December 18, 2017 By Ted Julian 2 min read

2017 was action-packed in the world cybersecurity. Ransomware attacks exploded and the skills gap widened. But there were some bright spots too: Artificial intelligence is showing promise, and orchestration is helping analysts become more productive.

IBM Resilient’s Top Three Cybersecurity Predictions for 2018

Recently, I joined IBM Resilient’s Bruce Schneier, Gant Redmon and Maria Battaglia, along with Enterprise Security Group analyst Jon Oltsik, for IBM Resilient’s annual year-end webinar, “Cybersecurity in 2017 and the Year Ahead: The Fifth Annual Year-in-Review and Predictions Webinar.” During this webinar, we reviewed the biggest trends and lessons from 2017 and offered cybersecurity predictions for 2018.

We welcome you to watch the entire hour-long recorded discussion, but below are the top three cybersecurity predictions that emerged.

1. Internet of Things Attacks Will Make the News

The massive distributed denial-of-service (DDoS) attacks of late 2016 and early 2017 proved that internet-connected devices are a major security threat. With billions of connected devices globally, many of which regular people use daily, it’s more than likely that a serious attack could occur. 2018 seems poised to have the right combination of device proliferation, underlying vulnerabilities and bad-guy attention for Internet of Things (IoT) attacks to go to the next level.

2. Orchestration and Automation Will Be a Top Priority

To date, incident response orchestration and automation (O&A) efforts have been driven by early adopters opportunistically securing resources for these projects. In 2018, O&A efforts will gain line-item status in organizations’ security budgets. The early adopters will tout improvements from their initial deployments to gain support for expansion to facilitate additional use cases. Other organizations will try it for the first time and get hooked.

3. Businesses Will Rush to Prepare for GDPR

The European Union (EU)’s sweeping General Data Protection Regulation (GDPR) goes into effect in May 2018. While survey data varies, it’s clear that many businesses around the world are still unprepared. Given the enormous potential fines for noncompliance, companies will scramble. Unfortunately, those expecting to hire consultants to help might find such resources are already booked solid.

Don’t Let Your Guard Down in 2018

Whatever does happen in the cybersecurity realm in 2018, it’s likely to be just as action-packed as what we’ve seen in 2017. Vigilance will go a long way, but heightened security awareness is the best — and, perhaps, the only — protection against emerging threats that we can only begin to imagine today.

Watch the complete webinar: Cybersecurity in 2017 and the Year Ahead

More from Incident Response

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

What cybersecurity pros can learn from first responders

4 min read - Though they may initially seem very different, there are some compelling similarities between cybersecurity professionals and traditional first responders like police and EMTs. After all, in a world where a cyberattack on critical infrastructure could cause untold damage and harm, cyber responders must be ready for anything. But are they actually prepared? Compared to the readiness of traditional first responders, how do cybersecurity professionals in incident response stand up? Let’s dig deeper into whether the same sense of urgency exists…

X-Force uncovers global NetScaler Gateway credential harvesting campaign

6 min read - This post was made possible through the contributions of Bastien Lardy, Sebastiano Marinaccio and Ruben Castillo. In September of 2023, X-Force uncovered a campaign where attackers were exploiting the vulnerability identified in CVE-2023-3519 to attack unpatched NetScaler Gateways to insert a malicious script into the HTML content of the authentication web page to capture user credentials. The campaign is another example of increased interest from cyber criminals in credentials. The 2023 X-Force cloud threat report found that 67% of cloud-related…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today