Over the past few weeks, dozens of people have reached out to me with their cybersecurity predictions for 2018. Some prophecies are fairly obvious (ransomware will continue in 2018), while at the other extreme, some people are pushing doomsday forecasts aimed at garnering press hits (i.e. the U.S. will suffer a cyber attack in 2018 that knocks out the power grid for a substantial amount of time).
Here are a few predictions that fall between these extremes. 2018 will feature:
- Cloud computing chaos (aka C-cubed). You’ve probably heard the old adage that change is the enemy of security. This axiom really sums up the issue with cloud computing security. Organizations are moving full speed ahead with cloud computing, deploying cloud-based technologies such as VMs, containers, micro-services, and serverless applications across Amazon Web Services (AWS), Microsoft Azure, Google Cloud, IBM cloud, and Oracle cloud platforms.
Unfortunately, this is happening at an increasing pace that security teams simply can’t keep up with — especially considering the global cybersecurity skills shortage. According to a recently published ESG/ISSA research report, 29 percent of organizations have an acute shortage of cloud security skills. Because of those issues, ESG’s cloud security guru Doug Cahill tells me that organizations are not setting up the right security policies, processes, or controls for the cloud. This will inevitably lead to lots of easily exploitable vulnerabilities, data breaches, and regulatory compliance violations.
To alleviate this risk, CISOs will have to up their game in 2018, work in lock-step with cloud developers and DevOps groups, surround cloud with the right policies, develop collaborative processes, and build a cloud security controls architecture.
- The rise of high-end security services. As cybersecurity grows increasingly complex, more and more CISOs I speak with are throwing in the towel and outsourcing various security tasks to MSSPs and SaaS providers. In the past, managed security services tended to be pedestrian in nature. This will continue, but look for new high-end/high-skills services designed for more sophisticated enterprise organizations.
Some of these services are available today from vendors such as Binary Defense, BitSight, Cisco, CrowdStrike, Digital Guardian, Digital Shadows, FireEye, Forcepoint, Spirent, Symantec, and ThetaPoint, but I expect a growing wave in 2018. What types of services? EDR, managed threat hunting, malware analysis, continuous penetration testing, threat intelligence analysis, etc. According to ESG research, 56 percent of organizations are implementing, planning, or interested in security as a service, so this could be a lucrative market.
- Machine learning technology. Artificial intelligence for cybersecurity remains trapped in a hype cycle — mainly because too many vendors have pitched it as a panacea (note: It is not a panacea). In 2018, infosec pros will realize that machine learning is a very good “helper app” if it is applied to specific and well-understood areas where we have ample data available for model building. In this way, I see machine learning’s role as assisting cybersecurity professionals rather than replacing people with robots.
So, instead of stand-alone products, machine learning will sneak into enterprise security, riding on top and adding intelligence to existing tools such as DLP, EDR, endpoint security software, network security analytics, SIEM, threat intelligence platforms (TIPs), etc. Bay Dynamics and Fortscale come to mind here, as these firms have used their machine learning technologies to enhance the efficacy and efficiency of existing security tools.