Industry executives and experts share their predictions for 2018. Read them in this 10th annual VMblog.com series exclusive.
Contributed by Adi Dar, CEO and founder of Cyberbit
From The First Major Cyberattack on US Critical Infrastructure to New Forms of Ransomware
A recent study indicated that there are an average of 130
security breaches each year and that the annual number of security breaches is
increasing by 27.4 percent each year. In 2018, the volume, complexity, and
stakes of cyber-attacks will only continue to increase -- with malicious actors
capitalizing on the IT/OT/IoT convergence phenomenon to identify new attack
vectors and wreak more widespread havoc.
As we enter a New Year, here are my thoughts for what is on
the horizon for the cybersecurity landscape in 2018:
1. The probability is high
that we will see the first major cyberattack on US critical infrastructure.
We've already seen power grids and manufacturing plants in Europe attacked over the past two years --
and 2018 will likely be the first year when we will see a significant attack on
the United States critical infrastructure. In October, the FBI and DHS warned of advanced persistent threat activity targeting energy, nuclear,
water, aviation, construction, and critical manufacturing sectors. Critical
infrastructure companies are behind in preparing their operational facilities
to confront cyberattacks -- making them an easy target for
politically-motivated attackers.
2. We will see new and
creative forms of ransomware.
2017 saw a surge in ransomware attacks, with first appearances of
self-propagating ransomware spreading fast across hundreds of organizations. 2018 will see ransomware
not only perfecting their means of spreading, but also taking entirely new
forms, beyond the traditional method of encrypting hard drives.
With IT security technologies systems closing the gap in
preventing traditional encryption attacks, and with physical systems now being
more hackable than ever, new and more creative ways of ransomware attacks will
become mainstream -- such as taking elevators out of service, locking parking
garages, or turning up heating systems.
3. Security budgets will shift
significantly as they relate to size and allocation.
In 2018, security budgets will continue to increase and will be driven by
several factors:
-
The psychological impact of
large scale breaches, the devastating impact of Equifax and similar breaches,
and the personal impact on company executives drives a fear of being the "next
Equifax"
-
The expansion of the attack
surface, and the need to protect not only IT systems but also IoT and OT
systems - requiring new, specialized systems
-
The shortage in security
experts driving the need for more advanced systems replacing manual work
The most significant change in budget allocation next year will be
the shifting of budgets to outsourced security and managed services (MSSPs), as
organizations can no longer allocate the staff to confront the volumes and
complexity of attacks. This volume and complexity coupled with the shortage in staff, will also move budgets from
traditional, preventive security to AI-based detection response and automation
technologies. This will reduce staff's workloads and increase efficiency.
4. Cybersecurity workforce
will go under the red line.
With over 200,000 US cybersecurity jobs unfilled, attacks growing
in volume, and the increased challenges in certifying cybersecurity
professionals, security staffing will reach a critical shortage, to the extent that
we will begin to see security operation centers (SOCs) left unstaffed.
An increasing number of organizations will be forced to outsource
their security operations, and cybersecurity salaries will continue to grow as
organizations will desperately seek to close the skill gap.
##
About the Author
Adi Dar, CEO and
founder of Cyberbit, is an experienced cybersecurity leader and chief executive
who has repeatedly lead the development and launch of successful products and
services in highly competitive markets. Previously, as CEO of ELOP (Israel's
largest Electro Optics company), Dar led the company's growth to over $500M
annual revenues. During this 6 year period, Dar also served as an Executive VP
at Elbit Systems, Israel's largest defense company. Prior to that he was the VP
of Business Development and Sales at ELOP. Before ELOP, he founded the
Intelligence and Cyber division at Elbit and was at the helm for 2 years. Prior
to his positions in Elbit Systems he was the vice president of business
development and marketing at Elron Telesoft Ltd. Dar holds a holds a B.Sc. in
industrial engineering from the Technion and an MBA from Tel Aviv
University.