In 2017, new trends in cybersecurity, the public cloud, and big data redefined the high tech landscape in ways that caught many companies off guard. As we contemplate what 2018 might bring, we thought it might be helpful to share some predictions for what might happen in the new year in these three increasingly critical areas. Below, in no particular order, is our list of nine predictions that might catch the industry by surprise if they actually manifest the way we are expecting.
1. A cyber-crime attack will take down a major company
Hackers today have the ability to cause enough financial harm to a major company that it may be forced to file for bankruptcy. It just hasn’t happened yet. We expect hackers to move beyond the goals of service outages or data compromises to target the crown jewels of many corporations – their intellectual capital. These assets will become more vulnerable unless cyber resources are shifted towards protecting their direct interfaces with customers and companies stop allowing highly sensitive data to be shared on low-security platforms like email.
To put the potential cost of these types of breaches in context: imagine having to re-run a three-year research program because the integrity of the results cannot be definitively proven? The cost to organizations of these types of cyber events could easily run into the billions of dollars.
We fully expect a concerted attack will take down a major corporation as their economic resources (and financial reserves) prove insufficient to recover - not just resulting in its CEO getting fired. The basis for the attack likely won’t be financial, but retribution for some corporate act that is widely perceived as negative. This year we saw boycotts. Next year we may well see attempts to eliminate the organization entirely.
We expect hackers to move beyond the goals of service outages or data compromises to target the crown jewels of many corporations – their intellectual capital.
2. Cyber events will move aggressively from specific to systemic
We expect active threats will morph aggressively from attacks on individual companies to systemic attacks on entire industries or the core infrastructure that the internet relies on (first the Mirai malware and now Reaper). These attacks are likely to focus on extortion attempts with economic gain as the goal. Companies will be forced to pay money to avoid being taken down via a massive denial of service attack (DoS) or to change their behavior and corporate strategies to advance societal or political agendas.
As an example, imagine an attack such as that which Sony absorbed, but targeted on the entire movie industry. We are already seeing systemic attacks on the entire infrastructure used to facilitate bitcoin trading, with multiple exchanges seeing DoS attacks in an attempt to manipulate the price of Bitcoin.
3. There will be a major machine-learning orchestrated cyber-attack
As machine-learning tools become more widespread, we expect that someone (likely a nation state) will deploy them to facilitate cyber-attacks. Imagine an artificial intelligence-based cyber-attack system that adapts its techniques as it identifies vulnerabilities, and then propagates that new knowledge immediately across a wide set of attack vectors before defensive systems can react. Scary doesn’t begin to describe this prediction, but since there was early evidence of machine-learning-based malware in 2017, it is likely things will escalate from here.
Of course, machine learning is already being deployed in cyber-protection systems and there has been press about the government researching how to use quantum computing to break strong encryption. So, this might become an arms race with artificial intelligence-based systems on both sides.
Perhaps we best start planning for the singularity, or reconsider the applicability of Isaac Asimov’s three laws of robotics: 1) a robot may not injure a human being or, through inaction, allow a human being to come to harm; 2) a robot must obey orders given it by human beings except where such orders would conflict with the First Law and; 3) a robot must protect its own existence as long as such protection does not conflict with the First or Second Law.
We expect the macro move to public cloud will take on Tsunami proportions in 2018.
1. Cloud ‘goes viral’
It was with mouths agape that we sat through the keynote address at the 2017 Amazon AWS conference in Las Vegas. The level of capability that is now available from AWS and the other public cloud providers has now exceeded that which even the largest corporations in the world can deploy. In addition to the nearly endless services you can rent in the cloud, the economics of getting out of the business of managing your own data centers are so compelling that it will be a rare Board that won’t be questioning when they will get to review a company’s cloud strategy.
Companies that lack a comprehensive cloud strategy are likely ceding advantages to their competitors. It isn’t about cost savings anymore. We expect the macro move to public cloud will take on Tsunami proportions in 2018.
2. The use of Cloud Access Security Brokers will grow
As companies start to heavily leverage public cloud in their infrastructures, they are going to struggle with the security implications of doing so. We expect third parties to step in to help secure the cloud, both as part of Managed Detection and Response (MDR) offerings but also by placing themselves and their security infrastructure between the internet and a company’s cloud hosted systems.
Essentially, they will deploy a very high, very thick wall between a company and its cyber enemies and manage all of the gates and doors. For many companies, it will be the only way they can secure their public cloud deployed capabilities.
3. Companies embrace “serverless”
In 2018, we predict many customers of cloud vendors will move from managing their own virtual servers to serverless offerings that scale as required and only charge for computing power that is actually used.
When the public cloud first became mainstream, it was used primarily for server replacement. Today, public cloud vendors are rolling out many of their capabilities using a serverless model, in which you only pay for usage. Examples include fully managed, region or world spanning databases in which you are charged for the amount of data stored and everything else, including performance management, disaster recovery, and backup is taken care of by the infrastructure. In 2017, we also saw the rollout of serverless machine-learning capabilities, virtual reality environments, data analytics platforms – the list goes on and on.
Some regulatory challenges exist with this model, but we believe they will be overcome.
We see 2018 as the year the massive database becomes possible for more and more companies.
1. Exabyte-sized databases will be used to drive business decisions
We see 2018 as the year the massive database becomes possible for more and more companies. Given the massive amounts of data created every single day, and the desire of companies to leverage that data to drive business analytics, train machine-learning models, and improve the speed of innovation, it is our expectation that Exabyte-sized databases (1,000,000 Terabytes) will start to become more common.
After all, today anyone with a large enough check book can create a world-spanning database on the public cloud, with minimal to no-expertise required.
2. Data quality issues will bite harder
As the databases grow, so does the challenge of data quality. Maintaining data quality throughout front-to-back processes has always been a secondary goal for large organizations, mostly because it is extremely difficult and requires a level of process maturity that most companies cannot meet. Yet, as you start to leverage that data to drive impact and innovation in your business, ensuring it is accurate becomes critical.
It is our expectation that in 2018, companies will finally start to put in place the governance frameworks their Chief Data Officers have been talking about for several years. The driver of this effort may be regulatory, but is more likely to be the process automation efforts and the propagation of machine learning across the enterprise. After all, if you are using poor quality data to train predictive machine-learning models, your models will accurately predict the wrong events. We don’t expect the c-suite to accept this outcome.
3. Companies will look to artificial intelligence to monitor employee conduct
A trend that developed in 2017 and shows no signs of abating is the often appalling behavior of the employees in a number of large, well-known corporations. Since company Boards don’t like to see negative stories splashed across major media outlets, it is our expectation that they will move to deploy active, adaptive employee conduct monitoring processes and systems.
Machine learning is fast emerging as a way to monitor core processes and predict failures before they happen. It is our expectation that large corporations will expand the data they collect on their employee’s activities and use it to train machine-learning models to spot conduct risk issues. This may sound a little Big-Brother and 1984 to many, but it may be the only way to get this trend under control. Call it Heisenberg’s Uncertainty Principle for employee conduct – the act of observing behavior will cause a change to that behavior.