“Did I eat nothing for dinner?”
Rubbing your eyes, opening up the fridge you wonder. Its 3 a.m. The hunger is excruciating. The bright light blinds you for a moment.
You see some spoilt milk, a pack of buns and some leftovers.
You ask, “Where is my [email protected] pack?”
“Sorry Jim, I forgot to order that for you.”
“Three times in a row?” You scratch your head. “Does a smart fridge even forget?”
“Ah! Thank GOD!!! Finally something.” You take that frozen dinner hidden behind the leftovers from last week as a gift directly from the heavens… and place it like royalty in the microwave. “Dinner time!” You smile…
“That was quick.” You check the screen…
“Jim! Please watch this video first to get back to microwaving your food. Thank you for your time.”
Un-skip able 3:00 min…
“WHAAT?!!! SPAMMERs?” …
2:55 min remaining….
Credits start rolling… and the movie begins… “Attack of the Mundane Machine.” Or does it?
Should I be wary of my fridge’s behavior?
This isn’t farfetched. Just like the talking smart fridge… we now have the smart microwave. Wait, what are we talking about, we even have robot kitchens. Complete with connectivity, and all the bells and whistles that it brings along with it.
We have entered an era which is defined by two very distinctive and polar opposite series of events.
- Hyper-fast paced technological evolution bringing invention and integration of smart devices into everyday lives – The good J
- The exploitation and threat of misuse, the very same connectivity brings to the smart device’s integrity and ability to perform – The bad L
Although smart devices generally make our lives easier, having them connected to the internet makes them open to threats we usually overlook.
Cyberattacks on software are nothing new; their roots go back to the times when modern computing started. However, the effects of these were usually felt exclusively by the corporate world alone. The common man had nothing to do with a computer. What would Bill do with an IBM worth $1,565 in the 1980s (almost $5,000 today)? It was as useless for him as a powerdrill8000 is for an accountant in a bank.
Computers were used mainly by corporations for engineering and calculation purposes. They were big, clunky, slow and boxy. Apple changed all that with the release of the Apple I and brought personal computing to our homes.
This was a result of the vision of the forefathers of computer technology. Otherwise, there wasn’t much need. The computer used for the flight to the moon was less powerful than the modern smartphone.
PCs were the first wave of change; the second, much bigger wave, a tsunami if you will, was brought by smartphones which helped open the doors for smart devices. Bringing the threat to the common man first, and then to his home, surrounding him altogether.
Technology follows the direction of money. Perhaps that is exactly why the technological advances came without much thought into how to secure them from misuse.
The fact that the problem was by design, due to the neglect of corporations, thinking it nothing more than a technical issue rather than a mix of training, behavior, strategy and technology, didn’t help much either.
This resulted in smart devices reaching to consumers with inherent flaws, inviting hackers to come and exploit them.
The gadget comes first, followed by the cyberattack and finally, the cybersecurity required stopping it, at the very end.
That’s why that the past few years, championed by advancements, are also filled by an alarmingly increased number of cyberattacks. The increase in cyberattacks isn’t the issue; it’s the magnitude of their success and the ground they covered.
In 2017/2018 alone, we’ve seen big corporations phished and private data leaked on not just one platform, but many. They’ve had private data sold and have seen nations altering the futures of other nations by… using Facebook (okay, that last one is still under investigation).
The need for better cybersecurity is more than ever. It is not just the job of IT personnel to secure the cyber landscape of the organization. It needs to be part of the strategy and planning from the get-go.
Incidents of the Past, Trends of the Future…
Whatever 2018 has thrown at us, we can expect that it only shows a glimpse of what awaits us in 2019. Usually, it is almost impossible to predict what the future brings, but believe us when we say that more is on the way.
We have done our research and we suspect that the following will be the cybersecurity trends affecting corporations, individuals and governments in 2019. Check them out below.
Starting off… from corporations:
Tech giants have had long enjoyed getting their way with making profits with the help of free user data and being careless about handling its integrity. The current year has found the most powerful executives facing public committees and the European Union’s GDPR (General Data Protection Regulation) being enforced.
As a result, an increasing number of corporations are expected to be taking regulations more seriously.
· Cloud-Based Security
As the demand increases in being compliant to regulations, the corporations will be looking towards cloud-based security. Cloud technologies were designed to be …
- And easily scalable
These are the very same reasons the corporations will be looking towards them to quickly equip them to face the coming threats—both from the security standpoint and from the penalties they may face from regulatory bodies.
These systems, to make them flexible and mobile, are made with open APIs. These can be accessed from anywhere by anyone who is part of the system. It also has the ability to make them switch on and off when and if required without being present at the site. This enables the cybersecurity teams to design custom strategies and apply them to different locations.
This will further help with the visibility to the security teams as cloud-based security provides visibility to remote security team about what is happening on a real-time basis.
Having the visibility on how the whole system is behaving, including the actors in it, will enable the cybersecurity teams to come up with intelligent automated responses to threats, giving rise to individualized AI-based security systems.
· Security by Design
Organizations will be looking to get secured from the get-go. It has now become clear that cybersecurity is a factor that will impact profits—so much so that it is becoming a selling point for big digital products. Although the post-Snowden era still has much to learn, it did help people understand that their data is private and corporations are doing a poor job at keeping it.
Cybersecurity is now part of the board meeting. It is no longer being taken as an after-thought. The bolt-on security approach will do no good. This is understandable across the board.
The impact of the change in the old way of doing things, product first and security later, will result in a seamless integration of cybersecurity into the product. This will in turn help in having products with a lot fewer loopholes to exploit, to begin with.
· Laser-Guided Spear Phishing
Corporations relying on wired transfers will be a big target of spear phishing. The old way of getting to know your target first from the outside is now changing into phishers getting access into the system first and then stay there learning about the interacting parties.
Once they have enough knowledge of the way people communicate, they strike at the ideal moment. Imagine a deal going on between two parties. At the final moment when an exchange of bank information is about to happen, the wire sender gets an email from the phisher, pretending to be the other party. The money is wired and lost into oblivion.
· AI: Our Very Own TARS or Skynet?
If there was an award for the rising star of the era, AI would be getting it, hands down. Tech giants’ experimentation with AI pet projects and their success has proven that AI is lightyears ahead in learning complex systems and applying different strategies, as compared to humans. The element of intuition, which was supposedly lacked at the machine end, is starting to be seen as less elusive.
Google, Apple and now Tesla have made AI-backed products mainstream.
(Alright, we know, owning a Tesla may not be mainstream, but let’s just say it is publically accepted and desired. The demand is mainstream.)
The cybersecurity is the latest area where its expertise will be put to use.
The ever-evolving attack patterns, the volume of attacks and behavioral changes have made this an ideal playground for AI.
Speed, adaptability and automation are the key factors organizations will be looking to employ AI-based cybersecurity. AI would be the TARS to these organizations.
Unfortunately, this will also mean that hackers will also see AI as their own ally and will use it to gain access and execute with speeds they could never have reached before.
The hackers had to first gain access to the system and then learn about the behavior patterns. AI will take the time component out of the equation, making it extremely robust.
The problem here is while defense may need to be successful every time, the attackers will only need to be successful once.
This will thus be a war between the quality and speed of intelligence.
The data leaks, huge botnet attacks, data manipulation and the controversial election campaigns run in the recent past has made one thing clear; the all-powerful corporations dropped the ball and it is not them who are solely responsible. State institutions must take responsibility. The coming year will see the trend of states stepping forward in a more active role.
· Policies and Regulations
GDPR, being the talk of the town for the most part of the past few years, failed to deliver when it was enforced this year. No fines in sight… yet. “Yet” is the keyword here.
2019 is expected to change that with huge penalties being imposed on tech giants to set an example. Such penalties are expected to have a trickle-down effect on the rest of the industry, forcing them into following regulations.
The governments around the world will likely take lead from the E.U., with the U.S. introducing policies and regulations that hold companies accountable for breach of privacy of user data.
Whether GDPR and the new CCPA (California Consumer Privacy Act) in the U.S. bring about expected punishment in future (CCPA will be effective from 2020) it will, however, set a precedent to follow.
Regardless, the governments have started taking actions at the very least … and the trend will most likely continue.
· State-Level Cybersecurity and Cyber-Warfare Rules
The fears of cyberattacks done on a national scale will be turning into reality.
State monitoring individuals is already a reality; surveillance to control individual opinion is likely the next step. Signs of these have been witnessed in the latest U.S. elections, Brexit and in the callous and barbaric Jamal Khashoggi incident.
This means two things:
- States are looking to equip themselves to counter foreign attacks, which means …
- Eventually, states engaging in cyber-warfare.
As history suggests, every war comes at a huge price. It is only later that nations paying this price understood the importance of basic ethics. The cyber-warfare is on, without any rules, for now. Before any catastrophic failure happens, it is expected that nations will sit down and set out a guideline, not much different from the Geneva Conventions for war crimes.
Just like there are nations engaged in wars and war crimes, and expect to get away with it, it is likely that some nations, in their air of superiority, will overlook the cyber-warfare rules as well. This is where a united group will be effective, to single out others who do not follow the code of conduct.
· Training and Education
Cybersecurity practices have roots in behavioral sciences. It is the behavior we have developed over time from younger years to later ones that make us vulnerable to attacks. Cybersecurity practices, as the name suggests, involves a combination of safety-minded behaviors.
It is best that the training for these starts at an early age. Although when logic dictates that a child should avoid certain practices, intellectual development demands curiosity and the approach of trial and error.
Here lies the dilemma.
Institutions would most likely choose the safer route of moving towards training. Curiosity, however, would be encouraged nonetheless.
Children of today are more tech-savvy than their predecessors. This is because of the advanced technological environment they live in and their freedom of its use. The same can be said about the past, and it’s the very same reason that technology has been on a path of exponential growth.
The training would thus be a more of a guideline in helping develop better habits generally rather than for cybersecurity for children’s part. Exploration will be encouraged. It is the adult population that will be the main target for training.
The space made initially by neglect and the newfound focus towards cybersecurity has left people at the receiving end and also now in a position to make an impact on their own.
· IoT and Hyper-Connectivity
Up until now, we have already witness IoT devices used for purposes they were not initially intended for. Imagine a security camera being deployed for safety purposes, now being used by hackers to monitor people.
It is not such an uncommon sight. The promise of bringing an advanced future quickly made manufacturers develop IoT devices without thinking about the security aspect fully. By the time cybersecurity became important for organizations, there were already a huge number of them out in the market. Your fridge was already mining cryptocurrencies for others while you were happily expecting it to order your meals on time.
This trend will not be stopping any time soon. As a matter of fact, with the arrival of 5G, things will get even more complicated.
Our current devices are not 5G compliant. However, once there is a 5G network available and a 5G device at your end, they will connect directly. As the number of devices increases so does your loss of hold over their usage as you will have limited visibility because of the lack of a central router.
The fast speed of 5G networks will also change the dynamics of cyberattacks. Expect new strategies, architectures and models employed by hackers.
IoT devices without a design where security is a key element will only become more and more vulnerable over time and one day you will find yourself hostage to your microwave, or perhaps held at gunpoint by a drone you expected to bring you lunch.
· Masters of the Cyber-Universe
The expected huge shift towards cybersecurity by organizations, institutions and other large entities means one thing. There will be a huge demand for security professionals. Not only that, but the focus for the current cybersecurity teams will shift from a singular dimension of devising security plans to a multidimensional one, involving designing the product as well.
No longer will they be asked to bring a security plan to implement at the end. They will need to be involved in the design of the product as early as the planning stage.
Considering this, the current skill set seems lacking.
The fact that there will be an ever-increasing number of IoT devices, smart devices and plain old connected devices means that there will be a massive ground to cover for the experts.
Expert knowledge and insight would be required by people who would…
- Devise policies and regulations for companies to follow.
- Design the security aspect of products while they’re in the design phase.
- Design, fix or run the network these devices will be using.
The human resource and the skill set both will be in high demand.
Expect things to go in the right direction provided if the right kind of people are in the right place. People who understand technology and its implications on social and economic aspects, making the right policies, will prove to be the deciding factor.
From organizations getting serious to states becoming responsible, it will come down to the individuals. They will decide the future direction of cybersecurity trends with their individual skills and effort, collectively.