Over the past few weeks, dozens of people have reached out to me with their cybersecurity predictions for 2018. Some prophecies are fairly obvious (ransomware will continue in 2018) while at the other extreme, some people are pushing doomsday forecasts aimed at garnering press hits (i.e., the US will suffer a cyber-attack in 2018 that knocks out the power grid for a substantial amount of time).
Here are a few predictions that fall between these extremes. I believe 2018 will feature:
- Cloud computing chaos (aka C-cubed). You’ve probably heard the old adage that change is the enemy of security. This axiom really sums up the issue with cloud computing security. Organizations are moving full speed ahead with cloud computing, deploying cloud-based technologies like VMs, containers, micro-services, and serverless applications across AWS, Azure, Google, IBM, and Oracle cloud platforms. Unfortunately, this is happening at an increasing pace that security teams simply can’t keep up with, especially considering the global cybersecurity skills shortage. According to a recently published ESG/ISSA research report, 29% of organizations have an acute shortage of cloud security skills. Because of these issues, ESG’s cloud security guru Doug Cahill tells me that organizations are not setting up the right security policies, processes, or controls for the cloud. This will inevitably lead to lots of easily-exploitable vulnerabilities, data breaches, and regulatory compliance violations. To alleviate this risk, CISOs will have up their game in 2018, work in lock-step with cloud developers and DevOps groups, surround cloud with the right policies, develop collaborative processes, and build a cloud security controls architecture.
- The rise of high-end security services. As cybersecurity grows increasingly complex, more and more CISOs I speak with are throwing in the towel and outsourcing various security tasks to MSSPs and SaaS providers. In the past, managed security services tended to be pedestrian in nature and this will continue, but look for new high-end/high-skills services designed for more sophisticated enterprise organizations. Some of these services are available today from vendors like Binary Defense, BitSight, Cisco, CrowdStrike, Digital Shadows, FireEye, Forcepoint, Spirent, Symantec, ThetaPoint, and others, but I expect a growing wave in 2018. What types of services? EDR, managed threat hunting, malware analysis, continuous penetration testing, threat intelligence analysis, etc. According to ESG research, 56% of organizations are implementing, planning, or interested in security as a service, so this could be a lucrative market.
- Security technology integration. In 2017, 21% of enterprise organizations said that integrating security technologies into a common architecture was one of their highest priorities, and this will only pick up steam in 2018. In fact, I believe that security operations and analytics platform architecture (SOAPA) will be a major enterprise theme throughout the year. A lot of this integration will center around single vendors and their product platforms/suites. This will cause large vendors like Cisco, IBM, McAfee, Splunk, Symantec, etc. to fill product portfolio holes, making 2018 a stellar year for M&A. Aside from these proprietary efforts, I believe that multi-vendor SOAPA efforts will also gain momentum. Look for a lot of action around data standards (CIM, JSON) and open source software like Apache Kafka.
- Machine learning technology. Artificial intelligence for cybersecurity remains trapped in a hype cycle mainly because too many vendors have pitched it as a panacea (note: It is not a panacea). In 2018, infosec pros will realize that machine learning is a very good “helper app” if it is applied to specific and well understood areas where we have ample data available for model building. In this way, I see machine learning’s role as assisting cybersecurity professionals rather than replacing people with robots. So, instead of standalone products, machine learning will sneak into enterprise security, riding on top and adding intelligence to existing tools like DLP, EDR, endpoint security software, network security analytics, SIEM, threat intelligence platforms (TIPs), etc. Bay Dynamics and Fortscale come to mind here as these firms have used their machine learning technologies to enhance the efficacy and efficiency of existing security tools.
- GDPR anarchy. By the end of the summer, we will see a frighteningly high GDPR fine ($10 million? $100 million?), which will serve as a wakeup call across the globe. Why the pessimism? ESG and other data indicates that many organizations are completely unprepared today and won’t be ready when GDPR takes effect next May. They don’t know where the sensitive data resides, haven’t built processes to audit the data, can’t meet the 72-hour disclosure cycles, etc. One UK reseller I spoke with compared GDPR to Y2K, saying that service providers are at capacity so if you need help with GDPR preparation, you are out of luck. As GDPR anarchy grips the continent next summer, look for the US congress to (finally) start engaging in serious data privacy discussions next fall.
I expect a lot of good and bad activity next year, so 2018 is bound to be a bumpy ride. More soon.