In our last post, we looked at the strategic cybersecurity trends we expect to see in 2019.
Now it’s time to concentrate on the technologies underpinning cybersecurity (and cyber attacks) and think about how they’re likely to evolve during the next year.
As always, the cybersecurity industry is replete with buzzwords and jargon, leaving many to wonder which technologies are truly about the takeoff, and which are no more than hype. In this post, we’re going to look at two of the four technologies we think are genuinely going to change the future of business and security.
So far, the Internet of Things (IoT) and Operational Technology (OT) have been a mixed blessing for organizations.
On one hand, Internet-connected devices and machinery have the potential to significantly improve efficiency in business and manufacturing processes. In 2019, we can expect to see greater integration of IoT and OT devices with the broader IT and security landscape, as organizations look to improve productivity. At a domestic level, we will no doubt also see IoT devices expand into more homes and cities.
However, as we’ve started to see, IoT and OT devices also have the potential to introduce significant weaknesses to otherwise secure networks. From hacking WiFi kettles in a lab to breaching a casino through its Internet-connected fish tank thermometer, smart devices and machinery have already been heavily exploited, and we’re anticipating the trend to continue in 2019.
The addition of large numbers of network-enabled devices — many with dubious in-built security — to already unwieldy corporate networks will cause difficulties for security professionals, who will need to develop a strategy for securing IoT and OT devices if they haven’t already.
In light of this, cybersecurity vendors are already hard at work developing systems to secure the modern workplace, and we’ll no doubt see more products coming to market in 2019 that have been designed with IoT and OT security in mind.
Finally, in terms of predictions, we’re anticipating at least one major IoT attack during 2019, along with further exploitation of IoT botnets. Since it has such a large attack surface, the manufacturing industry seems a likely target for this form of attack, which depending on motivation could even be perpetrated or sponsored by one of the six major nation-state actors — Most likely China or Russia.
Artificial Intelligence (AI) and Machine Learning (ML) have been widely touted in recent years as the future of technology. And for good reason. In the security world, AI and ML have a tremendous number of applications, including the identification of anomalous network activity, updating rule-based systems, and reducing false positives.
In 2019 we expect to see AI and ML increasingly being used by security vendors to enhance their product offerings, and by organizations to reduce the work burden of security personnel.
However, as valuable as AI and ML are to security initiatives, they also have plenty of “black hat” applications, such as using it to solve CAPTCHAS. Both criminal hackers and state cyber actors will inevitably utilize AI and ML techniques to enhance the sophistication of their campaigns, and we’d be very surprised if there isn’t at least one high profile case of these next-generation attacks in 2019.
Every year new technologies are developed that have the potential to revolutionize the way we live and work. For organizations, jumping on new technologies early can be hard to resist, as it promises an opportunity to pull ahead of close competitors.
But new technologies are never perfect, and problems arise time and time again when new technologies are adopted but security is only considered as an afterthought. Poor implementations of new technologies can be facile to compromise by those with enough motivation, so it’s important to ensure security personnel are involved at the earliest possible opportunity whenever new technologies are to be adopted.
In the third and final post in our 2019 cybersecurity trends mini-series, we’ll cover the two biggest buzzwords of the moment — blockchain and the cloud — and look at some of the advantages and concerns we expect to see from them in the coming months.
- Microsoft Type 1 Font Parsing Critical 0-Day Remote Code Execution Vulnerabilities - March 24, 2020
- Cybersecurity Concerns with COVID-19 - March 18, 2020
- Global Cybersecurity Outlook: Andre Kudelski at World Economic Forum - February 19, 2020