ISACA Now Blog

Knowledge & Insights > ISACA Now > Posts > 2018 Predictions for Cyber Security

2018 Predictions for Cyber Security

Ravikumar Ramachandran, CISA, CISM, CGEIT, CRISC, CISSP-ISSAP, SSCP, CAP, PMP, CIA, CRMA, CFE, FCMA, CFA, CEH, ECSA, CHFI, MS (Fin), MBA (IT), COBIT-5 Implementer, Certified COBIT Assessor, ITIL-Expert & Practitioner, Account Security Officer, DXC Technology, India
| Posted at 3:02 PM by ISACA News | Category: Security | Permalink | Email this Post | Comments (3)

Ravikumar RamachandranWith rapid digitization and the inter-networked world leading to a huge data explosion combined with the relentless growth of transformative technologies, the importance of cyber security – now and in the future – is unquestionable.

As 2018 approaches, here are my top five predictions for cyber security in the coming year:

  • Huge demand for security professionals with evolving and grounded expertise
  • Stringent global regulations
  • Ransomware, DDoS attacks and cyber warfare
  • Explosion of threats, vulnerabilities and IoT
  • Privacy and ethics concerns for big data, and back to basics

Huge demand for security professionals with evolving and grounded expertise
Industry requires skilled cyber security professionals who can not only meet the current challenges, but also evolve continuously with the changing technology landscape and with the associated threats and vulnerabilities. Some of the top skills needed in the context of the evolving threat scenario are as follows:

  • Data analysis, data Governance and enterprise IT governance
  • Data analytics, data science and big data management
  • Cognitive computing and artificial intelligence
  • Strong knowledge to address ransomware and evolving IoT connectivity issues and mobile access
  • Application security and knowledge of defensive software engineering
  • Strong knowledge on regulatory guidelines

Stringent global regulations
General Data Protection Regulation (GDPR), an EU regulation, will become applicable to every country in the world in May 2018. Organizations that fail to comply can be fined up to 4% of annual global turnover or €20 Million (whichever is greater). This is the maximum fine that can be imposed for the most serious infringements, such as not having sufficient customer consent to process data or violating the core of privacy by design concepts. Given the serious implications, GDPR will be a priority for boards of directors around the globe.

Ransomware, DDoS attacks and cyber warfare
Ransomware, or categorized as crypto-ransomware, encrypts certain important files on the infected systems and forces users to pay ransom through online payment methods to get the decrypt key.  Normally payments are demanded in crypto-currencies like that of bitcoin; however, payment does not guarantee that files will be decrypted.

Ransomware has spread across the world and become a profitable business model. This trend will escalate, provided users don’t follow best practices and systems remain unpatched.

DDoS poses a serious threat to organizations worldwide, especially when they lack the resources and the bandwidth to handle the large network traffic. The threat of DDoS will be accentuated with the increased usage of Internet of Things (IoT) connected devices in the enterprise, which when left unsecured, can become pathways as well as slave nodes, and add to the DDoS traffic stream.

As a consequence, cybercrimes will flourish, which could be used by powerful nations to initiate and develop highly refined and targeted attacks against targets of national value belonging to other countries.

Explosion of threats, vulnerabilities and IoT
Due to exponential growth of innovative technologies, lots of new vulnerabilities will be introduced.  However, the highest risks will still come from well-known and well-understood vulnerabilities. SANS estimates that over 80 percent of cyber security incidents exploit known vulnerabilities. Gartner comes in much higher, estimating that “through 2020, 99 percent of vulnerabilities exploited will continue to be ones known by security and IT professionals for at least one year.”

As if this is not sufficient, Cisco estimates that IoT will account for nearly half of connected devices by 2020, as cars, refrigerators, medical devices and gadgets not yet imagined or invented will link in, which will lead to the tremendous growth of threats and vulnerabilities in 2018 and the years to follow.

Privacy and ethics concerns for big data, and back to basics
Too much data is entering enterprises, and with the advent of big data, organizations now come across new types and formats of data, many of which are not structured like that of traditional data. Various types of sensors generate data in various formats and in huge numbers to be monitored. Hopefully, GDPR will serve as a guide post for exercising compliance while leveraging big data.

More often than not, cyber security issues are due to internal processes and people. In 2018, organizations the world over must spend more on security awareness and training for their employees so that preventive measures are exercised by them and incidents are raised when required. Basic security hygiene such as the patching of servers and updating software versions will rightfully gain greater prominence.

Author’s note: The views expressed in this article are of the author’s views and do not represent that of the organization or of the professional bodies to which he is associated. 


Thank you

Very well defined predictions with great explanations. Thanks for sharing your predictions!

I would like to get more information about GDPR compliance issue. How, by whom, and when there will be checking process for making sure that organization is compliant with GDPR? Will there be any independent company/group/party responsible for GDPR compliance of all EU countries/organizations?
Vusal SALMANLI at 12/8/2017 1:08 AM

Digital Currency and blockchain

Dear Sir,

It would be great if you can help us by providing a small note of digital currency and blockchain please.

Thanks and best Regards,

Ijazul at 12/11/2017 1:18 AM



The article is very informative and summarize the challenges of next few years with regards to cyber security. However, I have a question whether GDPR will be applicable on all industries or to few segments of the industry? Secondly, who who will be having the authority to regulate the industry in compliance to GDPR?


Farhan Ali at 12/11/2017 4:23 AM
You must be logged in and a member to post a comment to this blog.