On Dec. 31, we’ll close the books on a year that will go down in history — not due to world events, scientific discoveries or pop culture happenings, but because of the record numbers of personally identifiable information (PII) exposed through major data breaches and cybersecurity events that happened throughout the year.

At the same time, rapid technology innovation caused companies across industries to rethink how they leverage digital tools such as artificial intelligence (AI), machine learning, augmented and virtual reality, and more into their operations. But with these changes — according to Gartner’s “Top 10 Strategic Technology Trends for 2018,” 40 percent of companies have already made progress in piloting or adopting AI solutions — there will also be new possibilities for cybercriminals to capitalize on vulnerabilities.

Five IBM Security Predictions for 2018

The confluence of these events is forcing industries of all types and organizations of all sizes to rethink how they secure information within their enterprises and learn from mistakes of the past. As we look forward to a new year with new resolutions, we also look at how the developments in both cybersecurity and technology, as well as new and emerging threats, will impact 2018.

We’re fortunate to have some of the best researchers in the security world on our IBM X-Force team. We polled them for ideas about major trends in 2018, and some unique perspectives emerged. Let’s take a look at the top five IBM Security predictions for 2018.

1. AI Versus AI

2018 will see a rise in AI-based attacks as cybercriminals begin using machine learning to spoof human behaviors. The cybersecurity industry will need to tune its own AI tools to better combat the new threats.

As AI software becomes more mainstream and/or open source, cybercriminals will adopt AI tools to not only automate and accelerate their current activities, but also to more closely mimic natural behavior for social engineering and phishing purposes. The cat-and-mouse game of cybercrime and security innovation will rapidly escalate to include AI-enabled tools on both sides.

2. Africa Emerges as a New Area for Threat Actors and Targets

Our IBM X-Force IRIS team thinks that Africa, with its growth in technology adoption and operations, rising economy and increasing number of local resident threat actors, has the largest potential for net new, impactful cyber events. In 2018, Africa will emerge as a new focus area for cyberthreats: Attacks targeting organizations based there and events originating from the continent are both expected to rise.

3. Identity Crisis

Data from the more than 2 billion records stolen in 2017 will be used at a scale never seen before. Legislation to curb the use of stolen data will move closer to reality and companies will move further away from using identifiers such as Social Security numbers (SSNs). Alternatives to SSNs could include blockchain identity solutions, smart ID cards or e-cards, biometrics or a combination of these methods. Companies will shift to more secure methods involving risk-based authentication and behavioral analytics.

4. Ransomware Locks Up IoT Devices

We’ll see a pivot from using ransomware to lock up desktop computers toward attacking Internet of Things (IoT) devices. Expect the ransom to be lower as fraudsters move to a volume play and find a price point that is less than the cost of just buying a new one for users.

Large organizations with deployments of IoT security cameras, DVRs and sensors will be especially impacted by the coming wave of IoT ransomware. Like the recent rise of ransomware attacks in the health care industry, cybercriminals will target infrastructure that could adversely impact operations.

5. Finally Getting Response Right

2018 will be the year in which we see a major company demonstrate a fast and appropriate response to a large-scale data breach or cyberattack, including effective communications to inform stakeholders within and outside the business of the impact.

With the implementation of GDPR in May 2018, organizations doing business in the European Union (EU) will face stricter regulations around the protection of data and must report data breaches to regulators within 72 hours (or face steep fines of up to 4 percent annual turnover) and potentially notify the customer as well. With these penalties in mind, organizations are placing greater emphasis on preparing their incident response plans, which, we hope, will lead to an overall improvement in the aftermath of a breach.

Expect the Unexpected in 2018

The cybersecurity landscape changes so quickly that I wouldn’t be surprised if something bigger emerges and knocks one of these security predictions off the list early in the year. We’ll have to wait and see what 2018 brings, but if 2017 is an indication of the trajectory cybercriminals are on, the security community had better rest up over the holidays.

Listen to the complete podcast: 5 security predictions that will take hold in 2018

Never miss a new episode of the Security Intelligence podcast! Subscribe now on iTunes, SoundCloud or your favorite podcast platform.

More from Artificial Intelligence

Data Privacy: How the Growing Field of Regulations Impacts Businesses

The proposed rules over artificial intelligence (AI) in the European Union (EU) are a harbinger of things to come. Data privacy laws are becoming more complex and growing in number and relevance. So, businesses that seek to become — and stay — compliant must find a solution that can do more than just respond to current challenges. Take a look at upcoming trends when it comes to data privacy regulations and how to follow them. Today's AI Solutions On April…

Tackling Today’s Attacks and Preparing for Tomorrow’s Threats: A Leader in 2022 Gartner® Magic Quadrant™ for SIEM

Get the latest on IBM Security QRadar SIEM, recognized as a Leader in the 2022 Gartner Magic Quadrant. As I talk to security leaders across the globe, four main themes teams constantly struggle to keep up with are: The ever-evolving and increasing threat landscape Access to and retaining skilled security analysts Learning and managing increasingly complex IT environments and subsequent security tooling The ability to act on the insights from their security tools including security information and event management software…

4 Ways AI Capabilities Transform Security

Many industries have had to tighten belts in the "new normal". In cybersecurity, artificial intelligence (AI) can help.   Every day of the new normal we learn how the pandemic sped up digital transformation, as reflected in the new opportunities and new risks. For many, organizational complexity and legacy infrastructure and support processes are the leading barriers to the effectiveness of their security.   Adding to the dynamics, short-handed teams are overwhelmed with too much data from disparate sources and…

What’s New in the 2022 Cost of a Data Breach Report

The average cost of a data breach reached an all-time high of $4.35 million this year, according to newly published 2022 Cost of a Data Breach Report, an increase of 2.6% from a year ago and 12.7% since 2020. New research in this year’s report also reveals for the first time that 83% of organizations in the study have experienced more than one data breach and just 17% said this was their first data breach. And at a time when…