2018 Security Trends: 8 Experts Share their Predictions

Brian Royer, January 31, 2018

According to a recent survey by Accenture, banks experience 85 attempted breaches on average each year. More than a third are successful in stealing sensitive information1.

In 2017, those attempts ranged from account takeover fraud to mobile banking Trojans that enabled hackers to steal funds from victims’ bank accounts. Attacks such as Distributed Denial of Service (DDoS) — per Verizon, the most common form of attack against financial institutions — made headlines each time hackers successfully targeted large institutions and their customers.

While banks will continue to face a long list of cybersecurity threats in 2018, the New Year is an opportunity to re-examine the security built into your customers’ online and mobile banking experiences. The threat landscape is continuously evolving. That’s why we’ve brought together 8 of our top security, technology and industry experts to share their predictions for 2018, along with their thoughts on the technologies of choice critical to building digital trust and long-term loyalty.

Mobile App Security

Frederik Mennes, Senior Manager Market & Security Strategy, Security Competence CenterFrederik Mennes, Senior Manager Market & Security Strategy, Security Competence Center
“In 2018, mobile platforms will be the biggest attack platform. We will see an increase in mobile banking attacks next year — because more banks are providing mobile banking apps, and there is a shift by users from PC online banking to mobile banking. One of the biggest threats against mobile are overlay attacks, especially in the U.S. and Europe. In the past, these attacks were only spotted in Russia, but we’ve seen the first examples in Europe and the U.S. and we expect there will be more next year. Overlay attacks are a type of malware that also takes advantage of the user, who has to enter their credentials into the overlay window. The combination of malware detection and Runtime-Application Self Protection is the strongest way to protect mobile applications today.”

Will LaSala, Director, Security Solutions, Security EvangelistWill LaSala, Director, Security Solutions, Security Evangelist
“In 2018, the mobile platform will be hit hard. The recent news of the WiFi WPA vulnerability and the potential for attacks is greatest on the fractured versioning system of the Android device space. Along with this attack, the rise in social engineering with mobile application repackaging and app distribution is on the verge of explosion.  Combine these monster holes with where the mobile app industry is headed, businesses should be aware and take extra precautions this year to secure their mobile offerings.”

Fraud Prevention — Banking

John Gunn, CMOJohn Gunn, CMO
“2018 will be an exciting time as we will see new defenses and technologies paving the way to mitigate fraud and risk. However, research is finding banks are still falling further behind as they try to keep pace with today’s fraud schemes. It’s time to turn to new solutions based on AI and machine learning that speed up the ability to detect fraud, enabling banks to not only keep up but get ahead on reducing the losses to fraud and defending against attacks.”

David Vergara, Director of Security Product Marketing

David Vergara, Director of Security Product Marketing
“The banking world is facing increasingly intricate fraud schemes. As a result, banks will deploy more sophisticated solutions that combine risk analysis with machine learning, authentication, mobile security and orchestration to dynamically and in real time, apply the proper level of security for each unique transaction based on a risk score. Banks will also demand that these solutions provide simple integrations with a variety of fraud tools/platforms to ensure future requirements are easily incorporated. ”


Matthias Valcke, Director Business Solution & Market DevelopmentMatthias Valcke, Director Business Solution & Market Development
“Last year’s increase in overlay attacks in mobile banking applications coupled with the upcoming PSD2 regulation will this year force banks to add further security functionality to their apps. Additional security measures like Runtime Application Self-Protection and other frictionless methods of protection like behavioral biometrics will likely be the solutions of choice.”



Rahim Kaba, Director of Product Marketing, E-SignatureRahim Kaba, Director of Product Marketing, E-Signature
“Whether you are signing a contract or agreement or opening a new account, the underlying digital transaction (including data, documents and signatures) needs to be trusted and secure across every channel. As a result, enterprises are looking to more advanced authentication options to validate the identity of participants in a digital transaction. They want to ensure there are adequate security features built-in, particularly for their higher volume, B2C online and mobile channels. The key is to take a balanced approach — inspiring consumer confidence without adding inconvenience.”

Machine Learning/Artificial Intelligence

Romans Bonbinkovs, Business Consultant Fraud DetectionRomans Bonbinkovs, Business Consultant Fraud Detection
“We’ve entered the age of artificial intelligence, machine learning and robotics. In 2018, we will see malicious software with AI capabilities, more automated attacks and more intelligent (spear) phishing campaigns. With the help of machine learning, fraudsters will be able to scan the web in an automated way, requiring little or no human intervention and fewer resources to create more devastating attacks.”


Giovanni Verhaeghe, Director Market & Product StrategyGiovanni Verhaeghe, Director Market & Product Strategy
“Blockchain is changing the game in the financial services industry by adding transparency, speeding up and simplifying processes, while also reducing costs significantly. Blockchain and distributed ledger technologies will be an important new technology implementation and will continue to have a big impact as people demand more control of their identities and access to their personal information. A ledger doesn’t have any notion of how an identity is stored, but adding identity and credentials to the distributed ledger makes something anonymous when it previously was not.”

1. https://accntu.re/2nlUUz4

Brian Royer is Senior Marketing Writer at OneSpan. He joined OneSpan in 2015 with 20 years of experience in copywriting and security solutions marketing.