2017 was action-packed in the world cybersecurity. Ransomware attacks exploded and the skills gap widened. But there were some bright spots too: Artificial intelligence is showing promise, and orchestration is helping analysts become more productive.

IBM Resilient’s Top Three Cybersecurity Predictions for 2018

Recently, I joined IBM Resilient’s Bruce Schneier, Gant Redmon and Maria Battaglia, along with Enterprise Security Group analyst Jon Oltsik, for IBM Resilient’s annual year-end webinar, “Cybersecurity in 2017 and the Year Ahead: The Fifth Annual Year-in-Review and Predictions Webinar.” During this webinar, we reviewed the biggest trends and lessons from 2017 and offered cybersecurity predictions for 2018.

We welcome you to watch the entire hour-long recorded discussion, but below are the top three cybersecurity predictions that emerged.

1. Internet of Things Attacks Will Make the News

The massive distributed denial-of-service (DDoS) attacks of late 2016 and early 2017 proved that internet-connected devices are a major security threat. With billions of connected devices globally, many of which regular people use daily, it’s more than likely that a serious attack could occur. 2018 seems poised to have the right combination of device proliferation, underlying vulnerabilities and bad-guy attention for Internet of Things (IoT) attacks to go to the next level.

2. Orchestration and Automation Will Be a Top Priority

To date, incident response orchestration and automation (O&A) efforts have been driven by early adopters opportunistically securing resources for these projects. In 2018, O&A efforts will gain line-item status in organizations’ security budgets. The early adopters will tout improvements from their initial deployments to gain support for expansion to facilitate additional use cases. Other organizations will try it for the first time and get hooked.

3. Businesses Will Rush to Prepare for GDPR

The European Union (EU)’s sweeping General Data Protection Regulation (GDPR) goes into effect in May 2018. While survey data varies, it’s clear that many businesses around the world are still unprepared. Given the enormous potential fines for noncompliance, companies will scramble. Unfortunately, those expecting to hire consultants to help might find such resources are already booked solid.

Don’t Let Your Guard Down in 2018

Whatever does happen in the cybersecurity realm in 2018, it’s likely to be just as action-packed as what we’ve seen in 2017. Vigilance will go a long way, but heightened security awareness is the best — and, perhaps, the only — protection against emerging threats that we can only begin to imagine today.

Watch the complete webinar: Cybersecurity in 2017 and the Year Ahead

More from Incident Response

5 Golden Rules of Threat Hunting

When a breach is uncovered, the operational cadence includes threat detection, quarantine and termination. While all stages can occur within the first hour of discovery, in some cases, that's already too late.Security operations center (SOC) teams monitor and hunt new threats continuously. To ward off the most advanced threats, security teams proactively hunt for ones that evade the dashboards of their security solutions.However, advanced threat actors have learned to blend in with their target's environment, remaining unnoticed for prolonged periods. Based…

Everyone Wants to Build a Cyber Range: Should You?

In the last few years, IBM X-Force has seen an unprecedented increase in requests to build cyber ranges. By cyber ranges, we mean facilities or online spaces that enable team training and exercises of cyberattack responses. Companies understand the need to drill their plans based on real-world conditions and using real tools, attacks and procedures. What’s driving this increased demand? The increase in remote and hybrid work models emerging from the COVID-19 pandemic has elevated the priority to collaborate and…

People, Process and Technology: The Incident Response Trifecta

Let's say you are the CISO or IT security lead of your organization, and your incident response program needs an uplift. After making a compelling business case to management for investment, your budget has been approved and expanded. With your newfound wealth, you focus on acquiring technology that will improve your monitoring, detection and analysis of data traffic. Has the incident program really improved by the technology acquisition, or is the uplift merely cosmetic? If no other changes have been…

Self-Checkout This Discord C2

This post was made possible through the contributions of James Kainth, Joseph Lozowski, and Philip Pedersen. In November 2022, during an incident investigation involving a self-checkout point-of-sale (POS) system in Europe, IBM Security X-Force identified a novel technique employed by an attacker to introduce a command and control (C2) channel built upon Discord channel messages. Discord is a chat, voice, and video service enabling users to join and create communities associated with their interests. While Discord and its related software…