By Lorna Trayan, Associate Partner Security at IBM Security Services
As I realized that the year is almost over, I had a thought: wouldn’t it be great if we could get a crystal ball and see what the future holds for us? Although I would love to know about my personal life, it’s the cybersecurity world I’m referring to here! Alas, since that’s not possible, we will all have to settle on reading the reports coming out and talking about future “predictions” of the security realm. Predictions, even if sometimes don’t come exactly true, would still assist us in taking a certain direction.
As I embarked on the path of report reading, I came across a variety of very good sources. I knew that I would find the security vendors publishing reports that predict one year ahead (i.e. 2018). But no, I was after a more unpredictable and a more questionable future.
The one that grabbed my attention was ISF’s, which predicts two - three years ahead. I meticulously went through the one called “Threat Horizon 2019”. Apparently, Threat Horizon 2020 apparently is coming up around the corner! The three 2019 themes of “Disruption”, “Distortion”, and “Deterioration” didn’t really give me a warm and fuzzy feeling about the future. However, what I liked about it was that it linked threat trends to business impact (and this link, as we all know, is very hard to come by). I also really liked how each year they evaluated their previous predictions and mentioned if they had come true or they had not predicted correctly. In my humble opinion, this keeps them honest and keeps up their credibility.
From that report, I moved on to IDC’s “Worldwide Security Products and Services 2018 Predictions”. This one was for five years and contained 10 predictions. Here also, I was happy to find a link between the prediction and its impact. To my further despondency; the predictions from this report weren’t really positive either. The only positive forecast I could find was the fact that our threat detection capabilities are predicted to highly improve because of AI and automation.
Dragging my feet (in reality, I was dragging my eyes), I moved on to my last report. Forrester’s “Predictions 2018: Cybersecurity”, which was also an insightful read, covering six predictions for both security and risk professionals.
So, let me summarize for you what the common “predictions” were.
Ransomware and the business of “Digital Extortion” will continue (since it has proved to be very lucrative), and predicted to target PoS devices next. IoT attacks will change from an “I want to cause chaos” to “I want to make money” model, where attackers will target OT, medical devices and vehicles.
For 2018, additionally there will be a last-minute scrambling to meet GDPR requirements. Further to that, blockchain will become the foundational technology for several security functions. Adoption of Cloud is set to increase, where the “Cloud Admin will be the new Domain Admin” (I really liked this sentence from the Forcepoint 2018 Security Predictions report, another I read). While Crime-as-a-Service will continue, with Ransomware-as-a-Service coming in first place. Last, but not least, Workforce Monitoring (aka Workforce cyber defense) will continue because privacy requirements will not outweigh the need to monitor workforces (hint: start looking into UEBA technologies and approaches); although this was a contradicting statement between two reports, it was still food for thought.
But, do not despair – dear security specialist – and look at the bright side of things: the security world and the emerging threats will always keep us all on our toes with nary a day of boredom. It also unites us all in a common cause of mitigating cybersecurity risks and decreasing their business impact. I believe it’s great to be in this profession!
By this, I wish everyone a happy new “security” year and may next year bring us all more AI technologies, more skilled resources, more collaboration and hence a more safe and secure cyber world!