Predictions are tough, but even moreso in the chaotic world of cyber security. The threat landscape is huge, offensive and defensive technologies are evolving rapidly, and nation-state attacks are increasing in terms of scope and sophistication.This cyber \u201cfog of war\u201d makes it hard to see or assess every trend. Last year, for example, CSO\u2019s predictions for 2018 did not anticipate the rapid rise of cryptomining. In hindsight, this relatively easy to execute, lower risk way for cyber criminals to monetize their efforts should have been an obvious choice.Still, we got a few things right: more automation of threat-detection processes, significant rise in attacks using compromised IoT devices, and the decline of trust in the face of rising cyber crime, to name a few.This year, we asked CSO staff and contributors to tell us the biggest events or trends they anticipate for the next 12 months. Here are their top 9.1. Ransomware tapers off, but still wreaks havocRansomware will taper off as criminals shift to other ways to generate revenue. \u201cWhile ransomware will still be a problem, it will be more of a focused, targeted attack,\u201d says Steve Ragan, CSO\u2019s senior staff writer. He cites the declining number of ransomware attacks. According to Kaspersky, the number of users who encountered ransomware in 2017 and 2018 fell by nearly 30 percent over the 2016 to 2017 time period.\u2018The randoms went down, and the targeted ones were big news,\u201d says Ragan. For example, the ransomware group responsible for SamSam is now focusing primarily on a relatively few U.S. companies, mainly municipal and healthcare organizations, according to Symantec.The reason for the decline is that criminals are finding cryptojacking and other schemes are more effective money-makers. The number and quality of ready-made cryptomining tools means that criminals don\u2019t need to be technically skilled. That\u2019s reflected in the 44.5 percent rise in number of users that have experienced a cryptomining attack in the past year, according to Kaspersky. \u201cHidden coinminers continue to proliferate in 2019, and malware authors are taking advantage of them to disrupt your business,\u201d says CSO contributor David Strom. \u201cCryptomining will continue to be a threat as long as attackers can make quick cash from the infections.\u201d2. Regulation and public sentiment on privacy will drive data protection policiesLast year, CSO predicted that the European Union (EU) would quickly punish a few companies in violation of its General Data Protection Regulation (GDPR) to make an example of them. That didn\u2019t happen. The threat of penalties over compromised personal information will still have a huge effect on security operations in 2019 nonetheless.Those penalties are likely coming. \u201cThe EU will break some fingers with the GDPR,\u201d says CSO Senior Writer J.M. Porup. \u201cEnforcement is going to be harsh beginning in the first half of 2019. Companies engaged in surveillance capitalism, like Google and Facebook, are in for a rough few years.\u201d Hundreds of complaints have been filed, including some against Google and Facebook.In 2019, we\u2019ll see how the EU will react to those complaints. That will provide some much-needed clarity regarding the risk that GDPR and other privacy regulations present. If the GDPR doesn\u2019t react, then that\u2019s telling, too. It sends the message not to take the regulation seriously.Rising concern over how companies use and protect personal information will encourage many Americans to hold those companies more accountable. \u201cThe reaction by consumers to constant security breaches and other unethical information disclosures (e.g., Facebook) leads U.S. consumers to demand more default privacy and control over their own information,\u201d says CSO contributor Roger Grimes.Grimes expects to see an effort to enact privacy laws similar to GDPR nationally in 2019. The California Consumer Privacy Act has already passed into law and goes into effect in 2020.\u00a0 On November 1, Sen. Ron Wyden introduced a bill titled the Consumer Data Protection Act (CDPA), which has stiff penalties, including jail time, for privacy violations.Given the federal government\u2019s current state of effectiveness, that bill is unlikely to gain much traction. In the meantime, most organizations that handle consumer data in the U.S. will look to other regulations such as the GDPR and CCPA for guidance. \u201cCalifornia and New York will continue to drive the conversation around consumer data privacy, while Washington drags its heels,\u201d says Porup.\u201cCompanies will \u2026 start seriously thinking about a privacy-first approach to data, especially as these laws expand to more jurisdictions, and to narrowly targeted verticals, such as banking, medical and payments,\u201d says CSO contributor Maria Korolov. \u201cThat will require some major changes in how companies collect, use, and share data.\u201d\u00a03. Expect more nation-state attacks on and surveillance of individualsState-conducted or sponsored targeted cyberattacks on journalists, dissidents and politicians will continue to grow. Like-minded governments will turn a blind eye to such attacks on their own soil.The worst possible outcome of a nation surveilling its own citizens played out in the case of Saudi journalist Jamal Khashoggi. Israeli newspaper The Haaretz reported that the Saudi government used Israeli cyberweapons to track Khashoggi while he was in Canada.The Israeli government appears to be a major exporter of technology that other governments can use to spy on its citizens. Another Haaretz story reports that multiple countries are using Israeli software to target dissidents and homosexuals.4. Microsoft will move Advanced Threat Protection (ATP) to all its mainstream productsWindows 10 Advanced Threat Protection (ATP) is a service that allows anyone with an E5 license to see under the hood and review what an attacker did to a system. It relies on telemetry that is enabled when the computer is linked to the ATP service.The software giant will move to fortify its continuing efforts to build a security-focused brand image by making ATP standard with all Windows versions. \u201cThis will be a key selling point in choosing Windows products over IBM's Red Hat in the coming year,\u201d says CSO contributor and Windows expert Susan Bradley.5. We will determine that voter fraud occurred in the mid-term electionsThe confirmation of voter fraud will spur calls to better protect and enroll people in online voter processes.\u00a0The conflict between those who want to make voting as accessible as possible and those who want to protect the integrity of the process will remain, however.\u201cWe have a need to ensure that everyone can register and vote online, but we will need to take major steps to ensure we can do so safely and properly,\u201d says Bradley.6. Multi-factor authentication will become the standard for all online transactionsThough far from a perfect solution, most websites and online services will abandon password-only access and offer additional required or optional authentication methods. For a while, the different forms of multi-factor authentication will likely confuse and frustrate users.\u201cOnly using a password to authenticate is increasingly leaving us open to phishing and other attacks,\u201d says Bradley. \u201cBut the fact that all the vendors are implementing different systems to authenticate means I'm being driven slightly crazy with all of the two-factor authentications I'm having to manage.\u00a0 It won't be better until a more standardized process is settled on.\u201dThose standards, at least on the vendor side, are on the way. \u201cWith FIDO2 browser enhancements and the Duo\/Cisco acquisition, it could tip the scales. Expect to see more innovation here in the coming year that makes it easier and more compelling to use MFA than not to,\u201d says Strom.7. Spear phishing becomes even more targetedAttackers know that the more information they have about you, the better they can craft a successful phishing campaign against you. Some are using tactics that are a bit creepy. \u201cOne of the trending changes in spear phishing are phishing campaigns where the hacker breaks into an email system, lurks and learns,\u201d says Grimes. \u201cThen they use the information they have learned, as well as taking advantage of the relationships and trust built between people who regularly communicate with each other.One area where Grimes sees this happening more is mortgage wire fraud, where home buyers are tricked into wiring closing fees to a rogue party by an email arriving from a trusted mortgage agent. \u201cThe hacker breaks into the mortgage lender\u2019s (or title agent\u2019s) computer and takes note of all the upcoming pending deals and their closing dates,\u201d he says. \u201cThen the day before the mortgage agent would normally send out an email telling the client where to send the closing money, the phisher uses the mortgage agent\u2019s computer to beat them to the punch. The unsuspecting client wires the money, which is rarely recovered, and ends up losing the house (unless they can come up with another substantial closing payment, which most can\u2019t do).\u201d8. Nations will make an effort to establish cyberwarfare rulesEven in physical warfare, most nations have agreed upon a basic set of rules, such as no torture, no poison gasses, or no slaughtering of civilians. The rules set boundaries that could align much of the world against nations that cross them.No such rules exist for cyberwarfare, and some nations seem to believe they can do almost anything with near impunity. \u201cNorth Korea hacks Sony Pictures. Russia hacks industrial critical control systems and tries to influence the elections of other nations. China steals intellectual property. And the U.S. and Israel use malware to destroy nuclear equipment,\u201d says Grimes. \u201cDigital boundaries are being tested, and some nation states are starting to push back. Expect there to be a Geneva Convention for digital warfare coming soon.\u201dRules or no rules, some nations will continue to push boundaries when it comes to cyber warfare. \u201cCyber attackers will continue to have a safe haven in Russia and China and North Korea,\u201d says Korolov. \u201cThey will have more resources at their disposal than ever, either from their government backers or from the financial windfalls of this year's ransomware and cryptojacking attacks. They will use these resources to find new attack vectors and to improve the resilience\u00a0and adaptability of their malware. The situation will continue to get worse until something very major changes in global geopolitics, which won't be until the next U.S. presidential election, at the earliest.\u201d9. More organizations will require masters degrees in cybersecurity for CSOs\/CISOsCybersecurity training will continue to mature, and certificates alone will no longer be enough to take the next step in a security professional's career, Porup predicts. \u201cThe hodge-podge system of security certifications has failed to provide the right kind of education and training,\u201d says Porup.\u00a0"Cybersecurity training will continue to mature, and certificates alone will no longer be enough to take the next step in a security professional's career," Porup continues. "Masters degrees in cybersecurity are popping up all over the place, including at prestigious universities like UC Berkeley and NYU, and more and more companies will be looking to hire CSOs\/CISOs with the cross-disciplinary skills acquired from a masters degree."