Over the course of December and into the New Year, my inbox fills up with predictions for what 2018 will bring cybersecurity.
At the end of 2016 we assessed a whole host of industry predictions and determined 12 topicsthat would dictate 2017: skills gap, ransomware, poor routine IT practices, political disruption, CIO activities, social media attacks, AI, advanced cyber-criminals, GDPR, a cloud vendor compromise and better security collaboration.
Most of that came true, although the predictions on ransomware came nowhere close to the impact that WannaCry and NotPetya would come to have. So with an inbox bursting with predictions for 2018, I triaged all of the comments into 11 themes. In no particular order, here are the first six:
It is no surprise that this features so highly after 2017’s headlines. In terms of evolution, it was predicted that after the mass distribution we would see more targeted attempts, with Eric Klonowski, senior advanced threat research analyst at Webroot, predicting the first health-related ransomware targeting devices like pacemakers. “Instead of ransom to get your data back, it will be ransom to save your life.”
As well as being more targeted, predictions from Trend Micro were that attackers “will run digital extortion campaigns and use ransomware to threaten non-GDPR compliant companies”, while Imperva predicted that extortion-enabled disruption will intensify this year, “manifesting in disabled networks, internal network denials of service, and crashing email services”.
Breaches Get Worse
Instances of data loss at Uber, Equifax and other companies will not end in 2017, and Tyler Moffitt, senior threat research analyst at Webroot, predicted at least three separate breaches of at least 100 million accounts, while Imperva said that with the take-up of cloud computing, we’ll see massive cloud data breaches.
Viktors Engelbrehts, director of threat intelligence at eSentire, added: “Politically motivated and espionage cyber-attacks against the critical infrastructure industry will continue to increase. There is also the potential for loss of human life as a result of targeted cyber-attacks, especially in the healthcare sector.”