Five Cybersecurity Predictions for 2018

Malte Pollmann is CEO of Utimaco.

As we begin 2018, cybersecurity issues are already dominating the headlines. With that in mind, here are five industry predictions we see evolving in 2018:

Post Quantum Cybersecurity Discussion Warms up the Boardroom

We’re already seeing the uncertainty of cybersecurity in a post-quantum world percolate in many circles, but this is the year the discussion will gain traction in the top levels of business. We also expect to see the topic of cryptographic agility (or crypto agility) gather more momentum with the heightened urgency to develop standards that drive post quantum cryptography (PQC) and how this impacts business moving forward.

Remember, no algorithm lasts forever. It’s not a matter of “if” it will be broken, it’s a matter of “when. As security experts grapple with preparing for a post-quantum world, top executives and business leaders will begin to genuinely consider what they can do to ensure all our connected “things” (cars, devices, infrastructure, etc.) remain secure. This questioning and testing of their ability to develop and implement an effective crypto agility approach are underpinning the key concerns of companies – irrespective of the industry and infrastructure, whether it’s an enterprise or consumer-related application.

In 2018, we’ll start seeing the discussion shift from questions to solutions. As a result, we expect the first of many customized, market segment (industry, or use case) specific crypto applications will be introduced to bridge the gap and offer the forward-looking ability to adapt to inevitable changing dynamics.

Blockchain: Moving Beyond Cryptocurrency? 

Blockchain has been one of the key buzzwords of 2017, and this trend shows no sign of slowing down in 2018. When looking to implement blockchain in the enterprise, many companies naively believe it is inherently secure thanks to its distributed nature. The reality is that adding transactions to a blockchain can be done without the use of digital signatures – and consequently obscure the true identity of the person adding a transaction – but this causes issues for the enterprise and other highly regulated industries where security around encryption key policy and management is a greater concern.

Interestingly enough, traditional technologies that blockchain was thought to displace, like Hardware Security Modules (HSM), have made a significant comeback and are aptly suited to secure the blockchain in the enterprise. Otherwise, blockchain – or parts of it – may remain secure in terms of recording transactions, but insecure in terms of recording and authenticating who initiated each transaction. To meet compliance and security goals, the signatures must be verifiable through a public key infrastructure (PKI). In 2018, expect to see more attention paid to HSMs in the enterprise driven by the rising interest in blockchain. 

Innovation Penetrates Deeper into Traditional Parts of Payment Market

Innovation in the payment and banking marketplace has typically involved adapting new technology to meet a shifting consumer demand. While there has been a growing divide inside these businesses, between the innovation hubs driving new technology and the traditional areas of the core business, we will start seeing this divide close as forward-thinking innovation makes a deeper push into the old guard.

As businesses look to streamline processes and incorporate more flexible technology – particularly on the security side – this means moving away from legacy equipment that is stifling modernization and implementing evolving technology that can handle the growing demands of digital payment, alternative payment technology, cryptocurrency, etc. all without adding unnecessary friction while ensuring strict security standards and regulatory compliance.

While All Eyes are on GDPR, Most will be Surprised by Changes in eIDAS

Next year is a big year for regulations in the European Union, most notably with the EU GDPR hitting full enforcement in May. It also marks the year when all member states of the European Union are required under the eIDAS regulation 910/2014 to recognize the electronic identifications (eIDs) of other member states. But it doesn’t just end at eIDs. Many businesses will be surprised that eIDAS changes in 2018 also entails electronic Trust Services – namely electronic signatures, electronic seals, time stamps, electronic delivery service and website authentication – will be recognized across borders and have the same legal status as traditional paper based processes. As the focus stays on GDPR readiness and compliance, expect more issues not to come from GDPR, but from implementing and recognizing the need for Trust Services.

Autonomous Vehicles are Advancing, and so are Security Challenges

In 2017, autonomous vehicles were just beyond the peak of the Gartner Hype Cycle, in the phase of “peak of inflated expectations”. The reality is that – on the security front – there is a lot of productive and constructive conversations going on behind the scenes. As industry standardization bodies concern themselves with the security requirements, more completely new, green-field companies are going to emerge with security product offerings that enable autonomous driving, all the while mergers and acquisitions in this market will flourish.

Expect proven technologies from other industries, such as the payment market, to play a role in the installation of the new infrastructure the autonomous vehicle industry requires. In this context, topics like post quantum cyber security play a role in taking a crypto agility approach. As we see advances in both vehicle-to-vehicle communication (V2V) and vehicle-to-infrastructure communication (V2I), the industry will find itself navigating financial regulations, for example, to ensure that connected vehicles can safely and securely execute transactions and simple payment processes when refueling/recharging at the (electrical) station, crossing toll stations or automatically billing parking tickets and purchasing apps or services as needed. Tie in EU GDPR and eIDAS for delivery fleets services crossing borders to complete their business objectives, and it gets even more complex. These upcoming regulations will no doubt lead to even more heavily debated issues around autonomous vehicles.

Industry Perspectives is a content channel at Data Center Knowledge highlighting thought leadership in the data center arena. See our guidelines and submission process for information on participating. View previously published Industry Perspectives in our Knowledge Library.