rise in AI-based attacks as cyber-criminals begin using machine learning to spoof human behaviors. The cyber-security industry will need to tune their own AI tools to better combat the new threats. The cat and mouse game of cybercrime and security innovation will rapidly escalate to include AI-enabled tools on both sides." —Caleb Barlow, vice president of Threat Intelligence, IBM Security

4 of 19

Cyber-Security as a Growth Driver

"CEOs view cyber-security as one of their top risks, but many also see it as an opportunity to innovate and find new ways to generate revenue. In 2018 and beyond, effective cyber-security measures will support companies that are transforming their security, privacy and continuity controls in an effort to grow their businesses." –Greg Bell, KPMG's Global Cyber Security Practice co-leader

5 of 19

GDPR Means Good Enough Isn't Good Enough

"Too many professionals share a 'good enough' philosophy that they've adopted from their consumer mindset that they can simply upgrade and patch to comply with the latest security and compliance best practices or regulations. In 2018, with the upcoming enforcement of the EU GDPR 'respond fast' rules, organizations will quickly come to terms, and face fines, with why 'good enough' is not 'good' anymore." –Kris Lovejoy, CEO of BluVector

6 of 19

Consumerization of Cyber-Security

"2018 will mark the debut of the 'consumerization of cyber-security.' This means consumers will be offered a unified, comprehensive suite of security offerings, including, in addition to antivirus and spyware protection, credit and identify abuse monitoring and identity restoration. This is a big step forward compared to what is available in one package today. McAfee Total Protection, which safeguards consumer identities in addition to providing virus and malware protection, is an early, simplified example of this. Consumers want to feel more secure." –Don Dixon, co-founder and managing director, Trident Capital Cybersecurity

7 of 19

Ransomware Will Continue

"Ransomware will continue to plague organizations with 'old' attacks 'refreshed' and reused. The threat of ransomware will continue into 2018. This year we've seen ransomware wreak havoc across the globe with both WannaCry and NotPetya hitting the headlines. Threats of this type and on this scale will be a common feature of the next 12 months." –Andrew Avanessian, chief operating officer at Avecto

8 of 19

More Encryption Will Be Needed

"It will become increasingly clear in the industry that HTTPS does not offer the robust security and end-to-end encryption as is commonly believed, and there will be a push to encrypt data before it is sent over HTTPS." –Darren Guccione, CEO and co-founder, Keeper Security

9 of 19

Denial of Service Will Become Financially Lucrative

"Denial of service will become as financially lucrative as identity theft. Using stolen identities for new account fraud has been the major revenue driver behind breaches. However, in recent years ransomware attacks have caused as much if not more damage, as increased reliance on distributed applications and cloud services results in massive business damage when information, applications or systems are held hostage by attackers." –John Pescatore. SANS' director of emerging security trends

10 of 19

Goodbye Social Security Number

"2018 is the turning point for the retirement of the Social Security number. At this point, the vast majority of SSNs are compromised, and we can no longer rely on them—nor should we have previously." –Michael Sutton, CISO, Zscaler

11 of 19

Post-Quantum Cyber-Security Discussion Warms Up the Boardroom

"The uncertainty of cyber-security in a post-quantum world is percolating some circles, but 2018 is the year the discussions gain momentum in the top levels of business. As security experts grapple with preparing for a post-quantum world, top executives will begin to ask what can be done to ensure all of our connected 'things' remain secure." –Malte Pollmann, CEO of Utimaco

12 of 19

Market Consolidation Is Coming

"There will be accelerated consolidation of cyber niche markets flooded with too many 'me-too' companies offering extremely similar products and services. As an example, authentication, end-point security and threat intelligence now boast a total of more than 25 competitors. Ultimately, only three to six companies in each niche can survive." –Mike Janke, co-founder of DataTribe

13 of 19

Health Care Will Be a Lucrative Target

"Health records are highly valued on the black market because they are saturated with Personally Identifiable Information (PII). Health care institutions will continue to be a target as they have tighter allocations for security in their IT budgets. Also, medical devices are hard to update and often run on older operating system versions." –Larry Cashdollar, senior engineer, Security Intelligence Response Team, Akamai

14 of 19

2018: The Year of Simple Multifactor Authentication for SMBs

"Unfortunately, effective multifactor authentication (MFA) solutions have remained largely out of reach for the average small- and medium-sized business. Though enterprise multifactor technology is quite mature, it often required complex on-premises solutions and expensive hardware tokens that most small businesses couldn’t afford or manage. However, the growth of SaaS and smartphones has introduced new multifactor solutions that are inexpensive and easy for small businesses to use. Next year, many SMBs will adopt these new MFA solutions to secure their more privileged accounts and users. 2018 will be the year of MFA for SMBs." –Corey Nachreiner, CTO at WatchGuard Technologies

15 of 19

Automation Will Improve the IT Skills Gap

"The security skills gap is widening every year, with no signs of slowing down. To combat the skills gap and assist in the growing adoption of advanced analytics, automation will become an even higher priority for CISOs." –Haiyan Song, senior vice president of Security Markets at Splunk

16 of 19

Industrial Security Gets Overdue Attention

"The high-profile attacks of 2017 acted as a wake-up call, and many plant managers now worry that they could be next. Plant manufacturers themselves will offer enhanced security. Third-party companies going on their own will stay in a niche market. The industrial security manufacturers themselves will drive a cooperation with the security industry to provide security themselves. This is because there is an awareness thing going on and impending government scrutiny. This is different from what happened in the rest of IT/IoT where security vendors just go to market by themselves as a layer on top of IT (i.e.: an antivirus on top of Windows)." –Renaud Deraison, co-founder and CTO, Tenable

17 of 19

Cryptocurrencies Become the New Playground for Identity Thieves

"The rising value of cryptocurrencies will lead to greater attention from hackers and bad actors. Next year we'll see more fraud, hacks and money laundering take place across the top cryptocurrency marketplaces. This will lead to a greater focus on identity verification and, ultimately, will result in legislation focused on trader identity." –Stephen Maloney, executive vice president of Business Development & Strategy, Acuant

18 of 19

GDPR Compliance Will Be a Challenge

"In 2018, three quarters of companies or apps will be ruled out of compliance with GDPR and at least one major corporation will be fined to the highest extent in 2018 to set an example for others. Most companies are preparing internally by performing more security assessments and recruiting a mix of security professionals with privacy expertise and lawyers, but with the deadline quickly approaching, it's clear the bulk of businesses are woefully behind and may not be able to avoid these consequences." –Sanjay Beri, founder and CEO, Netskope

19 of 19

Data Security Solidifies Its Spot in the IT Security Stack

"Many businesses are stuck in the mindset that security of networks, servers and applications is sufficient to protect their data. However, the barrage of breaches in 2017 highlights a clear disconnect between what organizations think is working and what actually works. In 2018, we expect more businesses to implement data security solutions that complement their existing network security deployments." –Jim Varner, CEO of SecurityFirst

Top White Papers and Webcasts