A few cybersecurity predictions for 2018

Over the past few weeks, dozens of people have reached out to me with their cybersecurity predictions for 2018. Some prophecies are fairly obvious (ransomware will continue in 2018), while at the other extreme, some people are pushing doomsday forecasts aimed at garnering press hits (i.e. the U.S. will suffer a cyber attack in 2018 that knocks out the power grid for a substantial amount of time).

Here are a few predictions that fall between these extremes. I believe 2018 will feature:

1. Cloud computing chaos (aka C-cubed). You’ve probably heard the old adage that change is the enemy of security. This axiom really sums up the issue with cloud computing security. Organizations are moving full speed ahead with cloud computing, deploying cloud-based technologies such as VMs, containers, micro-services, and serverless applications across Amazon Web Services (AWS), Microsoft Azure, Google Cloud, IBM cloud, and Oracle cloud platforms.  Unfortunately, this is happening at an increasing pace that security teams simply can’t keep up with — especially considering the global cybersecurity skills shortage. According to a recently published ESG/ISSA research report, 29 percent of organizations have an acute shortage of cloud security skills. Because of those issues, ESG’s cloud security guru Doug Cahill tells me that organizations are not setting up the right security policies, processes, or controls for the cloud. This will inevitably lead to lots of easily exploitable vulnerabilities, data breaches, and regulatory compliance violations. To alleviate this risk, CISOs will have to up their game in 2018, work in lock-step with cloud developers and DevOps groups, surround cloud with the right policies, develop collaborative processes, and build a cloud security controls architecture.
2. The rise of high-end security services. As cybersecurity grows increasingly complex, more and more CISOs I speak with are throwing in the towel and outsourcing various security tasks to MSSPs and SaaS providers. In the past, managed security services tended to be pedestrian in nature. This will continue, but look for new high-end/high-skills services designed for more sophisticated enterprise organizations. Some of these services are available today from vendors such as Binary Defense, BitSight, Cisco, CrowdStrike, Digital Guardian, Digital Shadows, FireEye, Forcepoint, Spirent, Symantec, and ThetaPoint, but I expect a growing wave in 2018. What types of services? EDR, managed threat hunting, malware analysis, continuous penetration testing, threat intelligence analysis, etc. According to ESG research, 56 percent of organizations are implementing, planning, or interested in security as a service, so this could be a lucrative market.
3. Security technology integration. In 2017, 21 percent of enterprise organizations said integrating security technologies into a common architecture was one of their highest priorities, and this will only pick up steam in 2018. In fact, I believe security operations and analytics platform architecture (SOAPA) will be a major enterprise theme throughout the year. A lot of this integration will center around single vendors and their product platforms/suites. This will cause large vendors such as Cisco, IBM, McAfee, Splunk, Symantec, etc. to fill product portfolio holes, making 2018 a stellar year for M&A.  Aside from these proprietary efforts, I believe that multi-vendor SOAPA efforts will also gain momentum. Look for a lot of action around data standards (CIM, JSON) and open-source software such as Apache Kafka.
4. Machine learning technology. Artificial intelligence for cybersecurity remains trapped in a hype cycle — mainly because too many vendors have pitched it as a panacea (note: It is not a panacea). In 2018, infosec pros will realize that machine learning is a very good “helper app” if it is applied to specific and well-understood areas where we have ample data available for model building. In this way, I see machine learning’s role as assisting cybersecurity professionals rather than replacing people with robots. So, instead of stand-alone products, machine learning will sneak into enterprise security, riding on top and adding intelligence to existing tools such as DLP, EDR, endpoint security software, network security analytics, SIEM, threat intelligence platforms (TIPs), etc. Bay Dynamics and Fortscale come to mind here, as these firms have used their machine learning technologies to enhance the efficacy and efficiency of existing security tools.
5. GDPR anarchy. By the end of the summer, we will see a frighteningly high GDPR fine ($10 million? $100 million?), which will serve as a wake-up call across the globe. Why the pessimism? ESG and other data indicates that many organizations are completely unprepared today and won’t be ready when GDPR takes effect next May. They don’t know where the sensitive data resides, haven’t built processes to audit the data, can’t meet the 72-hour disclosure cycles, etc.  One UK reseller I spoke with compared GDPR to Y2K, saying service providers are at capacity, so if you need help with GDPR preparation, you are out of luck.  As GDPR anarchy grips the continent next summer, look for the U.S. Congress to (finally) start engaging in serious data privacy discussions next fall.

I expect a lot of good and bad activity next year, so 2018 is bound to be a bumpy ride. More soon.