Generally, predictions are tough, but even more so in the chaotic world of cyber security. The threat landscape is huge, offensive and defensive technologies are evolving rapidly, and nation-state attacks are increasing in terms of scope and sophistication.
This cyber “fog of war” makes it hard to see or assess every trend. For example, not many anticipated the rapid rise of cryptomining during 2018. In hindsight, this relatively easy to execute, lower risk way for cyber criminals to monetise their efforts should have been an obvious choice.
Still, a few things were called right: more automation of threat-detection processes, significant rise in attacks using compromised IoT devices, and the decline of trust in the face of rising cyber crime, to name a few.
Ransomware tapers off, but still wreaks havoc
Ransomware will taper off as criminals shift to other ways to generate revenue. The reason for the decline is that criminals are finding cryptojacking and other schemes are more effective money-makers. The number and quality of ready-made cryptomining tools means that criminals don’t need to be technically skilled.
More nation-state attacks
State-conducted or sponsored targeted cyber attacks on journalists, dissidents and politicians will continue to grow. Like-minded governments will turn a blind eye to such attacks on their own soil.
Multi-factor authentication will become the standard
Though far from a perfect solution, most websites and online services will abandon password-only access and offer additional required or optional authentication methods.
Spear phishing becomes even more targeted
Attackers know that the more information they have about you, the better they can craft a successful phishing campaign against you. One area where this may happen more is mortgage wire fraud, where home buyers are tricked into wiring closing fees to a rogue party by an email arriving from a trusted mortgage agent.
More required masters degrees in cyber security
Cyber security training will continue to mature, and certificates alone will no longer be enough to take the next step in a security professional’s career.