Forbes just released a compilation of 60 cybersecurity predictions for 2018. While no one can predict the future, we’re sure that cybersecurity is going to stay in the headlines and at the top of our list. We’ve curated the predictions most likely to interest or impact our clients’ organizations here:

Cyber Security truly arrives on Main Street in 2018 – this will mean that SMBs are going to realize en masse that they are now just as vulnerable (if not more) and have more to lose than their larger counterparts in the private sector. The volume of articles and reports on the costs and value of different cyber tools and services will exceed that of 2017—Jon Loew, CEO, AppGuard

Passwords are horrible, impersonal and put the burden on users to prove who they are. With the launch of Face ID, after the huge success of fingerprint readers in iPhones and Android devices, we will see more, true consumer-ready biometric authentication capabilities. Combined with the progress in Push Authentication (Google just defaulted to this over SMS authentication) and the mass of device data, we will finally see our biological selves become more securely connected to our digital identities—Simon Thorpe, Director of Account Security Products, Twilio

In 2018, It’s time to start thinking beyond two-factor authentication and start considering what’s next for safeguarding our systems. Organizations will begin adopting automated tools to analyze their social media presence for threats and suspicious behavior, just as they do now on their own network. Moreover, the traditional method of employee training will become even more crucial for organizations—Phil Tully, Principal Data Scientist, and Zack Allen, Manager, Threat Operations, ZeroFOX

In 2018, we’ll see less emphasis on traditional passwords and more on ways to achieve security via two-factor authentication techniques involving biometric solutions like voice recognition, facial scans and fingerprints. For security vendors, the storage and record-keeping stakes are higher to protect biometric data because contrary to a credit card number that can be discontinued, you can’t replace a person’s facial structure with a new one once a facial scan is compromised—Darren Abernethy, senior global privacy manager, TrustArc

In 2018, midsize and distributed enterprises will finally adopt multi-factor authentication (MFA) in droves. In 2017, 81 percent of hacking-related breaches involved stolen or weak credentials, so the security industry agrees that MFA is the strongest type of authentication – but until now, the adoption of MFA systems has been hindered by their complexity and requirements for on-premises infrastructure. In the coming year, we believe the continued growth of SaaS and smartphones will spur massive MFA implementation amongst SMBs and distributed organizations—Corey Nachreiner, Chief Technology Officer, WatchGuard Technologies

2018 will be an interesting year for biometrics with Apple’s shift to Face ID on the iPhone. It will likely be the largest adoption of facial recognition technology in history and the response from iPhone users and security researchers is of great interest to the security community. It’s certainly a sign that biometrics are becoming more of a commonplace technology with a critical place in authentication. It’s interesting to see the consumer market leading the enterprise market in the adoption of biometrics. The major smartphone vendors are making it easier for the enterprise market to move towards passwordless–Stephen Cox, Chief Security Architect, SecureAuth

Humans will continue to be the weakest link in security. While vendors will come out with new whiz-bang capabilities in 2018 using artificial intelligence, machine learning and blockchain, most will fall short of the mark when it comes to securing the enterprise—Ian Paterson, CEO, Plurilock

In 2018, more companies will adopt security-first thinking. Imagine a moat surrounding a castle, protecting the king, queen, and other residents from invaders. Only in this case, instead of people you have Personally Identifiable Information (PII), proprietary files, intellectual capital, medical information, legal documents, and other information that should only be seen and shared with the people and organizations you authorize. To adopt such a culture at your organization, get your people thinking about security with regular awareness campaigns, simulated security attacks with phishing and other attack vectors, and improved record keeping policies to manage and encrypt key organizational data—Erik Brown, CTO, GigaTrust