[BreachExchange] Don't Miss These 5 Cybersecurity Trends in 2018

Audrey McNeil audrey at riskbasedsecurity.com
Tue Feb 27 18:45:48 EST 2018


The cybersecurity industry is a rapidly changing beast in which the good
guys and the bad guys are constantly trying to one up each other. As soon
as an exploit is discovered, white hat developers scramble to find a fix
while the black hats try to take advantage of it for profit - or sometimes
just for fun.

It's perhaps no surprise to know that these cyber-battles are happening at
a larger scale and at a higher volume than ever before. In fact, cyber
security has even become a major talking point in the mainstream media and
in government think tanks over the last twelve months or so thanks to the
high-profile WannaCry cyber-attack that was called "the biggest ransomware
offensive in history".

All of this combines into an exciting, dynamic industry in which the only
true constant is change. That said, there are several trends that are on
the rise and look set to continue, and that's what we're going to take a
look at today.

1.     AI and machine learning

Artificial intelligence (AI) and machine learning are two technologies that
go hand in hand and which allow us to interpret existing data in new ways
that were never previously possible. AI isn't about creating an army of
robots or even about creating virtual assistants like Siri and Alexa.
Instead, it's all about taking the huge amounts of data that we create on a
daily basis and then using it to arrive at conclusions.

For the cyber security industry, AI and machine learning could be used to
make complicated models and to use data to predict the future. It could
also be used to analyze huge amounts of information to look for weak
points, and researchers will be able to put it to good use to make their
work much more efficient. However, there's also a downside, which is that
cybercriminals could take advantage of the technology, too.

2.     Proactivity and preparation

If the WannaCry attack taught us anything it's that prevention is better
than the cure. In fact, the attack was described as "relatively
unsophisticated" and "easily preventable". Part of the problem was that
they still had machines running Windows XP. It wasn't until an attack hit
that they thought to protect themselves.

In many ways, it's understandable. The NHS isn't the only large
organization that struggles to update its systems because of corporate red
tape, but in the coming years we'll see these big outfits putting more and
more focus on proactively securing their infrastructure. They simply won't
be able to afford not to.

3.     New GDPR Regulations

The new General Data Protection Regulation (GDPR) will come into play in
May, and it's believed that as many as 80% of the companies that will be
affected by it will not be compliant. The new legislation is set to change
the way that companies can handle customers' information, and a variant
will be enforced in the United Kingdom after it leaves the European Union.

It's too early to tell how strictly these new regulations will be enforced,
but companies that are non-compliant could face fines and public shaming,
both of which can do a lot of damage to their share prices. Either way,
it's a good idea to make sure that you're compliant and to avoid any legal
complications down the line.

4.     Late adopters

As cybersecurity continues to grow mainstream and to command the attention
of consumers and companies alike, we'll continue to see late adopters
seeking out cybersecurity specialists to update their antiquated systems
and to bring them into the 21stcentury. This long tail represents a huge
amount of buying power, and when that makes its way into the market, it'll
help to increase its overall size.

This is good news for everyone, because that money can then be reinvested
into training and R&D to stay on top of viruses, loopholes and exploits.
And it's all par for the course as cybersecurity continues to mature and
becomes as important to modern companies as sales and marketing. Sooner or
later, they'll have no choice but to invest in it.

5.     The talent shortage

There's always been something of a talent shortage in the cybersecurity
industry, but at the same time people are starting to specialize. Those who
find a niche that they're skilled at will be able to charge a premium, and
they'll also find that customers and clients are seeking them out because
there's no real competition.

Meanwhile, companies will continue to struggle to find top-tier
cybersecurity specialists and many will need to turn to specialist agencies
to fulfill that need. But the agencies, too, will struggle to find top
talent, at least until the industry is big enough to support specialist
training programs, research centers and the rest of the infrastructure that
we'll need to train up more talent.


As you can tell, there's a lot happening in the cybersecurity landscape and
the challenge for both developers and the general public is to stay on top
of it. For developers, simply updating their software is not necessarily

That's why more and more webmasters and app owners are pushing people to
set up two-factor authentication. After all, if they can push people to
take steps to secure themselves, it takes some of the burden off suppliers
to ensure that they're fully compliant with the latest best practices.
Cyber security is like taking backups in that there's no such thing as
overkill. The more secure something is, the better.

In the end, the field of cybersecurity will always be a battlefield, with
black hat and white hat developers trying to outsmart each other. The bad
guys will always be looking for exploits and the good guys will always be
proactively hunting them down and fixing them. Just make sure that you're
one of the good guys.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180227/485c2bff/attachment.html>

More information about the BreachExchange mailing list