Information and cyber security: 5 trends to watch in 2018

By Richard Harpur

2020 is fast approaching, and while we don’t know all the new threats looming ahead, we do know the future is estimated to bring 1.5 million unfilled security roles. As companies struggle to protect against attacks, being aware of upcoming information and cyber security trends is key. 

Each of the last several years could be described as a milestone year for data breaches, with the sophistication and frequency of attacks growing dramatically. 2017 was no exception, and the world saw mega-breach disclosures, new threats and a multiplying number of attacks. 2018 data protection programs, as well as companies’ skill development programs, will need to keep pace with the following developments. 


1. Increasing automated attacks

Launching Ransomware or DDoS attacks is now a commodity activity. Provided you know where to procure such toolkits on the Internet, these attacks can be undertaken by anyone at very little cost.  As a result, 2018 will see an increase in widespread automated non-targeted attacks. 


2. More intense compliance surveillance (GDPR)

The General Data Protection Regulation comes into effect in May in Europe and will impact all organizations doing business with European citizens. The new law has placed data protection and security firmly on the agenda of all corporate boards. This year will see a continued increase in scrutiny of data protection with third parties. Other laws, such as the Payment Services Directive (PSD2), will also increase demand for compliance surveillance.


3. Reigning in IoT 

The Internet of Things is everywhere, from our home security systems to our refrigerators, and its influence is spreading. We’re living in a world that relies increasingly on the Internet to function, which means security is vital. 

From a security perspective, there’s a serious absence of common security practice in the development of these products. Enterprises will become more selective in the type of IoT devices they allow into their organizations, and a more formalized approach to approving IoT devices in the enterprise will become commonplace. We’ll see vendors start selecting their target market from low-grade consumer devices to enterprise-grade offerings. 


4. Cloud incidents

Application attacks, perimeter-less network risks and mobile workforces will all contribute to more security incidents in 2018. As in 2017, more organizations will experience a cloud storage incident, such as accidentally leaving private data exposed to the Internet. The proliferation of other web-based services, and the fact that workers are more mobile, will cause an increase in application-based security incidents. Enteprise security training in relation to cloud services needs to be a priority. 


5. The defender’s modus operandi

How organizations prepare for and respond to breaches will change. As the likelihood of experiencing an incident grows, organizations will realize that their response to a breach cannot be left to chance. At a broader level, there will be an increase in machine learning and Artificial Intelligence to help security responders focus their attention in key areas. Given the worldwide skills shortage of security workers, existing personnel will crave tools that will assist with improving efficiency. IDC estimate that the security solution spending will continue to be the fastest category of IT spending reaching $105 billion by 2020. 

Overall, security will continue to rely on existing tools, techniques and practices to defend enterprise networks. Greater compliance requirements will drive an increase in oversight of security practice, and skill insufficiency will remain a challenge—with upskilling and cross-skilling-focused security cultures being crucial to developing talent in this space.

About the author

Richard Harpur is a highly experienced technology leader with a remarkable career ranging from software development, project management through to C-level roles as CEO, CIO, and CISO. Richard is highly rated and ranked in Ireland's top 100 CIOs. As an author for Pluralsight - a leader in online training for technology professionals - Richard's courses are highly-rated in the Pluralsight library and focus on teaching critical skills in cybersecurity including ISO27001 and Ransomware. As a Certified Information Security Manager (CISM) Richard is ideally positioned and passionate about sharing his extensive knowledge and experience to empower others to be successful. Richard also writes extensively on technology and security leadership and regularly speaks at conferences. When he is not writing for his blog Richard enjoys hiking with his wife and 4 children in County Kerry, the tourist capital of Ireland. You can reach Richard on twitter @rharpur.