Yes, it’s that time of the year again, already! The who’s who of cyber are putting out their cyber security predictions for the 2018 and we are collating them all for you. We will endeavor to update this entry as new predicts come to light.
In no particular order, here we go.
Cyber security predictions 2018 – Forrester
Governments will no longer be the sole providers of reliable, verified identities
The Equifax breach demonstrated that no single entity – including any government – can safeguard identity data and provide trusted and reliable identity verification for a large number of consumers, especially as customers increasingly engage with businesses through digital channels.
More IoT attacks will be motivated by financial gain than chaos
The Mirai botnet that hit in late 2016 demonstrated how hackers can use a botnet army of compromised IoT devices to launch a massive DDoS attack. IoT-based attacks will likely continue to grow in 2018.
Cybercriminals will use ransomware to shut down point of sale systems
Many merchants have updated their payment systems to use end-to-end encryption and prevent criminals from obtaining credit card data from point of sale (POS) systems. This has led criminals to turn to ransomware as a means of monetizing an attack, as opposed to stealing and selling data.
Cybercriminals will attempt to undermine the integrity of US 2018 midterm elections
The US has not addressed the systemic vulnerabilities that can be found in its voting systems, which depend on software to cast votes, count them, verify them, and report them, the report stated.
Firms too aggressively hunting insider threats will face lawsuits and GDPR fines
It’s become easier for firms to monitor employees and their activities as a means to thwart malicious insiders, employees making mistakes, or an attacker with compromised employee credentials. However, employees may find this to be an invasion of privacy. In September, the European Court of Human Rights ruled that companies must inform employees in advance if their work email accounts are going to be monitored.
More cyber security predictions from Forrester here
Cyber security predictions 2018 – McAfee Labs
An adversarial machine learning “arms race”
Machine learning can process massive quantities of data and perform operations at great scale to detect and correct known vulnerabilities, suspicious behavior, and zero-day attacks. But adversaries will certainly employ machine learning themselves to support their attacks, learning from defensive responses, seeking to disrupt detection models, and exploiting newly discovered vulnerabilities faster than defenders can patch them.
Ransomware will pivot to new targets, technologies, and objectives
The profitability of traditional ransomware campaigns will continue to decline as vendor defenses, user education, and industry strategies improve to counter them. Attackers will adjust to target less traditional, more profitable ransomware targets, including high net-worth individuals, connected devices, and businesses.
Serverless apps will increase attack surfaces for organizations
Serverless apps are vulnerable to attacks exploiting privilege escalation and application dependencies. They are also vulnerable to attacks on data in transit across a network, and potentially to brute-force denial of service attacks, in which the serverless architecture fails to scale and incurs expensive service disruptions.
More cyber security predictions from McAfee Labs here
Cyber security predictions 2018 – Gartner
Skills and organization for cybersecurity continue to change
With a 0% unemployment rate, security skill sets are scarce. The industry needs and will continue to need new kinds of skills as cybersecurity evolves in areas such as data classes and data governance. It’s a problem that security experts have avoided, but the reality is that in the next three to five years, enterprises will generate more data than they ever have before
Cloud security becomes a top priority for many
As the cloud environment reaches maturity, it’s becoming a security target and it will start having security problems. It’s possible that cloud will fall victim to a tragedy of the commons wherein a shared cloud service becomes unstable and unsecure based on increased demands by companies. When it comes to cloud, security experts will need to decide who they can trust and who they can’t.
Shift your focus from protection and prevention
A dedicated, well-financed actor who is after something in your enterprise is going to get it, even if they use the weakest link–people–to do so. This means adapting your security setup to focus on detection, response, and remediation. That’s where the cybersecurity fight is today. In the future, it will most likely move to prediction of what’s coming before anything happens.
More cyber security predictions from Gartner here
Cyber security predictions 2018 – ISF/CIO
Crime-as-a-service (CaaS) will expand available tools and services
2017 has seen a “huge increase in cybercrime, particularly crime-as-a-service.” The ISF predicts that process will continue in 2018, with criminal organizations further diversifying into new markets and commodifying their activities at a global level. Some organizations will have roots in existing criminal structures, the ISF says, while others will emerge that are focused solely on cybercrime.
The IoT will further add unmanaged risks
Organizations are increasingly adopting IoT devices, but most IoT devices are not secure by design. Additionally, the ISF warns there will be an increasing lack of transparency in the rapidly evolving IoT ecosystem, with vague terms and conditions that allow organizations to use personal data in ways customers did not intend. On the enterprise side, it will be problematic for organizations to know what information is leaving their networks or what data is being secretly captured and transmitted by devices like smartphones and smart TVs.
Regulation will add to the complexity of critical asset management
Regulation adds complexity, and the sweeping European Union General Data Protection Regulation (GDPR) will come online in early 2018, adding another layer of complexity to critical asset management.
SF notes the additional resources required to address the obligations of GDPR are likely to increase compliance and data management costs, and to pull attention and investment away from other activities.
More cyber security predictions from IFS/CIO here
We will post more cyber security predictions for 2018 as they come to hand.
This article was originally published on CyberSecBuzz