The end of one year and the arrival of another year always requires some reflection and predictions. While antivirus software and endpoint security researchers are always looking to the future, this is often related to the known challenges – the threats that businesses now face.
The cyber threats are unabated, but new types of threats that emerge in 2019 will become the norm in the next 12 months. In a sense, that's good – a known amount to work with in an unpredictable world. However, as anyone who has attacked at the front line will say, "normal" is often pretty awful.
About the Author
Pascal Geenens is a security researcher and evangelist at Radware.
And normal could really be so bad next year if you look at the big macroeconomic challenges in the world. Upcoming elections, tensions between countries, climate change and social issues such as gender equality and poverty can and will influence how and when businesses and organizations are attacked.
It may seem strange to point out that climate change could affect your security strategy. However, if your supplier or partner has links that hackers rely on, this is your network to target.
These broader threats are all things that should be used to establish a strategy and determine which of the predictions are worth noting. It is also an opportunity to reflect on how the tools we use to defend ourselves could be those used in the wrong hands against us. Developing strategic plans against hacker attacks and malware has never been so complex.
So what are our risks?
. 1 AI and fake data / disinformation
That's fiction, but unfortunately it's a lot of reality. Counterfeit data, disinformation and their dissemination will become an important tool in the cyber arsenal of nation states.
We have already seen it. It disturbed voting and public opinion, leading to misunderstandings and confusion. The truth has lost. I have no doubt that we will see more of it. His commitment to companies and organizations will be productive next year.
Artificial intelligence is, of course, the battle cry of defending oneself. But it's also the technology behind the fake data. It is the catalyst for generating targeted and individualized counterfeit data to influence the individual in all facets of his life. We have to expect that this tactic will be used to influence important political and economic events up to the Olympic Games and future World Championships.
Businesses need to consider how they can be a single source of truth and know that there is no danger of information being manipulated.
. 2 Imbalance between privacy and security
The balance is in favor of privacy rather than security. How come? Cyber defense is becoming exponentially more difficult and expensive as more and more dark data and privacy measures are taken (for the engineers among you, these include Quic, DoH, TLS 1.3, etc.).
People can hide more easily. It is becoming more mainstream. The triggers are big data breaches and a growing sense of Big Brother.
This means that in an increasingly anonymous world, companies need to rethink how they manage the complexity of enforcing laws and securing networks.
This is a difficult puzzle. How can you ensure security and privacy, and how can you still run a business that offers high quality customer service and profit to shareholders?
. 3 Data breaches due to stupidity or ignorance will fade.
For many, the first experience with cloud services was a bad one, but this is a prediction to console it. Password management with online storage is hidden when cloud and service providers use technology to prevent it.
They have acknowledged that managed security was sometimes inadequate, and in order to increase infrastructure management and cloud revenue, they need to address the associated security risks. Automation has opened the door for it.
. 4 Attack surface of the cloud and the distributed enterprise
Just when you thought things would be better, something else is coming. It is well known that the attack surface of organizations is growing exponentially as a result of switching to hybrid, multi and edge clouds.
However, adding the complexity of data protection and the management of darker data make it harder to protect the business and ensure the visibility of the threats. Every security strategy must examine how threats are found, categorized, and tackled. It will require technology and great skill to get it right, as well as sponsorship from the entire board.
. 5 Automation is a double-edged sword
We have already mentioned that AI and automation help to ward off attacks. Its true strength is in being grounded in learning and explaining why it has become a strategy for many breakthrough technologies and solutions, as well as for IT service management.
But despite all this positive power, there is one negative: Deception automation is likely to lead to the next catastrophe. What I mean? It is quite possible to deceive the ability of a car to autonomously drive through slight changes in traffic signs or road markings. In fact, it has already happened.
Imagine the effects on cyber defense systems, (physical) war weapons and aircraft. But that is the dawn. As new ways are discovered to poison or influence the decision-making of deep learning algorithms, a new attack surface is formed. As long as we recognize that, we have a chance to defend ourselves.
. 6 Quantum Computers
Quantum computers eventually become an important part of the security policy of organizations that deal with secrets and valuable information.
The generation and distribution of quantum keys and quantum encryption are applied. We're likely to face the scenario that it's better to play it safe when the first nations develop quantum computers with enough qubits to interrupt the planet's encrypted communication.
But while this last prediction may be sobering, there are some practical things companies can do to get ready. An attack on the attack surface, including suppliers and partners, and every IoT device connected to the network is a good starting point, followed by a competency analysis. Your team must be prepared to think through complex challenges and develop tactics and strategies that build a solid defense. This is possible with the technology available today. The trick is to invest in the right ones.
Pascal Geenens is a security researcher and evangelist at Radware .