It's that time of the year when security experts and researchers do a thorough review of the year that has been for the security ecosystem, reflect on the shortcomings and make their cybersecurity predictions for 2018 - the new year ahead.
2017 has been a disaster and can rightfully be declared as the year of poor security practices. As we are stepping into December, the last month of the year, the security snafu seems far from over. Courtesy of the professional giants at Uber where they chose to pay off hackers in covering a data breach of over 57 million user accounts that occurred last year instead of disclosing it to the concerned regulators and the general public.
Over 9 billion records have been lost or stolen globally since the year 2013. Nearly 2 billion of these were breached in the first half of 2017 alone.
While we are yet to recover from these incidents, what do the next 12 months hold for the security space? Here are the top cybersecurity predictions for 2018 by industry experts:
Top Cybersecurity Predictions for 2018
1 It's going to be "a lot more of the same"
Richard Ford, the chief scientist at Forcepoint feels that the next year is going to be tougher than it already is with regards to defending cyber attacks. He further added that hackers will continue leveraging social media in order to exploit users. He says that businesses need to be smart enough in their defense against threats while also predicting the rise of business email compromise.
2 Artificial Intelligence - a boon or a bane?
Cybersecurity can be very well considered equivalent to an arms race where the weaker party will resort to asymmetric means to achieve their targets. Oliver Tavakoli, CTO of Vectra feels that the way artificial intelligence and machine learning is being adopted by organizations to improve their cybersecurity, so will the threat actors be using it to their benefits. He further added that cybercriminals are rapidly using these new technologies to speed up the process of finding loopholes in commercial products.
Advances in AI and machine learning are a double-edged sword, improving product experience but also useful for hackers and cybercriminals—Gene Stevens, Co-Founder and CTO, ProtectWise
3 Automation will take center stage
Automation is more likely to become the leading security trend in 2018, says Ofer Amitai, CEO, Portnox. This ensures that adequate security postures will be available to more actors and it makes sense in the case of modular devices like the Internet of Things, where the lack of timely firmware updates is a matter of huge difficulty.
4 The bigger they are, the harder they fall
If we think that this year's headlines shocked us with Uber, Equifax, and Yahoo, then we are soon going to witness similar twists and turns in the security ecosystem next year as well.
The security experts at BeyondTrust warn us that large organizations will continue to have poor security hygiene, will not be meeting the legal regulations and will continue to fail at enforcing the security policies they develop, recommended and entrust upon others. They further add that the security news of next year will have more high profile names and the root causes of cybersecurity breaches will be as shocking as the OPM breach
"A single large-scale scale cyber attack can trigger $53 billion in economic losses, comparable to damages caused by natural disasters." - Lloyd's of London
5 GDPR - Many companies, will fail to be compliant with the new EU regulation by the deadline
Once the General Data Protection Regulation (GDPR) legislation becomes enforceable from 25 May 2018 any personal data breach impacting citizens of the European Union will need to be reported within 72 hours. The GDPR regulations will provide transparency to the data owners into how their information is collected and used.
Companies that fail to comply will face penalties of up to 20 million Euros or 4 percent of global turnover, a disaster for businesses that might not be compliant by the GDPR deadline. Cybersecurity expert Pierluigi Paganini who is also a member of the ENISA (European Union Agency for Network and Information Security) warns us of the panic amongst businesses as they approach the deadline.
Since the GDPR regulation is still poorly understood; many organizations will resort to having a cautious approach to worrying repercussions. Paganini further believes that the regulation will have a significant amount of impact on security teams of any company that operates in a multi-national contest.
6 Malware modified with self-replicating capabilities to continue in 2018
The biggest cybersecurity incidents of this year revolved around the issue of self-replicating malware that can easily spread between networks. The WannaCry and NotPetya malware were examples of this. So were the Bad rabbit ransomware and a wormable Trickbot banking trojan that was also reported in the month of July.
Alastair Paterson, CEO & Co-Founder, Digital Shadows expects that the disruption caused by the WannaCry and NotPetya incidents will inspire threat actors to continue the use of malware modified with self-replicating capabilities.
He further added that another driver for the use of malware is the fact that organizations around the world will continue to be slow in mitigating these methods whether it is by applying appropriate patches and updates, or restricting communication between workstations, and disable features such as Server Message Block (SMB) to reduce the capability of malware to propagate within networks of the organization.
7 Outsourcing of security services will expand
It's no secret that there is a huge shortage of cybersecurity talent all over the world. This year proved the same as hundreds of thousands of unfilled cybersecurity roles still remain open. In the United States there are 350,000 to be exact, and in 2018 this number will only continue to grow further.
Along with the human talent shortage comes the prolonged issue of organizations not having enough in-house talent to effectively address, prevent and resolve these security incidents and issues. Mike McKee, CEO of ObserveIT expects that companies will continue to look to third-party security vendors and managed services providers to help manage and mitigate these security incidents and challenges.
"Reducing the cost of security breaches by only 10% can save global enterprises $17 billion annually." - Morgan Stanley
Whether these predictions turn out to be true or not (we sure hope not) that would remain to be seen next year. But one thing is clear that cyber crimes will continue to be a problem for us and the need of the hour is for governments, businesses and end users to be aware and proactive towards the digital risk we all are prone to.
The increased boldness of these digital threats calls for a cybersecurity collaboration between all those part of this ecosystem - businesses, developers, governments and also users. Only if we all work together can we fight this well and hope to achieve worldwide security.