The 20 Best Cybersecurity Predictions for 2018 [Roundup]

threat hunting

Making predictions has become a tradition of sorts for many businesses and the cybersecurity community is notwithstanding.

The security community is filled with creative and prolific thinkers adept at battling a crafty adversary.  As a result, cybersecurity predictions for 2018 are both interesting and voluminous.

We’ve culled through hundreds of predictions published in the last few months and narrowed the number down to this list.  We’d be remiss if we didn’t offer some predictions of our own, and so we’ve listed those at the bottom.

Here are 20 of the very best cybersecurity predictions for 2018:

1) Ransomware grows into blackmail

“Ransomware will continue to be a threat and evolve, not to just encrypting data, but also to blackmailing data owners based on the content of the data. Nation state threats will continue especially where organizations work in geopolitical spaces, and hacktivists are a wild card based upon political issues.”

Healthcare IT News: 2018 Cybersecurity prediction: Extortion attempts, ransomware will proliferate

2) End users still the weakest link

“Penetration through unpatched servers like in the case of Equifax will happen, but hackers will continue to target end users with more sophisticated phishing and targeted malware taking advantage of unpatched desktops where clients have far too many privileges. Again, don’t take your eyes off the end users.”

BeyondTrust: Cybersecurity predictions for 2018 (+ 5-Year Predictions, too!)

3) Identify verification services expand to banks

Forrester predicts that in 2018, we will see an expansion of identity verification services to large banks such as Bank of America, Capital One, Citi, and Wells Fargo. Researchers also said that customers will be able to use bank-issued credentials to log into government services. Blockchain will also likely emerge to help verify identities based on federated, consortium-based transaction data.

TechRepublic: Forrester’s top 6 cybersecurity predictions for 2018

4) Consumer IoT becomes a launch pad for bigger attacks

“With Google Home and Alexa becoming hot ticket items this holiday season, it’s only a matter of time before every house on your block is connected through the Internet of Things. While this provides an awesome level of convenience, it also makes stealing your personal information and gaining access to your home far too easy for potential hackers. Additionally, with the medical industry getting in on the IoT trend, patient records and medical information could be targeted more than ever. To make matters even scarier, IoT devices aren’t just vulnerable for personal reasons. Because of their vast network capabilities, IoT devices can be used for large scale DDoS attacks that can take down entire websites or other internet-based services.” –

Tech.Co: 3 Cyber security predictions for 2018

5) Worms make a rebound

“Worms will rear their ugly heads again as a popular method of fast propagation of malicious payloads. Worms can bypass the need to get past firewall and phishing controls, easily accessing the soft underbelly of the enterprise network. In the wake of worm attacks like WannaCry and copycats, enterprises will continue to struggle to get out in front of a worm progression moving at machine speed.”

DatacenterDynamics: 2018 cyber security predictions

6) Adversaries blend in among a crowd of bad actors

“In 2018, more threat actors will adopt plain-vanilla tool sets, designed to remove any tell-tale signs of their attacks. For example, we will see backdoors sport fewer features and become more modular, creating smaller system footprints and making attribution more difficult across the board. And, as accurate attribution becomes more challenging, the door is opened for even more ambitious cyberattacks and influence campaigns from both nation-states and cybercriminals alike.” (Credit: Kevin Livelli from our partners at Cylance)

MSSP Alert: Top 100 cybersecurity predictions for 2018 impacting MSSPs

7) Security emerges as part of product design

“Security-by-design will improve ICS security. Major companies will increase their demands that security be included in new automation equipment purchases. For example, encrypted software will be required for remote terminal units (RTUs). Cybersecurity certification will also grow and major automation vendors will have their products tested for the ISA Secure certification.”

Control Engineering: Five cybersecurity predictions for 2018

8) What you think you know may be the biggest risk

“Due to exponential growth of innovative technologies, lots of new vulnerabilities will be introduced. However, the highest risks will still come from well-known and well-understood vulnerabilities. SANS estimates that over 80 percent of cyber security incidents exploit known vulnerabilities. Gartner comes in much higher, estimating that “through 2020, 99 percent of vulnerabilities exploited will continue to be ones known by security and IT professionals for at least one year.” As if this is not sufficient, Cisco estimates that IoT will account for nearly half of connected devices by 2020, as cars, refrigerators, medical devices and gadgets not yet imagined or invented will link in, which will lead to the tremendous growth of threats and vulnerabilities in 2018 and the years to follow.”

ISACA: 2018 predictions for cyber security

9) Takeover of known tools to gain access

“Malwareless hacking attacks: attacks that abuse non-malicious tools or compromised applications to carry out their efforts will increase.”

PandaLabs: PandaLabs reveals its predictions for cybersecurity trends in 2018

Also see these related posts:
The Bricata Solution for Healthcare
10 Trends in Threat Hunting and Security Analytics
20 Staggering Statistics in Summing up the State of Cybersecurity

10) Battle of the bots: An arms race in machine learning emerges

“Machine learning can process massive quantities of data and perform operations at great scale to detect and correct known vulnerabilities, suspicious behavior, and zero-day attacks. But adversaries will certainly employ machine learning themselves to support their attacks, learning from defensive responses, seeking to disrupt detection models, and exploiting newly discovered vulnerabilities faster than defenders can patch them.

To win this arms race, organizations must effectively augment machine judgment and the speed of orchestrated responses with human strategic intellect. Only then will organizations be able to understand and anticipate the patterns of how attacks might play out, even if they have never been seen before.”

HelpNetSecurity: Five key trends to watch in 2018 as cybercriminals continue to innovate

11) Two-factor authentication in cyber cites

“We’re going to see more attacks that attempt to subvert two-factor authentication, as sophisticated attackers set their sights on two factor authentication-protected accounts and use flaws in SS7 to redirect SMS text messages. In addition, software supply chain attacks like the MEDocs compromise with NotPetya will be more prominent.”  (Credit: Paul Roberts)

Forbes: 60 cybersecurity predictions for 2018

12) Adversaries target endpoint antivirus software

In 2018, cybercriminals will target and exploit more security software. By targeting trusted programs and the software and hardware supply chain, attackers can control devices and wholeheartedly manipulate users. Hackers will leverage and exploit security products, either directly subverting the agent on the endpoint, or intercepting and redirecting cloud traffic to achieve their means. As these events become more publicly known, the public and business perception of security software, particularly that of antivirus solutions (AV), will further deteriorate.

Malwarebytes: Malwarebytes reveals 2018 security predictions

13) Sweet data in the supply chain

“The ISF has been raising the issue of the vulnerability of the supply chain for years. As the organization notes, a range of valuable and sensitive information is often shared with suppliers. When that information is shared, direct control is lost. That means increased risk of compromise of that information’s confidentiality, integrity or availability.

‘Last year we started to see big manufacturing organizations losing manufacturing capability because they were locked out and their supply was being affected,’ [Steve] Durbin says.” (Credit: Steve Durbin of the Information Security Forum)

CIO: 5 information security threats that will dominate 2018

14) Security policy sharpens focus on insiders

“If 2017 has taught us anything, it’s that people are still very much the weakest link when it comes to cyber security. As remote work adoption increases, so too will risk for cyber attacks. Companies will recognize more so that before that an employee with access to sensitive information in their network can sabotage the company if something goes wrong. In the case of negligent insiders, they may just leak their own credentials unknowingly providing a malicious cyber criminal access to your network.

Internal cyber security policy will likely be more rapidly adopted than before to accommodate the security needs of the company and exchange with remote employees. If employers are thinking with a security mindset, they can take these policies and apply them across their company. Expect more emphasis on user behavior analytics, permissions management, and video logs.”

IT Security Central: The Future of Work and Security: 5 Predictions for 2018

15) Breach of critical infrastructure faces mandatory reporting

“[Eddie] Habibi notes that the lack of a mandate to disclose attacks on corporations ‘continues to hinder accurate intelligence gathering and the development of targeted defensive strategies against an evolving threat landscape.’ He expects the U.S. will follow the European Union’s lead, and that Congress will begin to hold hearings that include mandating disclosures of cyber attacks within certain critical infrastructure industries.”

Automation World: Industrial Cybersecurity Predictions

16) Data becomes a liability rather than asset

“I expect to spend a lot of time in the next 6 months deleting unnecessary data and generally being very careful about what we store and where. It’s a defense in depth measure – the less you store the less you have to lose.

This applies across entire companies but, probably more importantly, on exposed assets such as web servers too. They should only have access to the minimum amount of data they need and nothing more. Why does a web server need to have access to someone’s SSN, for example? You may need it for other reasons, or your web server may need to collect an SSN once, but does it need to keep it?”  (Credit: Ross McKerchar)

Naked Security: 6 cybersecurity predictions (that might actually come true)

17) Platform agnostic ransomware emerges

“Ransomware is going to be platform agnostic and can lock people out of any device or system. The financial payment for ransomware is going to evolve significantly so that it will be as easy as clicking once to pay the ransomware. It will target time sensitive systems and events, so watch out if you are taking part in the World Cup next year as cyber-crime will always be looking for major events to trick and take advantage of people wanting to get access to their favourite sport or concerts. RansomScare will also be the next threat which will become a life and death situation unless a ransom is paid.”

Techspective: 5 Cybersecurity Predictions for Tomorrow’s Internet

18) CFOs demand smarter spending on IT security.

CFOs will begin to challenge investments in IT security, especially as businesses continue to be breached despite a sizable spend. The current investment level in security is increasing at rates many businesses will find unsustainable.  Corporations will favor smarter investments that provide better integration and augment the value of existing products in the security portfolio.


19) Network behavioral analysis emerges as a cornerstone

It’s not impossible to mask behavior, but it is harder.  If an adversary breaks into the network to steal data and then tries to leave with a big package of data – that activity will stand out against routine network activity.  Technologies to measure behavior and take an intelligent approach to packet capture and metadata around suspicious activity for incident response and investigation are well positioned for success in 2018.


20) Standalone IDS and IPS go back to the future, but better

The IT security perimeter continues to crumble on the heels of BYOD, cloud, shadow IT and other derivatives of the trend towards the consumerization of technology.  As the information worker taps more and more IT infrastructure outside of the traditional corporate firewall, intrusion prevention and intrusion detection, with multiple detection methods, becomes is re-emphasized as part of a layered security defense in depth in 2108.


* * *

What do you think?  Do you have a prediction you’d like to share?  Tweet us up: @BricataInc

If you enjoyed this post, you might also like:
3 Use Cases in Network Security Threat Hunting

Back to Blog

Bricata and Garland Technology Announce Partnership
Technology Partnership delivers total network visibility and threat hunting to accelerate detection and response
+ +