Security — it’s the word on everyone’s lips, from the first-year employee to the C-suite. It may seem hard to imagine what could happen next in this sector, but Merritt Group’s expert Security Practice team has some keen insights on what’s to come for the security B2B market, with its endless quick-turn, hot-button issues.

Here’s what they have to say about what security will bring in 2018.

What do you think will be the hottest trend in security in 2018?

Michelle Schafer, Senior Vice President
The European General Data Protection Regulation (GDPR) is very top of mind with the May 25, 2018, deadline fast approaching. The goal of this data governance regulation is to give control of personal information back to the people — and it should serve as a wakeup call for all enterprises handling personal data. Gartner predicts that only half of organizations will be in compliance by the time the deadline arrives, and with massive fines for noncompliance, the impact could be quite costly. I think GDPR will tighten up data privacy and security, but full adoption will take a while.

Mia Damiano, Account Manager
It sounds cliche to say that the internet of things will be big in 2018, but I think the explosion of Amazon Alexa and Google Home devices is only the beginning of the smart home takeover. I often encounter people who are wary of the Echo Dot and other consumer IoT devices, because they think every word they say is being recorded, but I think what we really need to be afraid of is how these devices can be an entry point for hackers to exploit.

What are the next big buzzwords you think will take over the security industry?

Ashley Howard, Account Supervisor
We’re already seeing artificial intelligence and machine learning popping up everywhere, and I think companies will continue to use these buzzwords to sell their products. The question will be: Are they really employing true AI, or are they just using it because it’s popular at the moment?

How do you imagine the nature of data breaches will be different in 2018?

Michelle Schafer
I think we’ll see more of the same — major breaches due to bad cyber hygiene, such as improper/lack of patching, social engineering scams and bad passwords. Given the massive Equifax breach and its detrimental impact, consumers should take more proactive steps in protecting their personal information, but they’ll continue to make the same mistakes. My hope is that enterprises will take patching more seriously in the wake of the WannaCry and Petya attacks.

Mia Damiano
I don’t think the nature of data breaches itself will change, but I think how the public responds will continue to evolve in the coming year. Major incidents like the Yahoo breach and Equifax hack have made cybersecurity a dinner table conversation. When I tell my mom I had a busy day at work, she can usually guess why since, more often than not, it’s thanks to a major cyberattack. Looking ahead to 2018, I hope that consumers’ increasing awareness will translate to better security and less frequent attacks, but the sad reality is that likely won’t be the case.

What buzz are you hearing in the industry regarding IoT security over the next year?

Ashley Howard
We are building the products and the technology faster than the security for it, which will continue to be an issue. Everyone wants the latest IoT gadget, but you might want to think twice about how that device and how the data that it’s collecting are really being stored and protected. You might be shocked to learn that it’s not as private as you might think it is.

What are some of the newer business risks clients and the media are preparing for in 2018?

Cara LaMaina, Senior Account Executive
I would say based on my conversations with reporters and clients, the biggest threats/risk that people are starting to prepare for are critical infrastructure and nation-state attacks. In 2017 we saw some of the first examples of attacks that took down power grids and caused major chaos, not just for a singular company or industry but for nations. This type of threat only stands to grow as our nation becomes more hyper-connected and continues to explore and prepare for cyber warfare.

What was your biggest takeaway from security media coverage in 2017?

Tom Rice, Partner
Ransomware was the biggest story of the year. Those breaches were covered a lot more than any other. The Democratic National Convention Russia hacking story of course still had a lot of legs. I continue to be surprised every year at the volume of security news coverage. The Wall Street Journal producing their own cybersecurity newsletter and hiring numerous cybersecurity-focused reporters is another example of that.

Michelle Schafer
I’ve been monitoring security media coverage for 14 years, and the pace at which cyber news is breaking now is surreal. Every day, we see several new breaches, malware attacks or cyber threat reports in the news, and it’s not slowing down. Increasingly, I think it’s hard for journalists to cover it all — they simply can’t — so it means really analyzing pitches and stories that their readers will find most valuable. While “breach of the day” stories are important, I personally think stories that offer tips or advice for security pros or lessons learned are probably the most impactful. After all, that’s what we’re all here to do: create a safer cyber world and share information that helps us achieve that goal.