New Year Prognostications: A Perennial Guide for the Perplexed
Centuries ago Maimonides wrote his “Guide for the Perplexed” intended to aid those bewildered by forces then churning in their environment. It, like all such subsequent guides, proved outdated, leaving its adherents dazed and confused. It wasn’t until the arrival of AI’s predictive power that we’ve seen the arrival of what may prove to be the foundation of a Perennial Guide for the Perplexed, capable of weathering the vestiges of time. Were every prophetic statement made over the years about 2020 to hold true, the coming year would portend events likely to transform the very definition of humanity. Most of these predictions still exist only in the imaginative corners of our minds, decades or centuries away from fruition.
2020 does, however, herald at least a few major shifts that will transform cybersecurity. These changes will be the culmination of several trends already familiar to astute cybersecurity watchers.
Crimeware-as-a-Service [CaaS] Increases Ransomware Attacks
Everything-as-a-Service is the defining characteristic of our current corporate landscape. Perhaps it is inevitable that the concept would eventually spread to the Internet’s darkest corners. Today, skilled hackers sell their services to networks of malicious actors, enabling the specialization of services just as it occurs in the business world. Given the profits of cyberattacks, the increasing sophistication of cybercriminals comes as no surprise. Unfortunately, CaaS will accelerate in 2020 as connectivity and new technologies expand the attack surface. In particular, Ransomware-as-a-Service (RaaS) is likely to proliferate and will continue to target communities and government agencies. The diverse nature of ransomware responses — some opt to pay while others seek to regain access — in addition to the legacy nature of government data systems, means the RaaS wave is still cresting and unlikely to break in 2020.
AI Tech Augments Employees And Simplifies Cybersecurity
Often, the publicity surrounding AI outstrips its real-world value. Recently, AI has show hints of the transformational impact it can have. In 2020, it will continue this ascent as companies grow tired of the growing number of security controls that increase complexity and lead to well-intentioned, yet risky employee workarounds. To mitigate the risk of human error, AI will simplify security protocols and limit the impact of social engineering attacks. Rather than seeing this as an indictment of human capabilities, we will understand that AI is not a replacement for humans but an addition to our formidable, distinctly human skillset.
The Facial Recognition Debate
Concerns about facial recognition are blossoming, with some cities already instituting misguided bans on its usage by police and other government agencies. These bans are symptomatic of broader privacy concerns but represent a knee-jerk reaction driven by the lack of nuance in conversations regarding facial recognition. As is typical, worst-and-best case scenarios are presented as facts, when reality is likely somewhere in the middle ground. So, while unfettered use of facial recognition can and is being used in some authoritarian countries, a more measured approach should characterize its utilization in democratic nations. As with other new technologies like AI and autonomous vehicles, thoughtful dialogue is needed.
Mobile Cybersecurity Becomes a Major Concern for Organizations
Recent research from BlackBerry Cylance found that state-sponsored Advanced Persistent Threat groups, from usual culprits like China, North Korea and Iran, are exploiting mobile devices with impunity to surveil people of interest, traditional foreign intelligence and economic espionage targets. Awareness of mobile threats is growing, and in 2020, expect to see significant investment from enterprise and government leaders in mobile threat detection and response.