SANS Internet Storm Center projects 3 key challenges for the year ahead:

(1) staffing difficulties
(2) How to best secure new products & advances in technology
(3) increased cybercrime & ransomware attacks 

https://isc.sans.edu/forums/diary/What+are+your+Security+Challenges+for+2018/23171/

We are almost at the end of another year. Last year I wrote a diary on Talent Shortage and from what I have seen, it is still difficult to find the right people with the right skills. Anyone willing to learn or is curious about how attacks methods works and how to defend against them, has strong ethics and problem solving skills sound like a candidate you might want to coach and hire.

Technologies are rapidly evolving and changing; keeping on top of all of them is difficult and not really possible. I think it is becoming important to specialize whether it is offensive (pen testing and audit) or defending networks. Don’t get me wrong, I believe it is important to have a strong understand of both but I think at some point picking a side (auditing or defending) is the right thing to do.

Last but not least, cybercrimes are going to continue to grow and be more focus against selected products (corporate “secret sauce”), user data, groups and employees. Malicious actors are always looking for new methods to gain access, steal data and sell it to whoever is willing to pay for it.