Like death and taxes, there are only two safe predictions about cybersecurity in 2018: There will be more spectacular data breaches and the EU General Data Protection Regulation (GDPR) will go into effect on May 25. But as the continuing digital transformation of our lives entails the ongoing digital transformation of crime, vandalism and warfare, 2018 could also bring a lot of new takes on old vulnerabilities, some completely new types of cyberattacks, and successful new defenses.
The following list of 60 predictions starts with three general observations and moves to a wide range of cybersecurity topics: Attacks on the US government and critical infrastructure, determining authenticity in the age of fake news, consumer privacy and the GDPR, the Internet of Things (IoT), Artificial Intelligence (AI) as a new tool in the hands of both attackers and defenders, cryptocurrencies and biometrics, the deployment of enterprise IT and cybersecurity, and the persistent cybersecurity skills shortage.
IoT vulnerabilities will get more critical and more dangerous. Despite this, there will be no real changes in US law to regulate these devices. This isn’t a very risky prediction; Congress is currently incapable of passing even uncontroversial laws, and any IoT regulation faces powerful industry lobbies that are fundamentally opposed to government involvement. More interesting is what’s happening in Europe. GDPR takes effect next year, and European regulators will begin to enforce it. The regulation has provisions on security as well as privacy, but it remains to be seen how they will be enforced. If Europe starts enforcing Internet security regulations with penalties that make a difference, we might start seeing IoT security improve. If not, the risks will continue to increase—Bruce Schneier, Schneier on Security
We’re going to see more attacks that attempt to subvert two-factor authentication, as sophisticated attackers set their sights on two factor authentication-protected accounts and use flaws in SS7 to redirect SMS text messages. In addition, software supply chain attacks like the MEDocs compromise with NotPetya will be more prominent—Paul Roberts, The Security Ledger
Read the source article at Forbes.com.