Three Trends That Could Keep Cybersecurity On Its Toes In 2019

Paul Lipman has worked in the cyber world for over a decade, and is currently CEO of BullGuard, a global leader in smart home cybersecurity.

It seems each new year brings with it more headlines around cybersecurity, usually the negative sort decrying the latest data breach or cyber attack. The truth is that as technology grows more sophisticated and ubiquitous, so does its seedy underbelly. This is a frustration for the consumer, and it can potentially sound the death knell for the enterprise.

Fortunately, the cybersecurity industry is working overtime to prevent, harness and mitigate attacks from every angle. Add to that a more savvy consumer, more invested regulatory agencies and new market entrants poised to offer increasing levels of security and privacy protections, and it feels like we’re paying greater attention and looking into better ways to keep our digital lives safe.

Hackers aren’t slowing down either, however, and I predict 2019 will see critical data breaches and cyberattacks. Here are three key considerations for cybersecurity in the coming year:

How secure is your weakest link?

The internet of things (IoT) landscape is an exciting one heading into 2019. There is great promise for seeing the proliferation of IoT devices across a wide range of industries, thanks to advancements in connectivity such as 5G and eSIM that could allow for greater bandwidth while decreasing overall costs.

To date, however, IoT devices have struggled to provide acceptable security. The first hack on IoT devices I know of came in 2016 via the Mirai botnet, and since then the threat landscape has moved quickly -- reportedly jumping 600% from 2016-2017, according to security firm Symantec. Not only are individual devices at risk, but -- more concerningly -- so is the network, which could proliferate an attack quickly across a large number of devices.

Up until now, criminals have often focused on internet infrastructure and providers and have used consumer devices only as a vehicle for initiating a broader attack on the network itself, such as with the infamous Mirai botnet. That will likely change, however -- and with little industry standardization, organizations should take ownership of their own IoT security. This starts with knowing how many and what type of devices access your network and ensuring all are properly maintained and the software is up to date. It's also critical to identify your users and have an understanding of their typical behaviors to more easily identify rogue activity.

Will artificial intelligence (AI) turn against us?

Since the beginning of AI, there have been speculations and conspiracy predictions that the technology will soon overtake the human race. While I believe that is nowhere near possible at this stage, it is possible we'll see the AI bubble burst in 2019 as cybercriminals utilize AI for their own purposes and even attack AI systems directly.

I've seen that AI and machine learning are becoming more instrumental in the cybersecurity toolkit and, by default, to the cybercriminal. Machine learning holds great promise in keeping the enterprise safe, especially considering that Willis Towers Watson estimated in its 2017 report, The Future Of Financial Services, that nearly two-thirds of cyber breaches are due to employee negligence or malfeasance. One high-profile example was the Equifax data breach in 2017 that compromised the data of more than 147 million customers and was ultimately blamed on the oversight of the company, starting with its decision not to patch a known software vulnerability.

It can be unsettling, but trying to control human error across massive global organizations (or even the smallest of businesses) is the equivalent of nailing jello to a tree. Cybercriminals know it, too. It’s not just worker negligence -- it’s also the threat of multiple devices sharing a network, human propensity to open phishing emails and a host of other concerns. While machine learning can be a stopgap measure in preventing human error, it is not failsafe.

Another concern is that as machine learning evolves, it seems to grow more user-friendly and -- more importantly -- cheaper to access. This has likely increased its popularity among cybercriminals. The decreasing cost of computing power -- which I predict will further decline as cryptocurrency mining slows -- as well as the ubiquity of free, off-the-shelf machine learning tools and easy access to vast amounts of threat data, could make for a perfect storm to harness the power of machine learning and turn it against us. The democratization of machine learning is a double-edged sword that could help both sides in equal measure.

We increasingly rely on AI algorithms to make critical decisions in our lives: what stocks to trade, what medical treatments to administer, who should be granted a loan and even what commands to issue to our car’s steering and powertrain. Influencing an algorithm’s decisions is a potentially powerful and hard-to-detect way to carry out financially-motivated cybercrime or more insidious cyberwarfare and espionage activities.

While it can seem AI and machine learning technologies cause more hassle than they are worth, experience tells me this is certainly not the case. It simply requires due diligence on the part of the organization to create multiple layers of protection to ensure attackers can't easily infiltrate or take advantage of human error. It also helps to customize open algorithms or use a diverse set of algorithms so that if one is attacked, the others can spot the anomalies. 

Can your service provider protect you?

I've seen that communication service providers (CSPs) and internet service providers (ISPs) are facing competition in every aspect of their business, and differentiated services may be key to customer monetization and retention. This is why I consider the IoT market a high-growth area for service providers who need value-added extensions to grow ARPU and differentiate competitively.

Security is critical for enabling these new services and driving customer adoption. CSPs are largely seen as trustworthy when it comes to protecting the user. As the notion of an end-to-end smart home proliferates, consumers may be looking for help from their service providers in keeping it secure.

CSPs alone cannot stop the proliferation of bad actors across the cyber landscape. I believe major changes on the horizon, including eSIM and 5G, will translate to an explosion of IoT-enabled environments -- everywhere from the home and office to city parks and automobiles on the road. This will require the diligence of everyone involved, from product designers and device manufacturers to CSPs, ISPs and those who manage IT departments and connectivity, and on down to each individual user.

Source: https://www.forbes.com/sites/forbestechcouncil/2019/01/30/three-trends-that-could-keep-cybersecurity-on-its-toes-in-2019/#243858dc7e4e