Top 100 Cybersecurity Predictions for 2018 Impacting MSSPs
Welcome to predictions from EventTracker, BluVector, Cylance and more
20. Machine Learning’s next chapter: I think that machine learning in security will continue to grow, and we will see platforms (maybe Splunk or log aggregators or maybe new products that don’t exist now) begin saying ‘give us EVERYTHING you might have about your company, your network, your machines,’ and then the platform will automatically begin surfacing and monitoring for new things that are related, both inside and outside the firewall. Source: Sam Curcuruto, head of Product Marketing, RiskIQ
2018 Cybersecurity Prediction From EventTracker
19. SIEM will shift to MSPs: “With SIEM platforms evolving to encompass machine learning concepts and orchestration capabilities, plus spreading to the furthest ends of the digital enterprise, we must also look at the most appropriate delivery model. By intertwining connectivity, threat, and compliance management, the delivery model that might work best for some organizations would be that the SIEM, or IT security, is delivered from an organization’s preferred ISP or managed IT service provider (MSP). The fully evolved SIEM platform will be able to deliver advanced functionality, wide integration, and lastly, MSP-friendly deliverability. Source: A.N. Ananth, CEO, EventTracker, a Netsurion company
2018 Cybersecurity Predictions From BluVector
18. Extremism debate intensifies: On the heels of the net neutrality debate, we’ll hear a more fundamental discussion about the risk of the Internet as a platform for encouragement of hate/extremism terrorism and the role of government and private companies in countering the extremist narrative through voluntary and “proactive” management of social media. Source: Kris Lovejoy, CEO of BluVector.
17. Cyberattacks pursue social unrest: In addition to nation states, we will see examples of terrorists, extremists, and other hate actors using cyberattacks as the mechanism to enact social unrest and/or financial panic. This will primarily be through continued and sustained use of disinformation as well as destructive attacks focused on critical infrastructure. Source: Kris Lovejoy, CEO of BluVector
16. Ransomware gets nastier: With the success of “Sorebrect” as an attack vector, fileless ransomware attacks will become more prevalent in 2018 Source: Kris Lovejoy, CEO of BluVector.
15. Criminals will evolve faster than ever: Adversaries will start adopting Artificial Intelligence to better enable their attacks faster than cyber defenders, adding more insult to injury. Deterrence in cyberspace will continue to be very elusive and ineffective. It’s a repeat of the classic cat and mouse game. The criminal cats of 2017 will only get fatter in 2018 without better defenses. Source: Kris Lovejoy, CEO of BluVector.
14. Good Enough will fail: Too many professionals share a “good enough” philosophy that they’ve adopted from their consumer mindset that they can simply upgrade and patch to comply with the latest security and compliance best practices or regulations. In 2018, with the upcoming enforcement of the EUGDPR “respond fast” rules, organizations will quickly come to terms, and face fines, with why “good enough” is not “good” anymore. Source: Kris Lovejoy, CEO of BluVector.
2018 Cybersecurity Predictions From Cylance
13. Many more security vendors will testify on Capitol Hill: With major cyberattacks like WannaCry and the breach at Equifax getting the attention of lawmakers, it is only a matter of time before we starting seeing more cybersecurity companies be called to testify before congress. So far, victim organizations have taken the brunt of criticism from politicians and the press, but less attention is being paid to the companies promising to secure the sensitive data in the first place. There will be a moment when security vendors are asked to explain why their products weren’t able to live up to the promises of their marketing departments, which will have a serious impact about how we talk about the capabilities of security solutions. Source: Malcolm Harkins, Chief Security and Trust Officer of Cylance
12. GDPR will be the Y2K of 2018: Companies are publicly touting their GDPR readiness, but behind closed doors, I expect a lot of uncertainty about the ability to comply with these new and incredibly strict guidelines. While GDPR won’t result in the same public hysteria as Y2K, IT practitioners who were around at the turn of the century will feel a bit of déjà vu. In particular, many companies in the US are waiting to see how GDPR plays out stateside, and I expect in the first few years after its enactment, the EU will look to make an example of a multinational who fails to check all the boxes. Source: Malcolm Harkins, Chief Security and Trust Officer of Cylance
11. The conversation about critical infrastructure will shift towards social media: Social media was originally a fun a way to communicate and stay up to date with friends, family and the latest viral video. Along the way, as we started to also follow various influencers and use Facebook, Twitter & others as curators for our news consumption, social media became inextricably linked with how we experience and perceive our democracy. The definition of critical infrastructure, previously limited to big ticket items like power grids and sea ports, will similarly expand to include said social networks. While a downed social network will not prevent society from functioning, these websites have been proven to have the ability to influence elections and shape public opinion generally, making their security essential to preserving our democracy. Source: Malcolm Harkins, Chief Security and Trust Officer of Cylance
Continue to next page for more predictions from Cylance, Infogressive, BeyondTrust, Kaspersky Lab, Palo Alto Networks and more.