Here we are in December already. It’s that time of the year when security experts are making their predictions for the upcoming year. Because I enjoy these predictions and because I believe that the predictions can help organizations plan their security budgets for the coming year, cybersecurity forecasts will be a theme for this month.
Some of the predictions are straightforward and unsurprising. Ransomware seems to be at the top of most lists, which is not surprising, as Marty P. Kamden, CMO of NordVPN, said in a formal statement:
Ransomware assaults seem to be getting increasingly dangerous. Besides, system administrators are not ready to protect their networks from more sophisticated breaches. We believe that attacks will only keep getting worse.
Security surrounding the Internet of Things (IoT) is also a primary forecast for 2018. However, where we’ll see the biggest changes in IoT security is up for debate. While Steve Durbin, managing director with Information Security Forum, said the growth of IoT will add unmanaged risks to organizations because they will add devices not realizing they are often insecure by design and therefore offer many opportunities for hackers, Larry Cashdollar, senior engineer, Security Intelligence Response Team, with Akamai, said IoT developers must step up with better security built into device software at the manufacturer level. One particular area of concern in the IoT world, according to Kaspersky Lab, will be connected vehicles. Researchers there said connected cars are likely to face new threats as a result of growing supply chain complexity, leading to a scenario where no one player has visibility of, let alone control over, all of a vehicle’s source code. This could make it easier for attackers to break in and bypass detection.
Another common prediction is unique to 2018. The European Union’s General Data Protection Regulation (GDPR) will go into effect in May. I’ve talked a lot about GDPR over this past year, and not surprisingly, many in the security world have strong opinions about what GDPR will bring. For example, email deliverability expert Matt Vernhout, director of privacy at 250ok, said to me in an email comment:
I expect that soon after GDPR goes into effect, one of the member countries in the EU will quickly make an example of a company that failed to implement the proper procedures. There are few companies that can emerge unscathed after the fines and the blow to their reputation. Companies worldwide should be starting the process of being 'GDPR ready' now.
That’s a prediction I am firmly behind. I think that there will be a breach in June or July that will test GDPR, and I wouldn’t be surprised if it involved an American company that thought it could skate by the regulation. And there is this opinion from Malcolm Harkins, chief security and trust officer of Cylance, who sees GDPR as 2018’s version of Y2K:
Companies are publicly touting their GDPR readiness, but behind closed doors, I expect a lot of uncertainty about the ability to comply with these new and incredibly strict guidelines. While GDPR won’t result in the same public hysteria as Y2K, IT practitioners who were around at the turn of the century will feel a bit of déjà vu. In particular, many companies in the U.S. are waiting to see how GDPR plays out stateside, and I expect in the first few years after its enactment, the EU will look to make an example of a multinational who fails to check all the boxes.
These are the most common areas of security predictions I’ve seen so far this year and the least surprising. However, based on the email messages I’ve received, there are some interesting takes on the impact security will have on businesses and on the world in the next year.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba