Industry executives and experts share their predictions for 2018.  Read them in this 10th annual VMblog.com series exclusive.

Contributed by Rotem Iram, co-founder and CEO of At-Bay

Next Gen Cyber Attacks and Risk Management Programs

As 2017 comes to a close, the security industry has much to reflect on. With large-scale security incidents from WannaCry to NotPetya to Equifax making headlines, businesses have seen the significant impact that these incidents can have on their bottom lines. As we look ahead to 2018, attacks will become more sophisticated, but businesses will also become smarter about preparing for and defending against future attacks.

In the last year, we've seen a number of large-scale, but relatively unsophisticated, ransomware attacks impacting organizations such as Maersk and FedEx . A survey conducted by At-Bay this year found that respondents expressed the least amount of confidence in their ability to stop a significant ransomware attack compared to other types of cyber-attacks. And, one of the most significant impacts of these attacks is businesses interruption. In the survey, 69 percent of respondents stated they were very or completely concerned about the business interruption impact from a ransomware attack.

These concerns were well-founded. In the last year, the impact of these simple, non-targeted ransomware attacks was extremely significant in terms of financial loss and business downtime. 

As we look ahead to 2018, we anticipate ransomware attacks will become more sophisticated and that we'll see the emergence of more large scale advanced persistent threats (APT) ransom events that will specifically target large enterprise organizations. 

The more sophisticated the attack, the greater the potential impact on the business's bottom line. Therefore, businesses will be more apt to pay much higher ransoms to avoid reputational damage and the impact of downtime. We may even see our first million dollar ransom payment in the new year.

Traditional security measures won't be adequate to protect against and mitigate the impact of tomorrow's advanced threats. Businesses will look to new approaches to combat these threats. Additional internal stakeholders will be brought into the conversation about enterprise security, especially as incidents like Equifax and Uber demonstrate the serious impact that major attacks can have on the business and its key executives. In 2018, CISOs and CFOs will increasingly work together to develop a comprehensive cyber risk management program that includes a mix of investments in security technology, security operations and cyber insurance. By investing in technology that allows them to mitigate the potential impact of tomorrow's threats, business leaders can focus instead on their core business goals to ensure a brighter 2018.

##