The BIG List of 2018 Cyber Security Predictions From Experts Around the Globe

Every day there’s a new breach, technology or announcement in the world of cyber security. This leads us to believe 2018 is going to be a critical time for security, so we wanted to hear what experts around the globe had to say. From the Israel and the United States to London and Dublin, we’re sharing their insights and predictions. Will they come true? We’ll just have to wait and see.

Blockchain will be used as a universal source of truth.

In 2017, the FINTECH industry implemented and released a range of products backed either by an existing public blockchain or by custom-built blockchains. It was exciting to see how different blockchain designs were married up to each use case.

In 2018, I see the same thing happening in InfoSec. The blockchain is best used as a universal source of truth, and in InfoSec there are a number of protocols that rely on a universal truth. There are three technologies where I expect to see improvement using blockchain technology: 1) backing Threat Intelligence, where PolySwarm will provide more complete coverage for everyone, 2) backing DNS records, which will help eliminate DNS spoofing attacks and 3) backing BGP tables, which will help eliminate route spoofing attacks.


Blockchain approach to securing assets becomes a reality.

Enterprises today consider only traditional methods of securing assets, all focused on security technology procured, installed, and managed within the four walls of the company. But as we can see, enterprises today continue to be one step behind the hackers who are continually more organized, resourced, and creative in the methods to get to assets.

Blockchain, by nature, is a distributed approach to authenticating entities, assets, and therefore provides a much stronger architectural approach to security. Investments into technology companies building blockchain-based solutions are rising significantly as the investments community understands the power of a distributed approach to security.

Blockchain is becoming a real approach all companies should consider.


A major vulnerability will topple the value of a popular cryptocurrency.

When most people think of cryptocurrency and blockchain technology, the first thing that comes to mind is Bitcoin. While Bitcoin was the first cryptocurrency and remains the most popular, there are actually many different crypto coins in existence. Other coins like Ethereum, Litecoin and Monero all maintain total market capital over $1 billion. Each new cryptocurrency brings new innovations to their respective blockchains. Ethereum’s blockchain for example, acts as a fully decentralized computer capable of running applications. However, these additional blockchain features introduce additional security considerations.

Ethereum already saw a near-50 percent drop in value back in 2016 when hackers exploited a vulnerability in a popular blockchain application to steal more than $50 million in Ethereum cryptocurrency. Since then, bug bounty programs and public code reviews have become a major part of blockchain development, but attacks have continued, including one that targeted a popular Ethereum multi-signature code wallet and made between $100 and $500 million in Ethereum permanently inaccessible.

As the value of these cryptocurrencies grows, they will become much more appealing targets for cyber criminals looking to make millions. We predict that hackers will find a vulnerability severe enough to completely wipe out a popular cryptocurrency by destroying public confidence in its security.


Our exposed PII will come back to bite us.

Our Identity is no longer ours. Personally Identifiable Information (PII) is no longer valid — since so much of it has been exposed in breaches over recent years. Everyone needs to acknowledge that they have been breached and are vulnerable, and that attackers have more of our personal information than ever before. As a result, we will start to see new types of attacks that leverage the rich amount of PII that is publicly available. Given the huge pool of PII data collected it could be weaponized to cause massive attacks on major entities (e.g. government, financials, healthcare system, etc.), and the rich data they have on individual users could create uniquely sophisticated phishing/social engineering attacks that are undetectable and indistinguishable from the real thing, life-taker-over will be a possibility.

  • PJ Kirner, co-founder and CTO of Illumio

Traditional email security safeguards will fail.

As phishing scams become more complex, traditional email security will become even more obsolete in 2018. Business Email Compromise (BEC) scams reached record levels in 2017, fueled by email impersonation, spoofing and spear-phishing. According to the FBI, documented BEC scams increased 2,370 percent between January 2015 and December 2016 and have so far resulted in more than $5.3 billion in losses.

Most traditional email security systems can not detect the latest socially-engineered attacks because they mainly rely on content scanning and signatures to analyze messages. But some attackers don’t even need to use malicious links if they assume the identity of a trusted person. Such emails often appear to come from clients, co-workers and managers and can be almost impossible for people or technology to recognize. Mailsploit, a phishing vulnerability that gained popularity in 2017, can spoof email addresses to both the user and the email server, making email filters all but obsolete.

  • Eyal Benishti, a veteran malware researcher and founder and CEO of IRONSCALES

In 2018, companies will prioritize the cloud to manage security.

More than ever, business leaders will search for security solutions that mitigate blind spots across the cloud, including activity conducted across off-network access or on personal devices. Today’s workforce is mobile and distributed; legacy tools can’t see devices that are unattached to an enterprise network (i.e. mobile) so more businesses will turn to independent cloud security companies to more effectively connect the dots.

  • Sanjay Beri, CEO and founder of cloud security company, Netskope

Within security organizations, data security teams will need to continue to focus on people, process, and technology.

They will need to identify the holes in their organizations, both from a personnel standpoint as well as a processes standpoint, then implement the proper technologies to help with some of those gaps. Ultimately, automation through technology will be key in supplementing the gaps in the people and process problems.


The number of IoT devices will only increase.

And, given their known vulnerabilities and the fact that the Reaper botnet alone has harnessed more than a million devices, we will most likely see more large scale Distributed Denial of Service (DDoS) and Destruction of Service (DEoS) attacks. If we look at the trend from recent attacks, we went from Wanna Cry to NotPetya, we saw motivation shifting from getting money to destroying systems. Malware will also be more mischievous as it looks to see what it can destroy and break the ability to restore by looking up an organization or consumers’ backup capabilities and erasing data.”


Mega-breaches and privacy legislation will dominate headlines

Headlines will still be dominated by mega-breaches like the Equifax breach, as such events have a huge impact on business. Major breaches in which large groups of ‘non-technical’ people must understand why they were impacted by the breach, or why their privacy was violated, is essentially an emotional issue. Furthermore, issues such as legislation to ‘violate privacy’ impacts the rights of everyday citizens, and will also dominate headlines in 2018.

  • Guy Peer, co-founder and VP of R&D at Dyadic

Social media will be the number one vehicle for ransomware distribution in 2018.

Currently, there are nearly one million social media accounts compromised every day, and that number will continue to rise thanks to the plethora or easily identifiable targets. And with new channels comes new costs: the average cost of a ransomware ticket will go up 50 percent next year. These actors see that organizations are willing to pay the ransom, so they’ve upped their asking price. And while organizations may be paying a higher ransom, the cost of these attacks are going down due to artificial intelligence tools making these campaigns infinitely easier to carry out.


Security buyers seek authenticity.

On the subject of truth, vendors in the overcrowded cybersecurity market are waking to a new reality: The Cybersecurity Renaissance is over. Gone are the days of irrational exuberance where we could slap terms like “Artificial Intelligence” or “Machine Learning” on a banner at RSA and expect willing buyers to come in droves. We are entering the Period of Enlightenment where buyers ask 2 questions: What are you going to replace? How are you going to PROVE your claims. The result — protracted sales cycles where buyers, now completely skeptical of the hype, will demand evidence that capabilities work (and can replace something else) in the form protracted proof of concepts.


Hybrid clouds will be a thing.

Although hybrid clouds have been talked about for a very long time, they will become a thing in 2018. As consolidations and partnerships accelerate, and as workload portability becomes an imperative for Azure and GCP, we will witness many new services where customers will be able to run their own private clouds and seamlessly connect with Azure or GCP for additional capacity on demand. Partners like Cisco, HPE, Dell, and VMware will participate in this thing wholeheartedly to ensure a prolonged revenue stream from their existing products.


IoT devices as vulnerable targets in the workplace.

IoT devices are being integrated into the workplace to increase productivity for employees, in term opening up new vulnerabilities for companies. IoT devices come with their own risks, as they can be accessed remotely, or act as an entry point to breach an organization’s network. Recently, Brother printers were found to have a denial of service (DoS) vulnerability, allowing hackers to tie up resources and reduce productivity of organizations using this printer.


Consolidation and resale of data breach results.

While we haven’t yet seen criminals consolidating data from different breaches before re-selling it, it’s an obvious concern in the future as the value-add of this type of data “packaging” would be substantial. When this type of consolidated breach data eventually hits the black market–and this is only a matter of criminal initiative, as all the data is out there–then new and more targeted attacks will be enabled on a much larger scale.

For example, consider a breach where names and social security numbers were compromised, and then a separate breach in which names, email addresses and passwords were stolen. By combining these two data sources, the criminal would be able to find some set of users for whom the criminal would now know all this information. By automatically searching for emails from banks in an intended victim’s email boxes, the criminal would be able to identify and contact the victim’s bank and, posing as the that victim, gain direct access to the bank account. The criminal can then add himself (or a mule) as a co-signer and obtain an ATM card, then deposit one or more forged checks and withdraw the corresponding amounts before the checks eventually bounce. This would be the liability of the account owner, unless picked up by the financial institution.

Moving forward, we must be ready to withstand this type of threat. This comes down to having security defenses that do not rely to any extent on the caution of the end user, but which identify and address deception in an automated way. While such systems exist today, the extent to which they are deployed is still very limited.

  • Markus Jakobsson, chief scientist, Agari

IOT security is a trend to watch in 2018.

The fundamental security weakness of the Internet of Things is that it increases the number of devices behind your network’s firewall.

Securing IoT devices requires more than securing the actual devices themselves.. We have to build incorporate security into software applications and network connections that link to those devices.

Ten years ago, most of us had to only worry about protecting our computers. Next, we had to worry about protecting our smartphones. Now we have to be concerned with protecting our car, our home appliances, our wearables, and many other IoT devices. Because there are so many devices that can be hacked, it is a constant security challenge.


Organizations aggressively embrace cloud and DevSecOps.

Leading enterprises have already realized that cloud and devops are not a threat to security, but the best way to reduce risk. Since the threat is now continuous, companies will need continuous security to go along with continuous integration and continuous delivery. Organizations will prioritize instrumenting their entire stack and applications with best of breed security tools for real time visibility, protection, and control.


New regulations, such as the European Union General Data Protection Regulation (GDPR), will add another layer of complexity to the issue of critical information asset management that many organizations are already struggling with.

The GDPR aims to establish the same data protection levels for all EU residents and will focus on how organizations handle personal data. Businesses face several challenges in preparing for the reform, including a widespread lack of awareness among internal stakeholders. The additional resources required to address the obligations are likely to increase compliance and data management costs while pulling attention and investment away from other important initiatives. In the longer term, organizations will benefit from the uniformity introduced by the reform. But it is not just in the area of privacy where legislation will bite. The increasing burden of compliance and legislative variances across jurisdictions will increase the burden for multi-nationals and those businesses targeting international trade.”


Lack of qualified experts.

We first need to fill the growing shortfall of qualified security experts who have the necessary skills and experience to solve these problems for organizations of all types and sizes.

Hiring and training enough skilled security workers will continue to be one of the biggest challenges facing CISOs in 2018 and beyond. Due to this lack of trained personnel in-house, we expect that more companies will leverage external managed security service providers (MSSPs) to help fill this need.

  • Jack Miller, Chief Information Security Officer at SlashNext

The industry will move more towards automation, API’s, and cloud services at scale.

It’s more about continual compliance, configuration checks, and response at scale than it is about point-in-time signatures, Firewalls, policies, and rules. Lastly we need to remove the complexities and management burden away from the user and provide security that is simply powerful.”

  • Isabelle Dumont, Vice President at Lacework

2018 will be the year of virtual patching and the year that improving patch cycles for enterprise applications becomes a priority.

The ability to rapidly apply a patch that functions like a physical patch without taking the vulnerable app out of production or making any code changes — must be an evaluation (and ultimately, deployment) priority in 2018. We have seen this issue arise as a recent study by CA Veracode found that only 14% of high severity code flaws — the kind that lead to headline stealing security breaches — are fixed in less than 30 days. That means 86% take longer than 30 days. This is too long of a time to address this issue as it takes less than a week for malicious hackers to set up shop inside an organization after exploiting a known vulnerability. (Source: Ponemon Institute) This issue needs to be addressed head on in 2018 in order to avoid more breaches that are sure to come if left unpatched.


Incident response teams will look for ways to more actively combat malicious presence in the enterprise, going beyond the practice of merely identifying which systems might have been compromised.

Such steps might entail misdirecting or slowing down adversaries and their tools. A related example might involve vaccinating systems against specific malware families, “persuading” malware that it’s already on the system to prevent the infection in the first place.