60 Cybersecurity Predictions For 2018
(government and critical infrastructure) Like death and taxes, there are only two safe predictions about
cybersecurity in 2018: There will be more
spectacular data breaches and the EU General Data Protection Regulation (GDPR) will go into effect
on May 25. But as the continuing digital transformation of our lives entails the ongoing digital
transformation of crime, vandalism and warfare, 2018 could also bring a lot of new takes on old v
ulnerabilities, some completely new types of cyberattacks, and successful new defenses.
The following list of 60 predictions starts with three general observations and moves to a wide range of cybersecurity topics: Attacks on the US government and critical infrastructure, determining authenticity in the age
of fake news, consumer privacy and the GDPR, the Internet of Things (IoT), Artificial Intelligence (AI) as a new tool in the hands of both attackers and defenders, cryptocurrencies and biometrics, the deployment of enterprise
IT and cybersecurity, and the persistent cybersecurity skills shortage.
IoT vulnerabilities will get more critical and more dangerous. Despite this, there will be no real changes in US law to regulate these devices. This isn’t a very risky prediction; Congress is currently incapable of
passing even uncontroversial laws, and any IoT regulation faces powerful industry lobbies that are
fundamentally opposed to government involvement. More interesting is what’s happening in Europe.
GDPR takes effect next year, and European regulators will begin to enforce it. The regulation has
provisions on security as well as privacy, but it remains to be seen how they will be enforced.
If Europe starts enforcing Internet security regulations with penalties that make a difference,
we might start seeing IoT security improve. If not, the risks will continue to increase—Bruce Schneier,
Sophisticated adversaries will leverage the granular metadata stolen from breaches like Equifax, OPM,
and Anthem, in precision targeted attacks that rely on demographic and psychographic Big Data algorithms powered by machine-learning and artificial intelligence. Attackers will deploy armies of bots to propagate
the false narratives used to weaponize malicious fake news, inflate partisan debates, and undermine democratic institutions; meanwhile, they will launch multi-vector DDoS, ransomware, and malware campaigns to
impede critical infrastructure cybersecurity and national security. The demographic and psychographic
metadata will enable advanced spear-phishing operations against privileged critical infrastructure executives
and pervasive Influence Operations against populations—James Scott, Senior Fellow, Institute for Critical Infrastructure Technology
We’re going to see more attacks that attempt to subvert two-factor authentication, as sophisticated
attackers set their sights on two factor authentication-protected accounts and use flaws in SS7 to redirect
SMS text messages. In addition, software supply chain attacks like the MEDocs compromise with NotPetya
will be more prominent—Paul Roberts, The Security Ledger
Attacks on the US government and critical infrastructure
A nation-state sponsored group will commence a 5-day long DDoS attack against a critical US government (non-DoD) agency, shutting it down in order to show their strength—The Cyber Avengers