• United States



What will be the single biggest security threat of 2018?

Dec 03, 201719 mins

Our annual poll to find out what security professionals think the single biggest security threat of next year will be

For the last couple of years, we’ve straw-polled security professionals to discover what they think the single biggest security threat of the following year will be. This year we heard from 72 security professionals and have summarised the responses below.

What is the format?

Each year we ask security professionals to tell us what they think the single biggest security threat of the following year will be along with a one sentence explanation. This is a totally subjective answer (and many individuals naturally highlight problems that relate to their own solution).

What are the findings?

Out of 72 usable responses we found a strong leaning towards ransomware (11 responses) and employees (12) while IoT (6) and threats to critical infrastructure (5) were also raised by multiple individuals. The responses have been grouped below in the following sections:

  1. Employees (12)
  2. Ransomware (11)
  3. Repeated responses (14)
  4. Other suggestions (35)

How does this compare to results from the last couple of years?

Last year the single biggest threat suggested by security professionals was the Internet of Things with 26 responses, while ransomware—which has probably been the biggest threat of 2017—was only mentioned twice.

In 2016, 14 of the experts we spoke to suggested employees and this seems to be firmly back on the list for next year.

Results of previous polls can be found here:

  • What will be the single biggest security threat of 2016?
  • What will be the single biggest security threat of 2017?

What did individuals have to say?

All usable responses are cut down to a single sentence and grouped by theme below.


Always the people

The reality is that your employees are and almost certainly will always be the biggest threat to cybersecurity.

—Tim Hall, CTO at Blue Logic

The soft underbelly

Whether they are the negligent executives that fail to implement proper cybersecurity policies, unwitting insiders that fall victim to phishing emails, or naive employees that fail to appropriately patch and update their computers, people remain the soft underbelly that malicious actors will exploit to compromise an organisation.

—Steve Lakeman, research team at ThreatConnect

Criminals more professional than the target

cybercriminals are more professional, sophisticated and well-organised than ever before, which makes it tough for end-users to properly defend themselves – a ‘patch-work’ approach simply will not suffice, and digital cybersecurity must be a continuous and on-going process to succeed.

—Eric Berdeaux, CEO at Oxial

Taken for granted?

Technology plays a massive part in our lives today, so much so that we typically take it for granted.

—Richard Kennedy, director of Cloud Services and Infrastructure at Xperience Group

Malicious insider

The biggest cybersecurity threat in 2018 will be the one that catches organisations unaware; the malicious insiders that are even now quietly syphoning off data and secrets from their most secure databases, by taking advantage of a mainframe blindspot that research shows exists in 84% of global organisations.

—John Crossno, Product Manager at Compuware

People are your greatest asset—and vulnerability

As phishing attacks become more sophisticated and socially engineered attacks continue to rise, the real target isn’t infrastructure—it’s the user.

—Joe Diamond, director of Security at Okta

Junior staff often could not care less

Companies need to be aware of the threat of rogue insiders, particularly when it comes to people in more junior positions with access to sensitive data, who may be disillusioned or less security-savvy than more senior staff.

—Andrew Avanessian, COO at Avecto

Insecure user behaviour

The single biggest security threat for 2018 will be the same as it was in 2017—users—we need to accept that users will continue to behave insecurely, and deploy systems that will protect them by design when they make mistakes.

—Fraser Kyne, EMEA CTO at Bromium

The inflection point for insiders

Cybercriminals, like any good business, are looking for the most cost effective model to achieve their goals; 2018 may be the year of an inflection point where it is more cost effective to utilise insiders instead of producing malware, resulting in a dramatic decrease in the amount of malware discovered.

—Tim Brown, VP of Security at SolarWinds MSP

User ignorance

cybersecurity is still being treated as an IT issue and yet most of the biggest breaches resulted from some muppet clicking on a phishing email link, plugging a USB in or doing something just plain stupid, so how many companies now run regular cyberthreat awareness update sessions for their staff (all staff!)?

—John Davies, director at Pervade Software

Privileged accounts holders

Users with elevated or privileged rights are still the primary target for hackers, and the tendency in recent data breaches shows that once passwords are stolen, organisations struggle to detect harmful actions executed with hijacked accounts—unless they can spot abnormal behaviour of their users.

—Csaba Krasznay, security evangelist at Balabit

People are the weakest link in any organisation’s security chain—if cybercriminals can get through to employees, they are almost certain to be successful in hacking into the organisation.

—Martin Ewings, director of Regional Sales and Specialists Markets UK&I at Experis


Beyond WannaCry and Petya

We expect to see an increased number of ransomware attacks on higher value data, even more damaging than WannaCry and Petya; military institutions and banks could be next on the hit list, as hackers might look to exploit these hugely powerful institutions for even bigger financial benefits.

—David Navin, corporate security specialist at Smoothwall

The first house will be held to ransom

Hackers may go as far as locking owners out of their houses—by infiltrating their smart locks—until they pay to get back in.

—Jason Hart, CTO of Data Protection at Gemalto

Commodity ransomware

I think commodity ransomware will continue to be the biggest threat in 2018—almost everyone is a target, and the effects can be devastating.

—Chris Doman, security researcher at AlienVault

A lucrative revenue stream

Ransomware will continue to be a key threat next year—it’s neither new nor novel but it’s simple to write, has been proven to be effective, and can be an incredibly lucrative avenue for hackers to exploit.

—Holly Williams, penetration tester at Sec-1

Go-to strategy for criminals

As long as organisations remain vulnerable to attack and slow to recover, it will continue to succeed as a go-to strategy for cybercriminals.

—Gary Watson, founder and CTO at Nexsan

Beyond “spray and pay”

Ransomware will become more targeted by looking for certain file types and targeting specific companies such as legal, health care, and tax preparers rather than “spray and pray” attacks we largely see now.

—Brian Baskin from the Threat Analysis Unit (TAU) at Carbon Black

Higher and higher ransoms

Targeted ransomware, because when essential services are targeted specifically, the value of the locked data is huge and the consequences are vast—meaning, the cybercriminals can demand higher and higher ransoms.

—Linus Chang, CEO and founder of Scram Software

Personally identifiable information

GDPR comes into effect next year and has the potential to carry very large fines for companies handling the PII of EU citizens; malicious parties may see this as an easy way to make financial gains by targeting PII in attacks and holding it to ransom.

—Thomas Fischer, global security advocate at Digital Guardian

Targeted for impact

Having witnessed the impact of this year’s high-profile ransomware attacks, such as the one that almost brought down the NHS, ransomware will continue to be even more targeted in 2018 as hackers seek top businesses, banks, health care institutions and other national-critical organisations to implement even more vindictive, sneaky, and potentially life-threatening attacks—leading to panic if organisations are unable to detect and stop incoming attacks quickly, before damage is done.

—Ross Brewer, VP and MD of EMEA at LogRhythm

A targeted ransomware pandemic

In 2017, disruptive ransomware has become the weapon of choice for cybercriminals due to monetisation which reflects the successful digital transformation of organised crime—as is evident from the nearly daily reports of cyberattacks in the press, I only see this threat getting worse in 2018.

—Chris Goettl, manager of Product Management for Security at Ivanti

Linux ideal target

Ransomware will increasingly target Linux systems in an effort to further extort larger enterprises – for example, attackers will increasingly look to conduct SQL injections to infect servers and charge a higher ransom price.

—Param Singh from the Threat Analysis Unit (TAU) at Carbon Black

Repeated responses

IoT attacks

Reports already show an increase of 280% in IoT attacks in the first half of 2017 alone, this will increase in 2018 with more and more devices becoming connected.

—Patrick Clover, founder of Blackbx

The home front

The IoT-connected world that surrounds each and every one of us is getting more complex, sharing more of our data in evermore opaque ways and getting less easy for the average user to understand, let alone to have any hope of controlling a perfect security storm.

—Nigel Harrison, CEO at cyberSecurity Challenge UK

The unknown rising threat of IoT and botnets

We have already seen what IoT devices can do when pooled together by hackers to conduct a DDoS attack, imagine what will they be able to do when reprovisioned for web applications, credential abuse or over-the-horizon threats.

—Jay Coley, senior director of Security Planning and Strategy, EMEA at Akamai Technologies

The interface between the cyberand physical world

Proliferation of attacks against internet of things (IoT) and operational technology (OT) such as industrial control systems. These systems are the interface between cyberand the physical world and are poorly secured against attack and successful compromises have life-safety implications.

—Chris Day, CSO at Cyxterra

IoT security is nonexistent

The biggest security threat relates to the internet of things and it finding growing acceptance – in cars, computers, even scales; but IoT security is nonexistent.

—Frederik Mennes, senior manager of Market and Security Strategy, Security Competence Center at VASCO Data Security

IoT a gateway to businesses

Due to the perfect storm of sprawling supply chains, rampant outsourcing, and the rise of IoT, 2018’s biggest security risk could be third-party access point attacks, aka TAP attacks, in which hackers target businesses via vulnerable suppliers and partners.

—Andy Waterhouse, EMEA presales director

Critical infrastructure

The biggest cybersecurity threat in 2018 will be to critical infrastructure—their corporate IT networks as well as operational technology (OT), including devices for industrial control systems (ICS) and supervisory control and data acquisition (SCADA).

—Justin Coker, VP EMEA at Skybox Security

Stealth hacks on critical infrastructure will require a new approach to security

Sophisticated cyberattacks will become more unpredictable and take forms we have not seen before.

—Salvatore Sinno, chief security architect at Unisys

Ancient national infrastructure

We are likely to see a massive cyberattack on national infrastructure, similar to the attack that brought down the NHS, but this time with hackers targeting CCTV equipment—many of which are open to risk because they sit outside of high security IT and are not regularly updated with firmware.

—James Wickes, CEO and cofounder of Cloudview

State sponsored actor attacking a major organisation or critical infrastructure

The political landscape is like a tinderbox right now, we just need one wrong tweet from a world leader directed at another, or a wannabe, and it could kick off a cyberwar.

—Andrew Martin, founder and CEO at DynaRisk

Phishing for critical infrastructure

2018 will undoubtedly see a big increase in cyberattacks on critical infrastructure worldwide, with phishing continuing to be a key point of entry.

—Alan Levine, security advisor at Wombat Security Technologies

Spear phishing

Spear phishing (targeted phishing) will become more sophisticated, leveraging or impersonating respected brands and directing unsuspecting users to realistic destinations to harvest credentials and other personal information.

—Fabian Libeau, VP EMEA at RiskIQ

Spear phishing attacks

In early 2017, 61% of infosec professionals reported experiencing spear phishing attacks, and this year has seen a number of high profile attacks hit the press, from Amber Rudd (responsible for cybersecurity in the UK) to Tom Bossert (cybersecurity advisor in the US) being affected.

—Amy Baker, VP at Wombat Security Technologies

Shortage of affordable skills. It may feel like a bit of an old chestnut, but a shortage of available and affordable people to fill gaps in cybersecurity positions at all levels continues to hold back progress—including both potential trainees, and people with experience in the field.

—Robert Nowill, chairman of cyberSecurity Challenge UK

Security teams becoming overwhelmed

I expect 2018 will be the year that security teams become totally overwhelmed by the sheer number of threats they face—which could potentially have catastrophic implications, as a result, organisations will face the choice of either making millions of security experts appear from thin air—ISACA predicted there’d be a shortage of two million by 2019—or find alternative ways to use advanced intelligence, analytics and automation to deal with this critical problem.

—Piers Wilson, head of Product Management at Huntsman Security

Non-malware attacks

These fileless attacks are capable of causing havoc and stealing data by using approved, native operating system tools, such as PowerShell.

—Mike Viscuso, cofounder and CTO at Carbon Black

Fileless malware

This type of malware operates by appending the attack to legitimate services and remaining in the memory portion of devices.

—Raef Meeuwisse, ISACA governance expert and author of Cybersecurity for Beginners

Other responses

The cryptocurrency bubble

With values continuing to climb, we are likely to see normal people inflate the bubble and provide the demand for cybercriminals to supply the market with precious cryptocurrency.

—Josh Mayfield, platform lead of Immediate Insight at FireMon

Lack of accountability

Next—instead of working hand-in-glove with a security services provider to protect customer data—too many of them will simply buy cyberattack insurance, which is really just about passing the buck and does nothing to address the actual problem.

—Srinivasan CR, senior vice president of Global Product Management and Datacentre Services at Tata Communications

Security misinformation

Quite a few vendors are reducing the information they provide, while many individuals and the media are overhyping issues presented to the masses—this combination will eventually create a perfect storm of security misinformation that will cause issues that are actually critical to be overlooked.

—Tyler Reguly, manager of Vulnerability and Exposure Research Team at Tripwire

The basics

Even after all the publicity from incidents such as WannaCry, and with GDPR incoming, we still see a lack of basic cyberhygiene in the public and private sectors, as well as from individuals.

—Vince Warrington, director at Protective Intelligence

Packaged attacks for sale on the dark web

These readily available vulnerabilities are already known to the security community and the best possible defence is to patch all devices as soon as possible and use some sort of vulnerability management.

—David Fearne, technical director at Arrow ECS

Communications systems

The key takeaway from the recent, major data leaks is that our communications systems are not secure.

—Rick McElroy, strategist at Carbon Black

Assuming that they are secure

Minimising the exposed skin of a business through good practice and technology goes a long way, but planning for when the unthinkable happens is also key.

—Mike Simmonds, CEO at Axial System

Squirrel syndrome

This is the ability of companies to be easily distracted by the latest bright and shiny security threats, resulting in a failure to concentrate on key security issues and adequately protect data.

—Ian Kilpatrick, EVP of cyberSecurity for Nuvias Group

New biometric technologies create new attack surfaces

There will be widespread adoption of machine-learning based facial recognition tools as many companies follow in the footsteps of technology giants such as Apple.

—Barry Shteiman, director of Threat Research at Exabeam

Unsanctioned enterprise messaging

As unsanctioned messaging platforms like Slack and HipChat spread, they enable rapid communication and file sharing, obviating the need for conventional tools like email and causing IT to lose visibility and control over corporate data.

—Mike Schuricht, VP of Product Management at Bitglass

Half-hearted approach to risk

The biggest security threat will remain our half-hearted approach to this very real risk.

—Oz Alashe, CEO at CybSafe

Shadow IT

The most important threat comes from unauthorised technology installations by users, also known as shadow IT—a major challenge for IT departments worldwide, increasing the attack surface of organisations and exposing them to serious cyberrisks not to mention the risk of severe financial penalties following incoming regulation like GDPR.

—Matt Middleton-Leal, general manager of EMEA at Netwrix

Failure to monitor the security in the software development life cycle

The biggest threat will be for organisations who fail to monitor the security in the software development life cycle within the whole context of a client’s coding and IT infrastructure—the move towards open source tools and libraries created by third parties means IT suppliers need to build in a fail-safe approach to avoid exposing their software to vulnerabilities or breaches created much lower down the chain.

—Phil Lea, head of Security and Compliance at Advanced


Email will continue to be the biggest security threat in 2018 as it is the easiest and lowest risk way to directly attack employees with phishing, ransomware, and impersonation attacks.

—Steve Malone, director of Security Product Management at Mimecast


I think the biggest threats will be against coprocessors (i.e., the chips that control things like cellular and Wi-Fi radios, instead of doing the main processing).

—James Plouffe, lead solutions architect at MobileIron


The biggest problem in a lot of the affected organisations has been patching old, well-known vulnerabilities.

—Neil Anderson, director of Security Services at Assure APM

Nothing will change

A new calendar year will not see breaches suddenly cease, or board members waking up to the threats they face.

—Chris Pogue, head of Services for Security and Partner Integration at Nuix.

Supply chain attacks

This is where software used widely by enterprises will be backdoored and operate as Trojans into corporate and enterprise environments.

—John Bambenek, threat intelligence manager at Fidelis Cybersecurity

Bricking of systems

Bricking of systems will be a 2018 trend as hackers effectively turn expensive hardware from modern computing devices to nothing more than inert mass. Examples of this include destruction-ware, some BIOS attacks, router attacks and anything that basically breaks computer and network hardware.

—Sam Curry, CSO at Cybereason

False information influencing things other than the democratic process

2018 will see the increase in targeted attacks from nation state actors to industry, with more of a focus on financial gain than political or military advantage.

—Joep Gommers, CEO at EclecticIQ

Voice channel fraud

Human beings at the end of the phone line are an enormous data security risk.

—Ben Rafferty, global solutions director at Semafone

Exfiltration of data from cloud-based storage will accelerate

Infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) attacks will see massive tranches of data from organisations being taken from the cloud, without IT/security team even knowing.

—Matt Walmsley, EMEA Director at Vectra

Lack of strategy

The single biggest security threat of 2018 will be the failure of businesses to implement a structured cybersecurity strategy.

—Steven Kenny, business development manager for Architecture and Engineering at Axis Communications

Evolution of the bad guys

The biggest cybersecurity threat in 2018 will be the speed with which the bad guys are evolving, which means that tried and tested cybersecurity defences are no match—the only way to remain protected is to adopt a dynamic approach to cybersecurity.

—Maninder Singh, corporate vice president and global head of Cybersecurity at HCL Technologies

Target will evolve

Attack types will not change, rather the target of the attacks will evolve.

—Ryan Wilk, VP at NuData Security

Broken software

Broken software is by far the biggest security threat on planet Earth right now.

—Gary McGraw, vice president of Security Technology at Synopsys


Our recent Security in Enterprise research showed that 47% of organisations had experienced some form of malware or ransomware attack in the last two years, facilitated by the rise in unknown malware—I fully expect this will continue to be one of the biggest threats of 2018.

—Shane Grennan, director of regional accounts for UK&I at Fortinet


The biggest security threat in 2018 will be the lack of discipline in both patching known vulnerabilities and analysing application systems for security-related weaknesses.

—Bill Curtis, SVP and chief scientist at CAST and executive director at the CISQ (Consortium for IT Software Quality)


Cyberattacks are barely out of the news at the moment, and when conducting an M∧A deal or other business-critical transaction, confidentiality and data integrity is of the utmost importance—meaning that all of the sensitive documents associated with a project need to be adequately protected.

—Gary McKeown, group managing director at Imprima

Compromised development environments

Hackers are going to the source, modifying standard software development tools in order to seed new applications with malware.

—Gerhard Oosthuizen, CIO at Entersekt

Software supply chain

The biggest risk for 2018 is your software supply chain.

—Josh Zelonis, senior analyst at Forrester

Lack of understanding of risk

The biggest threat to most organisations will continue to be a lack of understanding of where they have actual risk in their organisation, and the misallocation of security resources that generally results from this lack of understanding.

—Jim Hietala, VP of Security at The Open Group

Large-scale data breaches

Public awareness and scrutiny of data breaches and how secure their data is will shift next year—not just because there will be more large-scale breaches, but because reporting rules will change thanks to GDPR.

—Thomas Bostrøm Jørgensen, general manager for EMEA at AllClear ID

cybersecurity complacency

The biggest security threat that will hit businesses will continue to be attitudes in relation to cybercrime—the “it will never happen to me” view; every year our DBIR shows that the same tactic—from phishing emails to the exploitation of weak passwords—keep succeeding; until people learn from the cyberattacks that are taking place across their industries and start to educate employees and change their behaviour, the oldest threats will continue to be disruptive.

—Laurance Dine, managing principal of Investigative Response at Verizon

Open source management

The failure to properly manage and secure the open source components making up increasingly large portions of commercial and custom software will be one of the most significant cybersecurity threats to organisations in 2018.

—Mike Pittenger, VP Security Strategy at Black Duck Software