Virtualization Technology News and Information
One Identity 2018 Predictions: What to Expect Next in Cybersecurity

VMblog Predictions 2018

Industry executives and experts share their predictions for 2018.  Read them in this 10th annual series exclusive.

Contributed by Jackson Shaw, VP of Product Management, One Identity

What to expect next in cybersecurity

New cybersecurity issues seem to amass every day, as we watch new breaches occur weekly and wonder if we are next. As we head into 2018, there are a few trends and changes that are expected to shake up the cybersecurity landscape and, consequently, organizations will need to watch out for in order to protect themselves. Let's dive into some of these top trends.

Malware-as-a-service goes mainstream. Malware can make cybercriminals a lot of money, and they have figured out a way to make more -- by turning the tools they use into a commodity and selling them through affiliate programs. Criminals with little know-how can purchase malware kits that come with easy-to-use, single-line command scripts, making it simple for someone with just a little money and access to the cybercriminal underground to launch a cyberattack. These kits are already gaining popularity, and we anticipate they will become more sophisticated with new features, such as the ability to target specific groups or users and credential harvesting.

Shadow IT continues to loom. Organizations purchasing and using solutions without explicit approval from IT will continue to surge. Companies will focus more on context-aware security, giving them a basis for breach prevention, as well as investing in identity and application governance solutions. Organizations will need to integrate robust employee education and training programs on the dangers of shadow IT if they're going to have a chance at combatting it in 2018.

Firewalls and virus protection officially become obsolete. Cloud computing has rendered firewalls all but irrelevant, and, with the proliferation of zero-day virus signatures, virus protection is completely ineffective. Today, all an attacker needs are the stolen credentials of your user.  To protect your organization, traditional "defense in depth" -- firewalls, encryption, application barriers and the like -- will no longer cut it. In 2018, we'll see more and more organizations turn to an "identity in depth" approach to security, whereby they'll augment traditional forms of cybersecurity with modern, intelligent, and adaptive identity-centric solutions.

Legislation will become a main focus, but guidelines will lag behind. Globally, cybersecurity and cyber protection are gaining significant attention among lawmakers. GDPR is set to take effect in May 2018 and 27+ U.S. states having enacted cybersecurity-related legislation in 2017 alone. Also, The U.S. added the IoT Cybersecurity Improvement Act of 2017 that requires vendors make sure devices can be patched when security updates are available, don't use unchangeable passwords, and the devices are free from known vulnerabilities when sold. However, even with all this, because the rate of change and adoption within the industry is vastly outpacing regulation, we'll see a significant "knowledge vacuum," whereby there will be mass confusion around how to actually put these laws into practice. In 2018, businesses will increasingly turn to consultants to help provide the needed education, guidance and context around these new laws to ensure compliance.

At the center of all these trends is identity - the new top attack vector tying our defenses together. In 2018, businesses must being with renewing their focus on managing and securing identities in order to combat the cyber threats of today and take a step in the right direction of securing the cyber world of tomorrow.


About the Author

Jackson Shaw

Jackson Shaw is Vice President of Product Management for One Identity's Identity and Access Management product line. Prior to One Identity, Jackson was an integral member of Microsoft's Identity & Access Management product management team within the Windows Server Marketing group at Microsoft. While at Microsoft he was responsible for product planning and marketing around Microsoft's identity & access management products including Active Directory and Microsoft Identity Manager. Jackson began his identity management career as an early employee at Toronto-based Zoomit Corp., the pioneer in the development of meta-directory products who Microsoft acquired in 1999. Jackson has been involved in directory, meta-directory and security initiatives and products since 1988. He studied computer science and management information systems at the University of Ottawa. He is a long time member of the Association for Computing Machinery.  

Published Thursday, January 11, 2018 8:03 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<January 2018>