Annual poll: single biggest security threat of the year

What will be the single biggest security threat of 2018?

Our annual poll to find out what security professionals think the single biggest security threat of next year will be

Annual poll: single biggest security threat of the year

Show More
1 2 Page 2
Page 2 of 2

I expect 2018 will be the year that security teams become totally overwhelmed by the sheer number of threats they face – which could potentially have catastrophic implications, as a result, organisations will face the choice of either making millions of security experts appear from thin air – ISACA predicted there’d be a shortage of two million by 2019 – or find alternative ways to use advanced intelligence, analytics and automation to deal with this critical problem.

Piers Wilson, Head of Product Management at Huntsman Security

Non-malware attacks

These file-less attacks are capable of causing havoc and stealing data by using approved, native operating system tools, such as PowerShell.

Mike Viscuso, Co-Founder and CTO at Carbon Black

File-less malware

This type of malware operates by appending the attack to legitimate services and remaining in the memory portion of devices. 

Raef Meeuwisse, ISACA governance expert and author of Cybersecurity for Beginners

Other responses

The cryptocurrency bubble

With values continuing to climb, we are likely to see ‘normal’ people inflate the bubble and provide the demand for cybercriminals to supply the market with precious cryptocurrency. 

Josh Mayfield, Platform Lead of Immediate Insight at FireMon

Lack of accountability

Next – instead of working hand-in-glove with a security services provider to protect customer data – too many of them will simply buy cyber-attack insurance, which is really just about passing the buck and does nothing to address the actual problem.

Srinivasan CR, Senior Vice President of Global Product Management & Data Centre Services at Tata Communications

Security misinformation

Quite a few vendors are reducing the information they provide, while many individuals and the media are overhyping issues presented to the masses – this combination will eventually create a perfect storm of security misinformation that will cause issues that are actually critical to be overlooked.

Tyler Reguly, Manager, Vulnerability and Exposure Research Team at Tripwire

The Basics

Even after all the publicity from incidents such as WannaCry, and with GDPR incoming, we still see a lack of basic cyber hygiene in the public and private sectors, as well as from individuals.

Vince Warrington, Director at Protective Intelligence 

Packaged attacks for sale on the dark web

These readily available vulnerabilities are already known to the security community and the best possible defence is to patch all devices as soon as possible and use some sort of vulnerability management.

David Fearne, Technical Director at Arrow ECS

Communications systems

The key takeaway from the recent, major data leaks is that our communications systems are not secure.

Rick McElroy, Strategist at Carbon Black

Assuming that they are secure

Minimising the exposed ‘skin’ of a business through good practice and technology goes a long way, but planning for when the unthinkable happens is also key.

Mike Simmonds, CEO at Axial System

Squirrel syndrome

This is the ability of companies to be easily distracted by the latest bright and shiny security threats, resulting in a failure to concentrate on key security issues and adequately protect data.

Ian Kilpatrick, EVP of Cyber Security for Nuvias Group

New biometric technologies create new attack surfaces

There will be widespread adoption of machine-learning based facial recognition tools as many companies follow in the footsteps of technology giants such as Apple.

Barry Shteiman, Director of Threat Research at Exabeam

Unsanctioned enterprise messaging

As unsanctioned messaging platforms like Slack and HipChat spread, they enable rapid communication and file sharing, obviating the need for conventional tools like email and causing IT to lose visibility and control over corporate data.

Mike Schuricht, VP of Product Management at Bitglass

Half-hearted approach to risk

The biggest security threat will remain our half-hearted approach to this very real risk.

Oz Alashe, CEO at CybSafe

Shadow IT

The most important threat comes from unauthorised technology installations by users, also known as Shadow IT - a major challenge for IT departments worldwide, increasing the attack surface of organisations and exposing them to serious cyber risks not to mention the risk of severe financial penalties following incoming regulation like GDPR.

Matt Middleton-Leal, General Manager of EMEA at Netwrix

Failure to monitor the security in the software development lifecycle

The biggest threat will be for organisations who fail to monitor the security in the software development lifecycle within the whole context of a client’s coding and IT infrastructure – the move towards open source tools and libraries created by third parties means IT suppliers need to build in a fail-safe approach to avoid exposing their software to vulnerabilities or breaches created much lower down the chain.

Phil Lea, Head of Security & Compliance at Advanced


Email will continue to be the biggest security threat in 2018 as it is the easiest and lowest risk way to directly attack employees with phishing, ransomware, and impersonation attacks.

Steve Malone, Director of Security Product Management at Mimecast


I think the biggest threats will be against “co-processors” (i.e. the chips that control things like cellular and Wi-Fi radios, instead of doing the main processing).

James Plouffe, Lead Solutions Architect at MobileIron


The biggest problem in a lot of the affected organisations has been patching old, well-known vulnerabilities.

Neil Anderson, Director of Security Services at Assure APM

Nothing will change  

A new calendar year will not see breaches suddenly cease, or board members waking up to the threats they face.

Chris Pogue, Head of Services for Security and Partner Integration at Nuix.

Supply chain attacks

This is where software used widely by enterprises will be back-doored and operate as Trojans into corporate and enterprise environments.

John Bambenek, Threat Intelligence Manager at Fidelis Cybersecurity

Bricking of systems

Bricking of systems will be a 2018 trend as hackers effectively turn expensive hardware from modern computing devices to nothing more than inert mass. Examples of this include destruction-ware, some bios attacks, router attacks and anything that basically breaks computer and network hardware.

Sam Curry, CSO at Cybereason

False information influencing things other than the democratic process

2018 will see the increase in targeted attacks from nation state actors to industry, with more of a focus on financial gain than political or military advantage.

Joep Gommers, CEO at EclecticIQ

Voice channel fraud 

Human beings at the end of the phone line are an enormous data security risk.

Ben Rafferty, Global Solutions Director at Semafone

Exfiltration of data from cloud-based storage will accelerate

Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) attacks will see massive tranches of data from organisations being taken from the cloud, without IT/security team even knowing.

Matt Walmsley, EMEA Director at Vectra

Lack of strategy 

The single biggest security threat of 2018 will be the failure of businesses to implement a structured cyber security strategy.

Steven Kenny, Business Development Manager for Architecture and Engineering at Axis Communications

Evolution of the bad guys

The biggest cybersecurity threat in 2018 will be the speed with which the bad guys are evolving, which means that tried and tested cybersecurity defences are no match – the only way to remain protected is to adopt a dynamic approach to cybersecurity.

Maninder Singh, Corporate Vice President & Global Head of Cybersecurity at HCL Technologies

Target will evolve

Attack types will not change, rather the target of the attacks will evolve. 

Ryan Wilk, VP at NuData Security

Broken software

Broken software is by far the biggest security threat on planet earth right now. 

Dr Gary McGraw, Vice President of Security Technology at Synopsys


Our recent Security in Enterprise research showed that 47% of organisations had experienced some form of malware or ransomware attack in the last two years, facilitated by the rise in unknown malware - I fully expect this will continue to be one of the biggest threats of 2018.

Shane Grennan, Director Regional Accounts for UK&I at Fortinet


The biggest security threat in 2018 will be the lack of discipline in both patching known vulnerabilities and analysing application systems for security-related weaknesses.

Bill Curtis, SVP and Chief Scientist at CAST and Executive Director at the CISQ (Consortium for IT Software Quality)


Cyberattacks are barely out of the news at the moment, and when conducting an M&A deal or other business-critical transaction, confidentiality and data integrity is of the utmost importance – meaning that all of the sensitive documents associated with a project need to be adequately protected.

Gary McKeown, Group Managing Director at Imprima

Compromised development environments

Hackers are going to the source, modifying standard software development tools in order to seed new applications with malware.

Gerhard Oosthuizen, CIO at Entersekt

Software supply chain

The biggest risk for 2018 is your software supply chain.

Josh Zelonis, Senior Analyst at Forrester

Lack of understanding of risk

The biggest threat to most organisations will continue to be a lack of understanding of where they have actual risk in their organisation, and the misallocation of security resources that generally results from this lack of understanding.

Jim Hietala, VP of Security at The Open Group

Large-scale data breaches

Public awareness and scrutiny of data breaches and how secure their data is will shift next year—not just because there will be more large-scale breaches, but because reporting rules will change thanks to GDPR.

Thomas Bostrøm Jørgensen, General Manager for EMEA at AllClear ID

Cyber security complacency

The biggest security threat that will hit businesses will continue to be attitudes in relation to cybercrime - the 'it will never happen to me' view; every year our DBIR shows that the same tactics - from phishing emails to the exploitation of weak passwords - keep succeeding; until people learn from the cyberattacks that are taking place across their industries and start to educate employees and change their behaviour, the oldest threats will continue to be disruptive.

Laurance Dine, Managing Principal of Investigative Response at Verizon

Open source management

The failure to properly manage and secure the open source components making up increasingly large portions of commercial and custom software will be one of the most significant cybersecurity threats to organisations in 2018.

Mike Pittenger, VP Security Strategy at Black Duck Software

1 2 Page 2
Page 2 of 2