6 CyberSecurity Predictions for 2018

By Ulrich Lang, CEO/Founder ObjectSecurity

Home|6 CyberSecurity Predictions for 2018

1. Increased adoption of risk-based and biometric authentication tools

Anthem and Equifax breaches have raised some very serious questions on password-only authentication options. Service providers as well as consumers are now looking for alternatives that will reduce the risk of data breach. As risk-based authentication tools assess the background behavior and other data of the users, hackers will be more soundly deterred. Also, the adoption of biometric technology has increased over time and with the introduction of fingerprint and now facial recognition authentication on mobile devices, will we see more adoption of this technology in the enterprise?

2. Orchestration and automation take the front seat! … and AI too?

Advanced security orchestration is one of the best ways to fight cyberattacks. Orchestration and automation (O&A) also improve  the data breach process by streamlining privacy response management. Automation will include both enforcement and monitoring. A nice side effect is that the current cybersecurity skills gap is also alleviated as analysts can now focus on investigation rather than pivoting between tools. Artificial Intelligence (AI) is currently over-hyped everywhere including cybersecurity and therefore is doomed to under-deliver – but there will be some first successes using AI effectively (vs. hype) in cyber, especially around adaptive threat classification.

3. More Mobile Threats.

A set of predictions would not be complete without some assumption on the device in your hand or in your pocket. Christopher Cain, associate malware removal engineer at Webroot, believed that we will see the first major malware infection in the Android App Store while Klonowski believed that we will see the first widespread worming mobile phone ransomware, perhaps spread by SMS/MMS.

4. IoT hacks take center stage.

Internet of Things (IoT) is moving in everywhere – in factories, infrastructure, and last-but-not-least in your home. Connected IoT smart assistance such as Amazon Alexa and Google Assistant can listen to anything going on, can interact with connected devices in your home (doors…!), and are internet-connected. Fertile breeding ground for major attacks – hopefully limited to “only” privacy breaches and inconvenience, and not physical safety. On the factory/infrastructure side, we will continue to see legacy devices connected to IoT being vulnerable.

5. Business as usual – growing threats and unclear risks.

 Neither the cybersecurity industry nor the wider business community or the public will have enough of a “wake-up call” effect this year to actually move from “sticking the head in the sand” or “admiring/discussing the problems” to actually do what it takes to really move cybersecurity forward as much as is needed. Society has been desensitized over the last years to just accept major security and privacy breaches, and is not yet willing to change things enough. And it is obvious why band-aids are still favored: the risk posture remains unclear – for example, is cyberwar imminent? is a kill-switch going to bring down our infrastructure? etc. Fundamentally systems would need to be architected and built with security in mind (before the breach!), and most conventional cybersecurity approaches are at a dead-end (necessary but not sufficient). Really moving the needle would be very costly and disruptive – a known cost vs. the cost of an unknown risk.

6. GDPR

General data protection regulation, aka GDPR, will gain prominence and change the way in which business is conducted. The EU regulation is a major catalyst for increased investment in data governance, within and beyond the EU. The regulation will be effective from May 2018. Many companies, esp. outside the EU, will not meet GDPR compliance by deadline unless they switch gears now. GDPR has enormous fines for companies that fail to comply. Time to get ready if you are not yet. You don’t want to be that non-compliant company the regulators use to set an example.
By |January 12th, 2018|General|Comments Off on 6 CyberSecurity Predictions for 2018