Cybereason Deems 2018 ‘The Year of the Defender’ in its 2018 Cybersecurity Predictions Report

Share Article

Cybereason's 2018 Cybersecurity Predictions Report has been released. Titled 'The Year of the Defender' Cybereason believes that defenders have made enough progress in 2017 to defend against cyberthreats that adversaries could be on the run a lot more in 2018.

Cybereason, creators of the leading cybersecurity data analytics platform including endpoint detection and response, next-generation antivirus, and active monitoring services, today issued a new report titled ‘The Year of the Defender’ detailing its five most significant cybersecurity predictions for 2018.

2017 has been a year filled with global ransomware attacks, nation-state attacks and thousands of damaging breaches sparing very few large enterprises, small businesses and consumers. So why is Cybereason cautiously optimistic about the possibility of Defenders improving their security hygiene in 2018? There are many reasons, including:

Organizations have made small, yet meaningful strides around reducing the number of days to identify and contain a breach, according to the Ponemon Institute’s 2017 Cost of Data Breach Study. In 2017, organizations took an average of 191 days to identify a breach, down from 201 in 2016. Meanwhile, containing a data breach took 66 days, compared to 70 days.

Fileless malware attacks, particularly those attacks that leverage PowerShell and WMI are here to stay. The increase in attacks has prompted a change in detection capabilities, solutions and share of mind. Cybereason believes that there is no better time to improve the way teams handle fileless malware attacks and is optimistic that we will see this shift in 2018.

Damaging ransomware attacks such as WannaCry and NotPetya made cybersecurity a board-level priority in 2017. During earnings calls, C-suite executives from global corporations discussed how NotPetya impacted quarterly and yearly revenue. As a result, Cybereason expects that this shift in prioritization will further empower the defender in 2018.

General Data Protection Regulation (GDPR), a new E.U. regulation that governs how businesses protect the data and privacy of E.U. citizens will impact all global organizations. The major fines companies will bear in case of a data breach will makes security a hot topic for board rooms, who will try to minimize the risk of a financial loss.

Cybereason’s Cybersecurity Predictions Webinar
On Tuesday, December 14, 2:00 pm ET, Cybereason’s CSO, Sam Curry, and Senior Marketing Director, Lital Asher-Dotan, will host a webinar focused on the company’s five 2018 predictions. To register, visit:

Additional 2018 Cybersecurity Predictions

Supply Chain Attacks Increase and Remain Under Reported
There were many publicized supply chain attacks this year, including M.E.Doc (leading to NotPetya), Kingslayer, CloudHopper, CCleaner, ShadowPad and PyPi.

The rise in mega data breaches shifted the economics of private data, credit card and medical records data sold over the dark web. As their prices dropped, cyber criminals are now being pushed to look for efficiencies in their hacking operations. Cybereason believes that this dynamic will lead to an increase in supply chain attacks in 2018.    
Hackers will use third-party software vendors as an effective spread mechanism to gain access to multiple targets at once, increasing the effectiveness of their hacking operations.

Destructive Attacks Do Not Let Up
In 2018, destructive attacks (those that look to wipe out data on a computer instead of holding it for ransom) will increase. June’s NotPetya attack exemplifies this type of attack. Companies lost an estimated $1.2 million in revenues as a result of the attack. These attacks are relatively easy to execute, while causing a relatively high damage, making them attractive to less sophisticated players as well as some nation-state actors that use them as part of their operations.

The Line Blurs Between APT Actors and Cybercriminals
2018 is the year in which the lines between nation-state players and other hacking groups become blurred. Leaked tools, techniques and knowledge from three letter agencies, makes advanced hacking a commodity. Many nation-state players outsource parts of their hacking operations to freelance hacking groups and lower-level cybercriminals groups, enabling them to up-level their game. In addition, nation state actors now use off the shelf, generic hacking tools to hide their tracks, making it hard to attribute a certain attack to a specific actor.

Fileless Malware Attacks Become Ubiquitous
Adversaries used fileless malware attacks, including PowerShell and WMI attacks frequently in 2017 and these are here to stay in 2018. There are many reasons for the popularity of fileless malware as an attack mechanism, including the abundance of free tools and scripts to execute malicious operations. Very few security tools are able to detect malicious fileless operations using PowerShell and WMI as they are embedded in the Windows OS. The good news is that as the popularity of these type of attacks increased, it finally wins security teams’ share of mind, and new protection, detection and response methodologies are underway.

About Cybereason
Cybereason, creators of the leading cybersecurity data analytics platform, gives the advantage back to the defender through a completely new approach to cybersecurity. Cybereason offers endpoint detection and response (EDR), next-generation antivirus (NGAV), and active monitoring services, all powered by its proprietary data analytics platform. The Cybereason suite of products provides unmatched visibility, increases analyst efficiency and effectiveness, and reduces security risk. Cybereason is privately held, having raised $189 million from top-tier VCs, and is headquartered in Boston, with offices in London, Tel Aviv and Tokyo.

Learn more:
Follow us: Blog | Twitter | Facebook

Media Contact:
Bill Keeler
Director, Public Relations
(929) 259-3261

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Bill Keeler
+1 929 259-3261
Email >
Visit website