Top 5 cyber security predictions for 2018

If 2017 has shown us anything, it’s that even major organisations can come to a grinding halt due to cyber security attacks.

This message probably won’t come as a surprise to many businesses. After all, several big-name brands have suffered embarrassing data breaches in recent years, causing significant financial and reputational damage.


What makes this year unique is the scale and relative simplicity of attacks that hackers are using. Specifically, the WannaCry and Petya ransomware viruses had a serious global impact, despite their unsophisticated methods.


Global management consultancy McKinsey & Company arguably summed up the situation best when it said: “Imagine if the attackers actually had their acts together.”


So what cyber security trends can we expect to see next year? We’ve scoured the latest analysis and predictions to bring you a selection of expert opinions for 2018.

1. Active-defence cyber security models

Many organisations have relied on a reactive approach to cyber security, hoping their systems will mitigate the majority of threats and only require them to deal with the rare attacks that breach defences.


However, McKinsey noted that organisations will need to shift towards more active methods of defending themselves. The firm said this is an intelligence-heavy, data-driven process, which comes at a cost.


But the active-defence model enables businesses to detect and handle attacks in real-time. Some companies use traps and dummy environments to draw in cyber criminals, which diverts them away from sensitive assets, while also allowing the business to gain intelligence from the hackers.

2. Ransomware turns to point-of-sale systems

Ransomware was arguably the cyber security threat of 2017, and Forrester Research believes criminals will evolve their attack patterns in order to continue monetising hacking efforts in this area.


Until now, ransomware has traditionally been used to prevent businesses from accessing core data, which is then restored (or not, as the case may be) once the victim pays a ransom. But point-of-sales (POS) systems at retailers could become a new target for 2018.


Forrester said end-to-end encryption and other techniques have prevented card scraping and other criminal activities at the POS, yet ransomware could provide a new avenue to exploit.

3. Hackers target the cloud

Cloud computing has been in the ascendency for several years. In May, the Cloud Industry Forum found that 88 per cent of businesses in the UK use these services, with 68 per cent expecting to boost cloud adoption over the following year.


Security has always been a rollercoaster ride for the cloud. In the technology’s nascent stage, businesses were wary of handing over sensitive data and systems to third-party providers, but security concerns have lessened in recent years as the cloud hit its stride.


Gartner feels these issues will come to the fore again in 2018 due to the ubiquitous nature of the cloud and the fact it is reaching maturity. The IT firm advised businesses to consider cloud security guidelines, as well as cloud decision models for identifying and preventing risks.

4. The threat of the Internet of Things

Smart devices are becoming commonplace in the home, as central heating systems, Amazon’s Echo and various connected kitchen appliances provide an added layer of convenience for consumers.


Businesses also take advantage of these technologies and are unaware that products are often insecure by design, according to the Information Security Forum (IFM). The IFM said they provide significant opportunities for hackers who want to circumnavigate system defences.


Meanwhile, the proliferation of data these devices collect could also cause problems for businesses gathering information from consumer devices. Keeping track of all this data will be difficult, with breaches and transparency violations likely to draw the attention of regulators.

5. GDPR compliance

The GDPR – or General Data Protection Regulation – comes into force in May next year, and businesses that fail to comply risk fines of up to €4 million (£3.51 million) or four per cent of revenue, whichever is higher.


Consequently, data breaches take on a new significance from 2018 onwards. The Register revealed that Information Commissioner’s Office penalties from 2016 would have been 79 times higher if the GDPR rules were applied.


For example, TalkTalk paid £400,000 for security failings last year, but a similar incident would cost the firm £59 million from May. Some fines could put smaller or struggling organisations out of business.

Optimising cyber security defences for 2018

These are just a handful of the cyber security predictions for next year.


Preparing a comprehensive strategy to combat potential threats is an evolving challenge that businesses must continue to revisit as new risks present themselves.


Ensuring you have highly skilled security teams in place should be a crucial part of your defences, yet our research recently revealed that 62 per cent of managers believe their departments are under-resourced.


Make building your cyber security capabilities a professional New Year’s resolution for 2018. Discuss your security and resilience staffing needs, please contact a Barclay Simpson consultant today.


Our 2017 Compensation and Market Trends Report combines our review of the prevailing conditions in the security & resilience recruitment market together with the results of our latest employer survey.