In our last installment, we covered some of the really cool technological developments that have happened this year. Now, as the final days of 2017 fly by, we want to see what some are predicting for cybersecurity in 2018. But before we get to that, let’s first take the time to remember a year that ZDNet says was a “dumpster fire of privacy and security screw-ups.”
Not So Great…
In an article that is both amusing and alarming, Zach Whittaker begins by reminding us that on his way out, President Obama relaxed the rules for intelligence agencies to get their hands on raw data collected by the NSA – including on American citizens – just in time for the Trump administration.
From there, he goes on to recall the fact that the WannaCry ransomware hack was partially the fault of the NSA; Equifax’s “utterly abysmal” response to leaving the personal data of 145 million people open to being stolen. The article is a greatest hits list of cybersecurity failures, bad ideas (give Amazon free access to your house when you’re not home!) and even worse ideas: FCC chairman Ajit Pai trying to put the kibosh on rules that that would’ve forced internet providers to obtain customer permission before sharing their browsing histories with advertisers. Congress, of course, killed the rules in March, but Pai got to do in Net Neutrality just this month.
Crystal Ball Time
Now that we’ve touched on some of the memorable moments of the year past, let’s look forward with some prognostications on the state of cybersecurity in 2018.
From Jon Oltsik at CSO: CISOs are going to have to step up their cloud security game. According to a recent ESG/ISSA research report, 29 percent of organizations have a serious shortage of cloud security skills. Because of this, organizations are struggling to set up the right security policies and controls for the cloud. This can lead to vulnerabilities that are easy to exploit, data breaches and regulatory noncompliance.
Of course, an increasing number of CISOs aren’t even trying on their own anymore and have outsourced security tasks to MSSPs and SaaS providers. As cybersecurity gets more complicated, expect this trend to continue. Also in 2018, AI and machine learning will continue to be a growing part of cybersecurity efforts. And the GDPR is going to levy some major fines on unprepared multinational organizations.
From Justin Dolly, CSO of Malwarebytes and former CISO of VMWare: The explosive increase in the value of cryptocurrencies will lead to an increase in cryptojacking which could further blur the lines between everyday internet users and cybercriminals. PowerShell script-based attacks which are difficult to identify, easily evading anti-virus software, will become more common because this makes them very attractive to cybercriminals. Of course, cybercriminal will continue to be a more and more popular profession as long as it continues to be a lucrative one. Also, cybersecurity software is going to be an increasingly large target for those cybercriminals and this will probably mean deteriorating public trust in that software.
Ransomware will get worse because it’s easy money that currently comes with very little downside for the cybercriminal. Sophisticated spear fishing emails are going to proliferate and they are going to be a lot more targeted. Malware will also become more targeted and leaked exploits are going to make that malware even harder to fight. Rash ends with some not-the-biggest-news news, predicting “stupidity will persist.”
From Forbes contributor Gil Press Gil has 60 cybersecurity predictions for the new year. If you’ve got a bit of time on your hands over the holidays, you should check them out. Happy holidays and a (cyber)secure New Year from QuintessenceLabs! We’ll be back with more “More than Quantum” in 2018.