- The east-west 'cyber cold war' is set to intensify
- 5G and the IoT could make us all more vulnerable to cyberattack
- Businesses will start to rethink their approach to the cloud
The world is more connected than ever. We are becoming more technologically advanced, markets are stronger, and central technologies that encompass our daily actions are constantly emerging.
These technological advances are based on seamless connectivity. As our digital transformation continues, we continue to build a more cohesive and connected society. Our data is now shared and used by more platforms than ever – in the datacentre, on the cloud and event on internet of things (IoT) devices, for example - and this trend will only increase. But this huge benefit comes with a cost. The more connected we become, the more vulnerable our data is.
Have you read?
By looking at security developments over the past couple of years, it is possible to forecast what is likely to happen in the cyber landscape over the next 12 months. Forewarned is forearmed. These are what I believe will be the main trends of cybersecurity in 2020:
1) The ‘cyber cold war’ intensifies
A new cyber 'cold war' is taking place online as Western and Eastern powers increasingly separate their technologies and intelligence. The ongoing trade feud between the US and China, and the decoupling of these two huge economies, is a clear sign. Cyberattacks will increasingly be used as proxy conflicts between smaller countries, funded and enabled by larger nations looking to consolidate and extend their respective spheres of influence.
Furthermore, utilities and critical infrastructures continue to be a target of cyberattacks, as seen in attacks on US and South African utility companies this year. Nations will need to consider dramatically strengthening cyber defenses around their critical infrastructure.
What is the World Economic Forum doing on cybersecurity
The World Economic Forum Platform for Shaping the Future of Cybersecurity and Digital Trust aims to spearhead global cooperation and collective responses to growing cyber challenges, ultimately to harness and safeguard the full benefits of the Fourth Industrial Revolution. The platform seeks to deliver impact through facilitating the creation of security-by-design and security-by-default solutions across industry sectors, developing policy frameworks where needed; encouraging broader cooperative arrangements and shaping global governance; building communities to successfully tackle cyber challenges across the public and private sectors; and impacting agenda setting, to elevate some of the most pressing issues.
Platform activities focus on three main challenges:
Strengthening Global Cooperation for Digital Trust and Security - to increase global cooperation between the public and private sectors in addressing key challenges to security and trust posed by a digital landscape currently lacking effective cooperation at legal and policy levels, effective market incentives, and cooperation between stakeholders at the operational level across the ecosystem.Securing Future Digital Networks and Technology - to identify cybersecurity challenges and opportunities posed by new technologies and accelerate solutions and incentives to ensure digital trust in the Fourth Industrial Revolution.Building Skills and Capabilities for the Digital Future - to coordinate and promote initiatives to address the global deficit in professional skills, effective leadership and adequate capabilities in the cyber domain.
The platform is working on a number of ongoing activities to meet these challenges. Current initiatives include our successful work with a range of public- and private-sector partners to develop a clear and coherent cybersecurity vision for the electricity industry in the form of Board Principles for managing cyber risk in the electricity ecosystem and a complete framework, created in collaboration with the Forum’s investment community, enabling investors to assess the security preparedness of target companies, contributing to raising internal cybersecurity awareness.
For more information, please contact info@c4c-weforum.org.
2) The rise of artificial intelligence (AI)
The US elections in 2016 saw the beginning of AI-based propagation of fake news. Political campaigns devoted resources to creating special teams that orchestrated and spread false stories to undermine their opponents. As we prepare for major elections worldwide in 2020, we can expect to see these activities in full effect once again.
As AI continues to be used as a proxy for crime, it will also be used to accelerate security responses. Most security solutions are based on detection engines built on human-made logic, but keeping this up-to-date against the latest threats and across new technologies and devices is impossible to do manually. AI dramatically accelerates the identification of new threats and responses to them, helping to block attacks before they can spread widely. However, cybercriminals are also starting to take advantage of the same techniques to help them probe networks, find vulnerabilities and develop more evasive malware.
3) Our means of communication will become more weaponized
The notion that connectivity creates new combat landscapes is proven by the developing spheres of today’s and tomorrow’s cyberattacks. In the first half of 2019 we saw a 50% increase in mobile banking malware compared with last year, which means that our payment data, credentials and funds are handed over to cyberattackers in the innocent click of a button on our mobile devices. The attempts of cybercriminals to trick consumers to hand out their personal data through their most common means of communications will intensify and will range from email to SMS texting attacks, social media posts and gaming platforms. Whatever we use most frequently can become a more popular attack surface.
4) 5G development and adoption of IoT devices increase vulnerability
As 5G networks roll out, the use of connected IoT devices will accelerate dramatically, massively increasing networks’ vulnerability to large scale, multi-vector 5th generation cyberattacks. IoT devices and their connections to networks and clouds are still a weak link in security. This ever-growing volume of personal data will need securing against breaches and theft. We need a more holistic approach to IoT security, combining traditional and new controls to protect these ever-growing networks across all industry and business sectors.
5) Enterprises will rethink their cloud approach
Detection is no longer enough to ensure protection, and prevention is now the key to being secure.
Organizations already run a majority of their workloads in the cloud, but the level of understanding about security in the cloud remains low; in fact it is often an afterthought in cloud deployments. Security solutions need to evolve to new, flexible, cloud-based architectures that deliver scalable protection at speed.
Looking forward
Hardly a day goes by without a breach or cyber incident being reported. Attacks have become so damaging that the FBI has softened its stance on paying ransoms: the agency now acknowledges that in some cases, businesses may need to consider paying to protect shareholders, employees and customers. Through our ThreatCloud share intelligence technology we saw nearly 90 billion compromise attempts per day – compared with an estimated 6 billion daily searches on Google. These are new records which constantly being broken as time goes on, which means that the scope of victims is getting broader.
Understanding what is coming towards us will help us to better prepare. Some paradigms will need to shift. The enormous spread of technologies and solutions will force all of us to think about how to consolidate. In 2020 more than ever, cyberattacks are no longer a question of if, but of how and when. This is a concern that applies to us all.
