The 5 biggest 2020 cybersecurity trends everyone should know.
The vital role that cybersecurity plays in protecting our privacy, rights, freedoms and everything up to and including our physical safety will be more prominent than ever during 2020. More and more of our vital infrastructure is coming online and becoming vulnerable to digital attacks. Data breaches involving the leak of personal information are becoming more frequent and bigger, and there’s an increasing awareness of political interference and state-sanctioned cyberattacks. The importance of cybersecurity is undoubtedly a growing matter of public concern.
We put our faith in technology to solve many of the problems we are facing, both on a global and personal scale. From smartphones, we AI personal assistants to space travel, curing cancer, and tackling climate change. But as the world becomes increasingly connected, the opportunities for bad guys to take advantage of profit or political ends inevitably increases. Here’s what will be top of the agenda when it comes to cybersecurity over the coming year:
1. Artificial intelligence will play an increasing role in both cyberattack and defense
AI is the new arms race – but unlike earlier arms races, anyone can get involved. There’s no need for the sort of resources that were previously only available to governments.
Therefore, while AI is undoubtedly being researched and developed as a means of crippling an enemy state’s civil and defense infrastructure during the war, it’s also easily deployable by criminal gangs and terrorist organizations.
So rather than between nations, today’s race is between hackers, crackers, phishers, data thieves, and the experts in cybersecurity whose job it is to tackle those threats before they cause us harm. Just as AI can “learn” to spot patterns of coincidence or behavior that can signal an attempted attack, it can learn to adapt to disguise the same behavior and trick its way past our defenses.
“AI is the new arms race – but unlike earlier arms races, anyone can get involved.”
This parallel development of offensive and defensive capabilities will become an increasingly present theme as AI systems become more complex and, importantly, more available and simpler to deploy. Everything from spam email attempts to trick us into revealing our credit card details to denial-of-service attacks designed to disable critical infrastructure will grow in frequency and sophistication. On the other hand, the tech available to help us avoid falling victim, such as deep learning security algorithms, automation of systems that are vulnerable to human error, and biometric identity protection, is getting better too.
2. Political and economic divisions between east and west lead to increased security threats
As it appears to most people, the internet and the online world is an international entity – relatively free of borders or restriction on the free movement of information and ideas. It’s been built that way because its architects understand the importance of international cooperation when it comes to accessing talent and resources. But that’s really all just an illusion. The corporations, networks and associations which provide the infrastructure behind the scenes are legal entities obliged to comply with national laws and regulations.
With no end in sight to the “trade war” between the world’s superpowers, talk of fracturing among international organizations like the UN or EU, and an ongoing tech-driven arms race among nations that are economic competitors, that illusory veneer is getting stretched thinner and thinner. And that could have very scary consequences.
Just a few weeks ago, Russia announced that it had tested an “unplugged” internet: a country-wide alternative to the global internet, which could give its government control over what citizens can access on the web. Countries like Iran and China are already censoring content and blocking access to external information.
If more barriers like these go up, it could easily have the effect of preventing international cooperation on both the technological and regulatory challenges of cybersecurity – and that’s only likely to benefit the bad guys.
3. Political interference increasingly common and increasingly sophisticated
Targeted disinformation campaigns aimed at swaying public opinion have almost become an accepted feature of democracy today. So far, cybercrime targeting elections has taken two forms. The first involves the spreading of “fake news” and false narratives – usually designed to slur a candidate – via social media. The second is direct attacks against candidates or digital electoral infrastructure.
“Countering the false narratives means building systems that can sift out lies and propaganda.”
Countering the false narratives means building systems, either automated or manual, that can sift out lies and propaganda by analyzing both content and metadata – where the information originates from, and who is likely to have created it. Facebook and Google have both invested in technology designed to determine whether or not political messaging fit patterns that suggest it could be part of a targeted “fake news” campaigns. This is because of the overwhelming evidence that state actors are increasingly adopting these tactics to cause political unrest. The Chinese government has been suspected of attempting to push a pro-China narrative around elections in Taiwan and civil protests in Hong Kong using fake social media accounts. Meanwhile, candidates’ private emails were hacked and released in both the 2016 US elections and the 2017 French elections.
Both forms of digital electoral interference are likely to become a growing problem over the next 12 months, partly because they have proven to be highly effective up until now. Consequently, we can expect more investment in technology designed to counter them, as well as efforts to raise public awareness of the issue.
4. The cybersecurity skills gap continues to grow
Research suggests that the number of unfilled cybersecurity jobs will increase from just 1 million in 2014 to 3.5 million in 2020. This deficit of skills is likely to become a growing matter of public concern during the early part of this new decade.
“The number of unfilled cybersecurity jobs will increase from just 1 million in 2014 to 3.5 million in 2020.”
The threats we face in cyberspace today – from thieves attempting to carry out fraud to political disinformation campaigns designed to alter the course of democracies – will only become more intense unless there are sufficient people with the skills to counter them coming through the pipeline. Without investing in training existing staff on how to prevent or mitigate cyberattacks in their field, as well as hiring experts with the skills to spot new threats on the horizon, industries stand to lose hundreds of millions of dollars. The current average cost incurred by a US company that suffers a data breach stands at $8.19 million. Amongst organizations that have implemented fully automated cybersecurity defenses, that cost drops to $2.6 million. Of course, implementing these mature defenses requires access to a skilled, experienced cybersecurity workforce – something that is likely to become a challenge in the coming years.
5. Vehicle hacking and data theft increases
Even before we get into the subject of self-driving cars, vehicles today are moving data factories. Modern cars get fitted with an array of GPS devices, sensors and in-car communication and entertainment platforms that make them an increasingly profitable target for hackers and data thieves.
Criminals have learned to piggyback into private networks through connected home appliances and smart devices, thanks to the lack of security standards among the thousands of device manufacturers and service providers. Likewise, the automobile is likely to increasingly become the backdoor of choice in the coming years, thanks to the growing amount of data they collect and store about our day-to-day lives. Attackers will have the choice of targeting either the vehicles themselves, perhaps using them to access email accounts and then personal information, or the cloud services where our data routinely get sent for storage and analysis. Large scale harvesting and resale of this data on the black market is highly lucrative for cybercriminals.
“The idea of hijacking autonomous cars and taking over their controls may seem far-fetched right now, but it’s a threat that’s being taken seriously.”
Another very real danger is that malicious actors could learn to compromise the digital controls and safety features of modern vehicles. The idea of hijacking autonomous cars and taking over their controls may seem far-fetched right now. But it’s a threat that’s being taken seriously by the automotive industry as well as lawmakers. When it comes to 2020 cybersecurity trends, we’re likely to see more debate over this aspect of the safety of self-driving vehicles, as the regulatory framework that will allow them to operate on our roads continues to take shape.
