Light Dark
December 14, 2017 By Caleb Barlow 3 min read
X-Force
Artificial Intelligence
CISO
Identity & Access
Incident Response

On Dec. 31, we’ll close the books on a year that will go down in history — not due to world events, scientific discoveries or pop culture happenings, but because of the record numbers of personally identifiable information (PII) exposed through major data breaches and cybersecurity events that happened throughout the year.

At the same time, rapid technology innovation caused companies across industries to rethink how they leverage digital tools such as artificial intelligence (AI), machine learning, augmented and virtual reality, and more into their operations. But with these changes — according to Gartner’s “Top 10 Strategic Technology Trends for 2018,” 40 percent of companies have already made progress in piloting or adopting AI solutions — there will also be new possibilities for cybercriminals to capitalize on vulnerabilities.

Five IBM Security Predictions for 2018

The confluence of these events is forcing industries of all types and organizations of all sizes to rethink how they secure information within their enterprises and learn from mistakes of the past. As we look forward to a new year with new resolutions, we also look at how the developments in both cybersecurity and technology, as well as new and emerging threats, will impact 2018.

We’re fortunate to have some of the best researchers in the security world on our IBM X-Force team. We polled them for ideas about major trends in 2018, and some unique perspectives emerged. Let’s take a look at the top five IBM Security predictions for 2018.

1. AI Versus AI

2018 will see a rise in AI-based attacks as cybercriminals begin using machine learning to spoof human behaviors. The cybersecurity industry will need to tune its own AI tools to better combat the new threats.

As AI software becomes more mainstream and/or open source, cybercriminals will adopt AI tools to not only automate and accelerate their current activities, but also to more closely mimic natural behavior for social engineering and phishing purposes. The cat-and-mouse game of cybercrime and security innovation will rapidly escalate to include AI-enabled tools on both sides.

2. Africa Emerges as a New Area for Threat Actors and Targets

Our IBM X-Force IRIS team thinks that Africa, with its growth in technology adoption and operations, rising economy and increasing number of local resident threat actors, has the largest potential for net new, impactful cyber events. In 2018, Africa will emerge as a new focus area for cyberthreats: Attacks targeting organizations based there and events originating from the continent are both expected to rise.

3. Identity Crisis

Data from the more than 2 billion records stolen in 2017 will be used at a scale never seen before. Legislation to curb the use of stolen data will move closer to reality and companies will move further away from using identifiers such as Social Security numbers (SSNs). Alternatives to SSNs could include blockchain identity solutions, smart ID cards or e-cards, biometrics or a combination of these methods. Companies will shift to more secure methods involving risk-based authentication and behavioral analytics.

4. Ransomware Locks Up IoT Devices

We’ll see a pivot from using ransomware to lock up desktop computers toward attacking Internet of Things (IoT) devices. Expect the ransom to be lower as fraudsters move to a volume play and find a price point that is less than the cost of just buying a new one for users.

Large organizations with deployments of IoT security cameras, DVRs and sensors will be especially impacted by the coming wave of IoT ransomware. Like the recent rise of ransomware attacks in the health care industry, cybercriminals will target infrastructure that could adversely impact operations.

5. Finally Getting Response Right

2018 will be the year in which we see a major company demonstrate a fast and appropriate response to a large-scale data breach or cyberattack, including effective communications to inform stakeholders within and outside the business of the impact.

With the implementation of GDPR in May 2018, organizations doing business in the European Union (EU) will face stricter regulations around the protection of data and must report data breaches to regulators within 72 hours (or face steep fines of up to 4 percent annual turnover) and potentially notify the customer as well. With these penalties in mind, organizations are placing greater emphasis on preparing their incident response plans, which, we hope, will lead to an overall improvement in the aftermath of a breach.

Expect the Unexpected in 2018

The cybersecurity landscape changes so quickly that I wouldn’t be surprised if something bigger emerges and knocks one of these security predictions off the list early in the year. We’ll have to wait and see what 2018 brings, but if 2017 is an indication of the trajectory cybercriminals are on, the security community had better rest up over the holidays.

Listen to the complete podcast: 5 security predictions that will take hold in 2018

Never miss a new episode of the Security Intelligence podcast! Subscribe now on iTunes, SoundCloud or your favorite podcast platform.

 |  |  |  |  |  | 
Caleb Barlow

More from X-Force
July 26, 2024

Hive0137 and AI-supplemented malware distribution

12 min read - IBM X-Force tracks dozens of threat actor groups. One group in particular, tracked by X-Force as Hive0137, has been a highly active malware distributor since at least October 2023. Nominated by X-Force as having the “Most Complex Infection Chain” in a campaign in 2023, Hive0137 campaigns deliver DarkGate, NetSupport, T34-Loader and Pikabot malware payloads, some of which are likely used for initial access in ransomware attacks. The crypters used in the infection chains also suggest a close relationship with former…

June 13, 2024

Q&A with Valentina Palmiotti, aka chompie

4 min read - The Pwn2Own computer hacking contest has been around since 2007, and during that time, there has never been a female to score a full win — until now.This milestone was reached at Pwn2Own 2024 in Vancouver, where two women, Valentina Palmiotti and Emma Kirkpatrick, each secured full wins by exploiting kernel vulnerabilities in Microsoft Windows 11. Prior to this year, only Amy Burnett and Alisa Esage had competed in the contest's 17-year history, with Esage achieving a partial win in…

June 6, 2024

X-Force discovers new vulnerabilities in smart treadmill

7 min read - This research was made possible thanks to contributions from Joshua Merrill. Smart gym equipment is seeing rapid growth in the fitness industry, enabling users to follow customized workouts, stream entertainment on the built-in display, and conveniently track their progress. With the multitude of features available on these internet-connected machines, a group of researchers at IBM X-Force Red considered whether user data was secure and, more importantly, whether there was any risk to the physical safety of users. One of the most…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature