Cybersecurity plays a role in protecting our freedom, privacy, and rights. Also, everything up to and including our physical security will be more vital than ever in 2020.
Our important and personal infrastructure is appearing more on the Internet and becoming vulnerable to digital attacks.
More and more data leaks are associated with the leakage of personal information, and there is a growing awareness of political interference and government-sanctioned cyber attacks. Therefore, the importance of cybersecurity is a growing public concern.
Technology could address the many challenges we face, both globally and personally. From smartphones and personal A assistants to space travel, cancer treatment, and climate change control.
However, as the world becomes more interconnected, the opportunities for the bad guys to take advantage of it for profit or political purposes will inevitably increase.
Here is what will be on the agenda when it comes to cybersecurity in the coming year:
Our Means Of Communication May Become More Weaponized.
The notion that communication is creating new combat landscapes is confirmed by the evolving spheres of today’s and tomorrow’s cyberattacks. In the first part of 2019, we saw a 50% increase in mobile banking malware than the previous year.
It means our payment data, credentials, and funds are transferred to cyber attackers at the push of a button on our mobile device.
Attempts by cybercriminals to deceive consumers into providing their personal information using the most common means of communication will increase and will range from mail attacks to SMS attacks, social networking messages, and gaming platforms. What we use most often may become a more popular surface for counterfeiting Cross-Site Request Forgery.
According to TÜV Rheinland, in 2017, Frenchwoman Judith Duportale asked a dating company to send her any personal information about herself. In response, she received an 800-page document indicating her likes and dislikes on Facebook, the age of the men she was interested in, and all 870 contacts she had online since 2013.
“The fact that Judith Duportale has received so much personal data after several years of using one application underlines the fact that data protection is now complex. Also, this example shows how little transparency there is in the protection and processing of data that can be used to get an accurate picture of a person’s interests and behavior,” the report says.
The Cybersecurity Skills Gap Continues To Grow
During 2020, research suggests that the number of unfilled jobs in the cybersecurity sector will increase from 1 million in 2014 to 3.5 million. This skills gap is likely to become a growing public concern at the beginning of this new decade.
There are many threats today in cyberspace, from thieves trying to clone individuals for Cross-Site Scripting to political misinformation campaigns aimed at changing the course of democracies.
They will only increase if there are not enough people with the skills to counter them passing through the pipeline. Without investment in training existing personnel to prevent or mitigate cyberattacks in their field, and without hiring experts with the skills to detect new threats on the horizon, the industry could lose hundreds of millions of dollars.
Currently, the average cost incurred by a company in the US that suffers from data leakage is $8.19 million. Among organizations that have implemented fully automated security systems against cybersecurity, this cost has been reduced to $2.6 million.
Implementing these sophisticated security solutions requires access to qualified, experienced staff working on cybersecurity issues, which is likely to become an increasingly complex task in the coming years.
The ‘Cyber Cold War’ Intensifies
The new cybernetic cold war is taking place online, as Western and Eastern powers increasingly share their intelligence and technology. The ongoing battle between the US and China and the separation of these two vast economies can be a clear sign.
Many cyberattacks will increasingly be used as proxy conflicts between smaller countries, financed and supported by larger countries seeking to consolidate and expand their respective spheres of influence.
Cyberattacks also continue to target public utilities and critical infrastructure, as evidenced by the attacks on South African and US utility companies last year. The United Nations will need to consider drastically strengthening cyber defense around its critical infrastructure.
It seems to most people that the Internet and the web world is an international organization relatively free of borders or restrictions on the free movement of information and ideas.
It is structured in that way because its architects understand the importance of international cooperation when it comes to access to talent and resources.
However, in reality, that is just an illusion. The corporations, networks, and associations that provide infrastructure behind the scenes are legal entities bound by national laws and regulations.
With no end to the “trade war” between the world’s superpowers, no talk of cracks between international organizations such as the UN or the EU, and no ongoing arms race between countries that are economic competitors, this illusory plywood is being stretched thinner and thinner. It can have very dire consequences.
Just a few months ago, Russia announced that it had tested a “disconnected” Internet, essentially a country-wide alternative to the global Internet. It could give its government control over what citizens can access on the Internet.
Countries such as Iran and China are already censoring content and blocking access to outside information.
During 2019, we also saw the US government effectively establish a partnership between US tech companies and Chinese mobile giant Huawei for fear of close ties between Huawei and the Chinese state.
If such barriers increase, it can easily lead to international cooperation, hampering both technological and regulatory cybersecurity issues, which will only benefit the bad guys.
The Rise Of Artificial Intelligence (AI)
In the US elections in 2016, the propaganda of fake news based on AI began. During political campaigns, resources were used to create specialized teams that organized and distributed fake news stories to undermine their opponents. We can expect these activities to be fully operational again as we prepare for significant elections around the world in 2020.
At the same time, AI continues to be used as a facilitator in the fight against crime; it will probably also be used to accelerate the security response. Most security solutions are based on human logic detection engines.
However, keeping them updated against the latest threats and new technologies and devices is not possible. AI greatly accelerates the detection and response time for new threats by helping to block attacks before they become widespread.
However, cybercriminals are also beginning to use the same techniques that help them investigate networks, identify vulnerabilities, and develop more evasive malware.
AI is a new arms race, but unlike previous arms races, anyone can join – no resources previously available only to governments are needed.
It means that while AI is undoubtedly being researched and developed as a means to destroy an enemy state’s defense and civil infrastructure during a war. It is also easily deployed by criminal groups and terrorist organizations.
Thus, rather than between nations, today’s race is between hackers, burglars, phishers and data thieves, and cybersecurity experts whose job is to combat these threats before they harm us.
Just as the AI can ‘learn’ to recognize patterns of coincidence or behaviors that may signal an attack attempt, it should learn to adapt to disguise the same behavior and pave its way past our defenses.
This parallel development of defensive and offensive capabilities will become increasingly relevant as AI systems become more complex and, importantly, more accessible and easy to deploy.
Everything from trying to deceive us to exposing our credit card data to denial of service attacks aimed at disabling critical infrastructure will become more frequent and sophisticated.
On the other hand, technologies that help us avoid “falling prey,” such as an in-depth study of security algorithms, automation of systems prone to human error, and biometric identity protection, are also becoming increasingly sophisticated.
5G Adoption And Development Of IoT Devices Increase Vulnerability
As 5G networks are deployed, the use of connected IoT devices will be significantly accelerated, increasing the vulnerability of networks to large-scale multi-vector 5th generation cyberattacks. IoT devices and their connectivity to networks and clouds are still a weak link in the security system.
This ever-growing amount of personal data will need to be protected against hacking and theft. Therefore, we need a more holistic approach to IoT security, combining traditional and new management tools to protect these ever-growing networks and businesses.
The performance and number of individual smart devices are increasing each year, making them a desirable target for cybercriminals. With the spread of intelligent devices, the attack surface can rapidly grow hundreds and thousands of times.
Moreover, personal medical devices such as defibrillators, insulin pumps, pacemakers, and heart and glucose monitors have all been connected to the Internet as part of the Internet of Medical Things (IoMT) over the past ten years.
“At the same time, the researchers have identified an increasing number of software vulnerabilities and demonstrated the possibility of attacks on these products, which can lead to targeted attacks on both individuals and entire classes of products,” the organization said.
Enterprises Will Rethink Its Cloud Approach.
Detection is no longer sufficient to provide protection, and prevention is now the key to security.
Organizations already handle most of their workloads in the cloud, but the level of understanding of cloud security remains low. It often becomes a secondary goal when deployed in the cloud.
Security solutions must evolve into new flexible cloud-based architectures that provide scalable protection at high speeds.
Transport Infrastructure And Vehicles Are New Targets For Cyberattacks.
With the development of software and hardware platforms, vehicles and transport infrastructure are increasingly interconnected.
“The disadvantage is the growing number of vulnerabilities that can be exploited by attackers. Extensive cyberattacks against transport can not only affect the safety of individual road users but also lead to large-scale traffic and urban safety violations,” says TÜV Rheinland.
Passwords Head For Distinction
A new variety of password-free authentication has been introduced through the use of innovations in biometrics, advanced face recognition, or even microchips embedded in the hand.
More and more IT teams are finding these methods potentially more secure. Netlogx’s Clayton Calvert, who assesses IT security and risks, says, “IT is regaining full visibility into identity and access management. Reuse and sharing are common problems with password-based authentication.” Without passwords, there is nothing much to phishing.
Political Interference Increasingly Common And Sophisticated
Targeted misinformation campaigns aimed at swaying public opinion have almost become a common feature of democracy today. With presidential elections in the United States approaching in 2020, it seems that they will again become headlines.
So far, election-related cybercrime has taken two forms. The first is the spread of “fake news” and false narratives through social networks, which is usually designed to silence the candidate. The second was a direct attack on the candidates’ electoral infrastructure or digital infrastructure.
Countering false narratives means creating systems, automated or manual, that can screen out lies, propaganda, and bad faith by analyzing both content and metadata – where the information comes from and who most likely created it.
Facebook and Google have invested in technology designed to determine whether political messaging conforms to templates that assume it can be part of targeted “fake news” campaigns. It is due to overwhelming evidence that these tactics are increasingly being used by government actors to cause political unrest.
The Chinese government is suspected of trying to push the pro-Chinese narrative around the Taiwanese civil protests and elections in Hong Kong using fake social media accounts. The candidates’ personal emails were hacked and published in the 2016 US elections and the 2017 French elections.
Both forms of digital interference in elections are likely to become a growing problem over the next 12 months, partly because they have proven highly effective so far.
Consequently, increased investment in technologies to counteract them can be expected, as well as efforts to raise public awareness of the problem.
Vehicle Hacking And Data Theft Increases
Even before we move on to the topic of self-propelled vehicles, today’s vehicles are mostly moving data-processing plants.
Modern automobiles are equipped with a variety of GPS devices, sensors, and car communication and entertainment platforms, making them an increasingly profitable target for hackers and data thieves.
Criminals have learned to operate in private networks through connected home devices and smart devices, due to the lack of security standards among thousands of device manufacturers and service providers.
Also, cars are likely to become more and more vulnerable in the coming years due to the increasing amount of data they collect and store about our daily lives.
Attackers will have the choice of either using the vehicles themselves, perhaps using them to access email accounts and then personal information, or using cloud services where our data is regularly sent for storage and analysis.
Large-scale collection and resale of this data on the black market are very beneficial for cybercriminals.
Another genuine danger is that cybercriminals can learn how to compromise the digital controls and security functions of modern vehicles. The idea of stealing autonomous vehicles and taking control of them may seem far-fetched now. Still, it is a threat that is taken seriously by both the automotive industry and legislators.
During this year, we will probably see more debate on this aspect of self-propelled car safety, because the regulatory framework that will permit them to operate on our roads is still being formed.
To Sum Up
Hardly a day goes by without reporting a violation or a cyber incident. The attacks have become so devastating that the FBI has softened its position on the payment of ransoms.
The agency now recognizes that, in some cases, businesses may have to consider paying the ransom to protect shareholders, employees, and customers.
With our ThreatCloud data-sharing technology, we’ve seen nearly 90 billion compromising attempts per day – compared to about 6 billion daily searches on Google. These are new records that are broken continuously over time, which means that the number of victims is increasing.
Knowing what’s coming to us will help us get better prepared. Some paradigms will have to change. The vast spread of technology and solutions will make us all think about how to consolidate ourselves.
In 2020, more than ever, cyber-attacks are no longer a question of what, but of how and when. It is a problem that concerns all of us. Therefore, we should know the cybersecurity trends of today.