Over the course of December and into the New Year, my inbox fills up with predictions for what 2018 will bring cybersecurity.
At the end of 2016 we assessed a whole host of industry predictions and determined 12 topics that would dictate 2017: skills gap, ransomware, poor routine IT practices, political disruption, CIO activities, social media attacks, AI, advanced cyber-criminals, GDPR, a cloud vendor compromise and better security collaboration.
Most of that came true, although the predictions on ransomware came nowhere close to the impact that WannaCry and NotPetya would come to have. So with an inbox bursting with predictions for 2018, I triaged all of the comments into 11 themes. In no particular order, here are the first six:
It is no surprise that this features so highly after 2017’s headlines. In terms of evolution, it was predicted that after the mass distribution we would see more targeted attempts, with Eric Klonowski, senior advanced threat research analyst at Webroot, predicting the first health-related ransomware targeting devices like pacemakers. “Instead of ransom to get your data back, it will be ransom to save your life.”
As well as being more targeted, predictions from Trend Micro were that attackers “will run digital extortion campaigns and use ransomware to threaten non-GDPR compliant companies”, while Imperva predicted that extortion-enabled disruption will intensify this year, “manifesting in disabled networks, internal network denials of service, and crashing email services”.
Breaches Get Worse
Instances of data loss at Uber, Equifax and other companies will not end in 2017, and Tyler Moffitt, senior threat research analyst at Webroot, predicted at least three separate breaches of at least 100 million accounts, while Imperva said that with the take-up of cloud computing, we’ll see massive cloud data breaches.
Viktors Engelbrehts, director of threat intelligence at eSentire, added: “Politically motivated and espionage cyber-attacks against the critical infrastructure industry will continue to increase. There is also the potential for loss of human life as a result of targeted cyber-attacks, especially in the healthcare sector.”
Data breaches are an unfortunate major part of cybersecurity now, and it’s hard to see a world where unsecure data is a factor. One cause for this is the new data protection regulation…
That regulation is of course GDPR, which comes into force on May 25 2018. On the minds of most in cybersecurity, it was not a surprise that this featured so heavily in the vendor predictions we received. Colin Tankard, managing director of Digital Pathways, predicted that the shortage of staff will impact GDPR adoption, “especially in the rise of the Data Protection Officer” and that come May 25, only 10% of companies will be ready for GDPR and, by the end of the year, we will see the first companies closing due to having to meet the considerable fines.
To also combine two trends, both Trend Micro and FireEye believed that attackers will run digital extortion campaigns and use ransomware to threaten non-GDPR compliant companies “as attackers seek to capitalize on a potential fear of large fines.”