The Year Ahead: 2018 Security Preview

Back to Blog
November 28, 2017

2017 has brought a world of new cyber threats, from sophisticated ransomware attacks to cryptocurrency theft, to high-profile data breaches – too often connected to stolen or misused credentials. With the evolution of the cyber threat landscape, c-suite and IT professional decision makers are realizing that they must think differently about their cybersecurity strategies and methods if they expect to keep their organizations secure.  

In 2018, we expect to see…

More and more companies adopting “passwordless”

The passwordless journey truly began for businesses in 2017 and we expect the implementation of a passwordless security approach to continue and pick up momentum into 2018 and beyond. Going passwordless means minimizing the dependence on passwords as much as possible to further reduce the likelihood of credential-based attacks.

Passwordless is not a zero-sum game; it is not all or nothing. As companies move towards a passwordless model, they should start with cloud applications supporting SAML, and/or Active Directory and applications leveraging the Active Directory credential. Once the end-user population understands the value of not having to remember or manage passwords, companies can remove the password at the endpoint, which then makes the entire trust path more secure.

In 2018, we expect many organizations to start small with passwordless, targeting a certain set of systems and users, and then expanding out as their comfort level grows. Identity security products must be flexible enough to handle the long tail of legacy, and walk the organization into modern authentication practices such as passwordless.

Biometrics becoming a commonplace technology

Biometrics is already a very compelling topic in the security conversation, and we don’t expect that to change any time soon. Biometrics is here to stay with regards to mobile authentication, but we will see more solution providers leveraging biometrics and leaving the actual support (enrollment, storage, etc.) to the mobile providers while they simply use what mobile provides. 

2018 will be an interesting year for biometrics with Apple’s shift to facial recognition ID on the iPhone. It will likely be the largest adoption of facial recognition technology in history, and the response from iPhone users and security researchers is of great interest to the security and privacy community.

It is evident that biometrics are becoming more of a commonplace technology with a critical role to play in authentication. It’s interesting to see the consumer market leading the enterprise market in the adoption of biometrics. The major smartphone vendors are making it easier for the enterprise market to move towards passwordless.

An even more advanced threat landscape

Two things that really stood out in 2017 were the use of stolen credentials in breaches, and the use of ransomware in major attacks. Both seem to be on the rise, but for different reasons, and we expect both of these trends to continue in 2018.

Stolen credentials are easy to obtain on the dark web and leverage in an attack. They are the “path of least resistance” for attackers, who want to save their high value exploits for when they face organizations with mature, challenging and sophisticated security. Many organizations are not paying enough attention to the identity layer, making it a perfect storm of an under prioritized and cheap attack vector that offers high probability of success as well as return on investment.

The ransomware epidemic is concerning to me on a professional and personal level. Many organizations and private citizens have poor backup practices, which is really the best defense against ransomware. Without proper backup hygiene, you’re left to pay the ransom or wait on the possibility that a security researcher will crack the ransomware.

Insider assisted threats continue to expand

Insider threats are not a new concept, but as the threat landscape continues to advance, we expect to see an increase in insider-assisted threats. This is when a cybercriminal/threat actor convinces an individual inside a company to steal secrets.

These threats are expected to expand in 2018 for a number of reasons.

  1. Employee loyalty to their company is diminishing, which causes employees to be more easily enticed by a threat actor. Health care costs are sky rocketing, less companies are providing 401k matching and countless jobs are being lost to overseas. These factors combined with the entitlement belief system of younger generations are certainly causing a decrease in employee loyalty, which will lead to an increase in insider assisted threats.
  2. Traditional malware and vulnerabilities/exploits are becoming more difficult to hide (at least within advanced companies that have valuable data to protect). This is driving cybercriminals to other means of accessing confidential data, i.e. insider assisted threats.
  3. Blackmail is another contributor to the rise of insider assisted threats that we can expect to see in 2018. With so much of our personal lives exposed on social media or due to breaches/hacks, cybercriminals have ample opportunities to blackmail employees into helping them.


So, as 2017 comes to a close and we prepare for 2018, organizations should embrace passwordless and biometric strategies to stay ahead of the constantly evolving and continually advancing threat landscape (including the insider assisted threats). Organizations must strive for continuous improvement and bring their A-game because there’s no doubt that in the new year cybercriminals will continue to develop new tools and techniques and be working even harder to exploit security gaps.

Want to continue the conversation on the year ahead? Join our December 14 webinar “2018 Cyber Security Predictions: The Identity-Aware Perimeter Comes to the Fore“, hosted by Garret Bekker, 451 Research and Chris Sullivan, SVP Office of the CISO – SecureAuth. 

Never Miss a Beat
Subscribe to Our Blog

SecureAuth Identity Platform Adaptative Authentication

Identity and Access Management

Empower your digital initiatives with secure access for everyone and everything connecting to your business

Product Features

Adaptive Authentication

Extend verification of a user identity with contextual risk checks

Multi-Factor Authentication

Leverage a broad portfolio of authentication factors for desktop and mobile

Intelligent Risk Engine

Protect your identities with advanced risk profiling analytics

Single Sign-On

Provide app discovery and one-click login through portal or desktop SSO

User Lifecycle Management

Enable admins with strong CRUD capabilities and users with self-service tools

Secure All Identities


Customer Identities

Deliver a frictionless customer experience safeguarding user data and privacy


Workforce Identities

Govern and control access rights for employees, partners, and contractors

Moving Beyond Passwords

Learn how passwords alone no longer provide the appropriate level of protection, nor confidence, required to secure valuable resources


Passwordless Authentication

Reduce the risk of breaches by eliminating passwords

2FA is Not Enough

Block popular phishing and brute force attacks used by bad actors

Protecting Office 365

Extend adaptive authentication and flexible MFA to all apps including Office 365

Securing Portals and Web Apps

Balance strong security and an exceptional user experience

RSA Migration

Transition to a modern identity and access management solution



Financial Services


Energy and Utilities

Public Sector


White Papers


Recorded Webinars

Analyst Reports

Innovation Labs


Support Portal

Events & Webinars



Calculate Your Savings

Lower support costs by enabling your users the control to reset passwords, account unlocks, device enrollment and update profiles

Meet SecureAuth

About SecureAuth