2019 is virtually over and a new year beckons with all the solemnity of the grim reaper for those who don’t have their eyes wide open to the persistent threats we collectively face in the areas of privacy and cybersecurity.
Now that I have your attention, I’d like to add that it’s not all bad news. In the main, consumers and business leaders alike are more aware of cybersecurity and privacy than ever before. However, this sea change has been met with innovation on the criminal side of things. As defenses improve, the attack vectors become more nuanced and technically impressive. At times it can seem like a war of attrition, which brings us to the first series of predictions for 2020:
- CISOs will get worse at their jobs. Okay, simmer down all you cybersecurity people. I just mean there will be a shortage of experts–i.e., fewer of you to go around because at this moment in history everyone understands that a good CISO is critical to the ongoing success of an enterprise (the 2019 IBM Cost of Data Breach study found that the average cost to an organization was $3.92 million). With the demand for cybersecurity professionals far exceeding supply, the market will start having openings for less qualified people. Water finds its level, but it will be rough for a while.
- The disinformation blob will grow. With what we experienced in 2016 and 2018, is there any doubt there will be a rise in disinformation–homegrown and imported–of all stripe in the upcoming elections? Since these weaponized misinformation campaigns have proven effective, expect to see more of them in the private sector, with businesses adopting troll farm tricks to hurt the competition–or rather waiting to be discovered by intrepid reporters like Brian Krebs.
- Ransomware will continue to thrive. As long as humans are well……human, phishing attacks will lead to ransomware infecting more and more networks, and businesses, municipalities and other organizations will continue to pay whatever they must in order to regain control of their data and systems. We will also see better backup practices that will help minimize or neutralize the threat of these attacks.
- IoT botnets will make dystopian paranoia seem normal. IoT will continue to grow exponentially. In 2020 there will be somewhere around 20 billion IoT devices in use around the world. Unfortunately, many are not secure because they are protected by nothing more than manufacturer default passwords readily available online. They will weaponized (like years past) but with increasing skill and computing power.
- The integrity of the US elections will be questioned–and for good reason. There are still voting machines in use that are far from secure, and would not pass the most simple audits. Some states continue to use machines that leave no paper trail. Look forward to questions regarding election security all year.
- Cryptocurrency miners will continue to get rich off of stolen electricity. Related to the botnet craze, we will see an increase in computing power theft used to mine cryptocurrency. With bots becoming exponentially more effective as the result of AI and cloud computing, we will see a renaissance of Wild West behavior in the world’s cryptomines.
- Zero trust environments will be talked about. A few may exist. The assumption that one can trust the home team–people within one’s organization–sort of went the way of the Dodo bird when Edward Snowden walked away from the NSA carrying a treasure trove of NSA data hidden in a Rubic’s Cube. Zero trust simply means that no one can be trusted, in or outside the organization. With this assumption foremost, new systems make breaches and compromises harder to happen. Stay tuned.
- More people will know what “protect surface” means. Protect surface is part of the zero-trust environment. An organization’s attackable surface includes every error-prone human in its employ as well as the mistakes in configuration they may have committed along the way and a whole constellation of other issues. The protect surface is much smaller and must be kept out of harm’s way. The more we talk about subjects like protect surface, the stronger our cybersecurity will be.
- Cars will be frozen. Or not. But actually, yes. I think it will happen. Driverless cars are going to hit things as well as get hit. Cars that talk to satellites are toast. It’s going to happen. (Or not. But it totally could.)
- 5G will make the cyber smash grab a thing. 5G is going to make everything move fast, as will the new generation USB4 devices . With quicker speed, it will take much less time to transfer data. Coincidentally, criminals appreciate this as much as the rest of us.
- Social media will no longer need to be private. Social media companies will probably become a bit more responsible when it comes to the way they gather, store, crunch, analyze and sell our data to marketing companies and small to medium sized businesses looking to connect directly with consumers. This is really not worth talking about, however, because all of our information has already been scooped up. It’s good news for 2020 babies.
- State-sponsored traffic jams will be a thing. The hackers who brought you Hillary’s emails and who probably have President Trump’s tax returns are going to target operational systems with an array of tactics that include ransomware and more DDoS attacks that will snarl things up in ways we’ve not yet seen. The targets will be financial institutions, the power grid, an election, a company’s secret sauce, a city’s traffic lights or, you can fill in the blank.
- You’re going to have personal cyber insurance. Insurance companies will be writing more comprehensive cyber liability policies for businesses and offering innovative personal cyber coverage for consumers.
- HR will save money by spending some. More employers will offer their employees identity protection products and services as part of their paid or voluntary benefits programs. (An employee who has their identity stolen is not very productive and if, as part of that identity theft, their USER ID or passwords are exposed, a thief might have what he or she needs to access an employer’s network and sensitive databases.)
- The cloud will leak. The parade of stories about misconfigured cloud clients and data stored without any password protection on cloud services will continue apace, perhaps in part because of the CISO issue discussed in the first prediction.
- AI will gladly take your job. The Yang Gang knows it’s true. AI is here and it’s willing to work so that you can go fishing, collect that monthly $1,000 and not make ends meet. In all seriousness, the CISO shortage as well as many of the innovations discussed in this list of predictions will be increasingly powered by Artificial Intelligence.
2020 promises to be an interesting ride. Buckle up, because that driverless car might be hacked along the way. As ever, you are your best guardian when it comes to your privacy and personal cybersecurity. Be smart. Stay safe. And, have a very happy, healthy holiday season.