|03 January, 2018

Technology: The five trends set to shape the cybersecurity market in 2018

Increased attacks against cloud services more likely as they grow in importance

Mobile phone cyber security concept with a person showing smartphone screen. Image for illustrative purpose. Authorities in several countries are investigating last week's $530mln heist involving the NEM cryptocurrency.

Mobile phone cyber security concept with a person showing smartphone screen. Image for illustrative purpose. Authorities in several countries are investigating last week's $530mln heist involving the NEM cryptocurrency.

Changes in cybersecurity are constant, and are often driven by new business trends or technology adoption, advances in threats, changes to regulations or new cybersecurity tools. However, given that none of these change on a predictable schedule, and that as humans we tend to look ahead each time we ring in the New Year, here are our top fivepredictions for cybersecurity in 2018.

1. Business reliance on cloud will drive increased direct attacks against cloud services
We will continue to see a rapid increase in the adoption of cloud-based Infrastructure-as-a-Service offerings for running business-critical applications on public cloud networks.

The elasticity of cloud-based services is attractive to businesses, and while the top tier of these services is designed and managed with security in mind, the promise of cost reduction means enterprises are not investing in the skills and tools required by IT operations to safely manage cloud applications.

Server administrators have been understaffed and underskilled, and daily news stories of misconfigured cloud services are highlighting the greater risks of cloud use, making such services attractive targets for cyberthieves.

2. Denial of service will become as financially lucrative as identity theft
In recent years ransomware attacks have caused as much, if not more, damage as crimes embarked on through identity theft, as increased reliance on distributed applications and cloud services results in massive business damage when cloud services are held hostage by attackers.


Pescatore: Spending on training cybersecurity staff may be more effective than boosting numbers.

3. Spending on more security staff or automation may not improve results
There are countless media headlines touting massive underemployment in cybersecurity but most businesses say they need more effective cybersecurity staff as opposed to more bodies. Similarly, hype around what can be achieved through “machine learning” or “AI” could yet again have been vastly overpromised as a technology that will eliminate or drastically reduce the need for experienced cybersecurity staff.

The real successes in cybersecurity have been where skills are continually upgraded, staff growth is moderate and next-generation tools are used to act as "force multipliers”.

4. Consumer advances in secure use of technology will drive workplace change
Phishing attacks continue to succeed because the vast majority of Windows PC users within businesses are still using reusable passwords. However, many consumers now routinely use biometric authentication on their mobile phones and 28 percent are using two-factor authentication on at least one personal account. Apple and Android mobile phones include advanced technologies like application control, privilege management and encryption that are rarely enabled on work PCs, meaning home users are often safer using their own technology than using office systems. Just as users have driven businesses to adopt technologies like the internet, Wi-Fi and smartphones, they will drive stronger forms of authentication at work.

5. Cyber-insurance policies will not demonstrate any actual reduction in business costs from cyberattacks
The high levels of business damage caused by cyberattacks has greatly increased an interest among company boards in managing risk via new cyber-insurance policies. However, for a variety of reasons, cyber-insurance does not bound liability in any way, and the payback very often doesn’t even cover the costs of premiums and deductibles if an incident does occur.

John Pescatore is director of emerging security trends at the SANS Institute, which is a company that was set up in 1989 offering research, education and training on information security.

Disclaimer: This article is provided for informational purposes only. The content does not provide tax, legal or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Read our full disclaimer policy here.

Our Standards: The Thomson Reuters Trust Principles

© Special Contributions 2018

More From 2017 Review - 2018 Outlook