2018 Cyber Security Predictions

Kelly Shortridge
9 min readDec 21, 2017

Fed up with ridiculous infosec predictions for the upcoming year, I decided to aggregate them all and use the power of Markov Chains to generate my own list. What follows is the result, lightly edited solely for readability. I hope to be pioneering the next-gen AI-powered thought leadering market segment.

In 2018, security. Cyber security people will die. We’ve long debated where security people will die. We expect this lucrative trend to continue through 2018.

2017 predictions were fake, but we received the word. Security predictions for 2018 showcase a myriad of challenges that can be exploited. What’s more, they will pose a significance (the computing, the significance). But we rarely think as well about the potential for net new, impactful cyber events. The world seems less stable, and a software library is another international data breach. One could make it a theoretically important question: are computers Internet connectivity?

Companies can’t count on the internet. We knew full well that this was the near future. It’s simply a “good” business environment of valuable data, data that allows them to move into 2018. Any of their data is one thing to blame, and security will be front and center. Data breaches are from human error, yet traditional hacking is on critical data.

We are at the rising edge of a return to securing applications instead of building complex, expensive and defensive strategies for APT attacks. These breaches that plague organizations today are primarily the information security community’s ability to script, automate, scale, and more efficiently analyze the mass quantities of data involved in cyberattacks for more than a decade.

Organizations will continue to be a popular hacking method. Our children face an amazing future of gadgets, services, and experiences, but they also face tremendous growth of the marketspace and a necessity for organizations. Software will help overcome cultural resistance and arm organizations. The growing awareness is due to significant monetary gains and because problems are always easier to solve when security.

Reality is only automation.


The dark but lucrative trend in ransomware will emerge from the shadows and escalate, directly impacting the legal challenge of IT professionals, which will deepen. With this rise in ransomware solutions, businesses will exploit models that will ignite a bit of fun! While we predicted increases in ransomware last year, companies scrambled to update vision and strategy against each other.

Ransomware protects expensive and often inefficient perimeter defenses. FAKEAV and ransomware — like peanut butter and jelly or Thelma and Louise, the two go together. The integration has been to encourage the use of human behavior-directed attacks in the war on cybercriminal technology and help them find a better way for vulnerabilities to require security prediction.

While hackers are already heavily sanctioned, with the rise of populism, 44% of organizations will escalate to a very scary pitch, with each side threatening to go public — exposing you to the risk of huge fines — unless you pay the ransom. For hackers, ransomware will attack each other for years. The Equifax hackers will demand $2.6 million USD — even for a target whose network of seemingly unlimited endpoints contains a massive Equifax breach.


In 2018, the cryptocurrency escalates. The value of cryptocurrency exchanges and the age of them becomes a top priority for organizations to get the basics of cyber security prediction. They’ve become the payment method of choice for cyberattacks with security experts. Blockchain technology makes them attractive to hackers, as opposed to PCs.

The industry will ultimately find a cheap, dirty, and effective way to monitor sugar levels, and blockchain technologies will increasingly come under mounting pressure to better combat the new threat that will emerge in 2018. Vendor-agnostic implemented blockchain technology underpins the transaction ledgers used by most cryptocurrencies and will increase, driven by third-party security policies that will still lack teeth.

Our prediction of what many deem to be past abuses that came to light with the blockchain technology has started making serious financial impact. 2018 will be the year of abhorrent sexist behavior by powerful tools and those which manage global marketing campaigns. Next year’s newfound love will be forced to only be not-authorized.

Automation will let BTC wallets be hacked and remotely controlled. As with any political drama of the past year, Gartner forecasts 8.4 billion connections to cryptocurrency exchange users’ wallets and exploits of weak authentication, but only when risk is high. For as little as US$ 5, you can actually pay someone to do the attack for you! This is just one issue the GDPR aims to resolve for European citizens.


Following the trend in 2018, the IoT world will continue to grow. This will become more widely accepted, and will overtake AI in VC funding, and security innovation will rapidly escalate to include technologies that drive other smart device hacks. Many IoT technologies lack protections to ensure devices cannot be exploited by the cyberspace dark forces.

The IoT space gets even messier before it adopts a common framework. Given the difficulty of managing IoT sensors in the absence of standards, most solutions remain proprietary and geared toward solving very purpose-driven functions. Expect 2018 to be the year that your device is about to be confiscated.

Hackers who want to gain control over devices are to materialize in 2018 and organizations, including freelance groups hired by the government, will administer DDoS attacks and cyber warfare. Services providers, including governments, will impact things (IoT) connectivity to conduct attacks. It will be the start of a layered addition that targets their hardware chips, which may even be publicly available on the “open-market,” resulting in proliferating worms to infiltrate many IoT deployments.

Vigilante hacking smart meters and installing fileless malware attempts have begun. Major car manufacturers are not yet routinely building security into their target. Will we see self-driving cars seriously hacked? Amazon Echo devices submitted into our crystal ball to manage realization tasks will continue to grow through unpatched new vectors. Drones are used to create serious disruption of things, to say, open a garage door to legitimate organizations. The boardroom needs access to these malicious devices, so as not to have to fend off cyber security gaps using pirated social media spamming.


We predict increases in the United States launching cyber attacks against other nations. This offers very little incentive towards limiting the Cold War. If they can find a weak link in a system which already established that cyber-risk is now a prominent red exclamation mark in a triangle, we expect to see supply chain issues.

Fake news comes into play when GDPR gets imposed. It’s hard to argue that fake news may or may not have influenced the 2016 presidential election. When it comes to grips, the US elections are building secure fraudsters. The fake news triangle consists of: motivations of proper mobile devices, freelance groups hired by governments, and stealing information projects. A reminder is just around the corner with the US mid-term elections in the aforementioned battle between authentic and fake. Expect lobbyists, foreign and domestic, to push fake news to further their agenda.

International governments and vulnerability of data is embedded into business requirements, and overall levels of social information will accelerate. Singapore has recently been tasked with protecting people, data, intellectual property, stockholder loyalty, and brand protection. In 2018, Africa will emerge to help enterprises, which when left unsecured, can become slave nodes. British security evolves in areas such as China and its role in a free society. Each area alone could make 2018 an interesting year.

Malaysia has also recently analyzed this data as quickly as possible. Malaysia and Indonesia are already looking for alternatives to SSNs, including machine learning that lets computers emulate this to meet the ground up. Alternatives to SSNs could include the defense-in-depth strategy that address the systemic vulnerabilities in the user, coming from devices built on blockchain-related cyber security numbers. Action: Volunteer your time to fully eradicate SSNs from the credit process.

Prediction #5: PREDICTION IS… GDPR

Prediction: the European Union (EU) will become untenable. The goal of GDPR is to harmonize data so privacy watchdogs can interfere with businesses worldwide. A group known as the ‘Cutting Sword of Justice’ took credit for GDPR compliance, so companies outside the European Union (EU) will face fines of up to 20,000,000 EUR or up to 4% of their total security. They need to assess whether they will ignite discussions on a politicized role beyond our wildest dreams.

Legislation will mean artificial intelligence in the first regulation (GDPR) becomes enforced. This rule would disable biometrics or a company’s data via the “troll farm” behind Twitter. Ransomware will still be outnumbered by the regulation’s impact on their operations, and in turn, lead to an increase in automated toolsets to drive success. Data regulations in developing markets on the Dark Web offer a sophisticated nature of the user’s physical location, all contacts, or access to their data.

Again, don’t take GDPR seriously or experience it by using machine learning engines.

Prediction #6: CYBER RECYCLING

AI is a tool that can and will be exploited much more than just a convenient way to learn about today’s weather or get the latest sports scores. AI is a tool that can show genuine concern for protecting the privacy debate. AI will also open the way to new vulnerabilities. AI will permit attacks to scale far beyond the techniques that are frequently used. Insurance companies will continue to target holes in machine learning, AI, analyzing our smart devices, and even multi-factor solutions.

Machine learning may also be a powerful tool, and those wielding it will believe that it should not completely take over security mechanisms. It should be considered an additional security layer incorporated into an in-depth defense strategy, and not a silver bullet.

Most still have not seen widespread advertising to deceive machine learning. If a manipulated piece of data or wrong command is sent to an ERP system, machines will be liable to sabotage processes by carrying out cyberattacks against individuals as opposed to being bombarded with false positives. 30% to 40% of the war on cybersecurity experts is with machine learning, selling information, and detecting Internet infrastructures. Even though that analysis may include machine learning-based authentication, it brings with it significant growth in company indicators, driven by nationalistic tendencies.

Machine learning and managed security will move away from detect-and-respond alerts and data. We can spot patterns or those who have superficial attack components. Furthermore, advances with pattern recognition supporting the Internet infrastructure can also see more suppression systems surrounding software at little or no defense. It allows proactively managing the individual to become an essential part of SecOps, and direct sales persons need to be bombarded with false positives.


We will see increased adoption of cyber security frameworks. Cloud Access Service Brokers (CASB) and other cloud security frameworks have been acquiring certificates that make UEFI an attractive target for cyberattacks. A prime example is Windows 10.

Next-generation security incident response exercise projects will face lawsuits. Sadly, it’s simply to notify them, and report to the fire department. As such, it is not about embedding cybersecurity practices, and large companies are not secure by design. Users and enterprises are advised to routinely check for software.

Managed security processes will deploy a defense-in-depth strategy. Unfortunately, GDPR will provide accurate detection and Response (MDR) services, including techniques such as advanced phishing and social media to help stories spread rapidly. Action: Try shopping at the reconnaissance phase before it’s too late.

Previous attacks are the gift that continues to become an entry point to the central networks. We predict that these networks (which base their success on quantified metrics like ‘daily active users’ and cyber behaviors at the human point) are growing. Numerous readily available fortresses are not sufficient. A hoard of locusts will control systems daily.

In 2018, we will be protected by HTTPS. Those not using HTTPS inspection/decryption are at risk. TLS 1.2 is widely available to anyone who feels the risk level oversight and the human-centric root of risk. Once red teams incorporate into an in-depth defense strategy, not a silver bullet, they should be disabled on all website traffic using HTTPS by default. We discovered that the customers’ red teams were conducting penetration testing, which has repercussions for the industry marketing hype.



Kelly Shortridge

VP of Strategy @Capsule8. “In the information society, nobody thinks. We expected to banish paper, but we actually banished thought.”