What are the top seven cybersecurity trends to be aware of in 2020? 

TÜV Rheinland  released its seventh annual report on Cybersecurity Trends for 2020. The report is a collaboration between many cybersecurity experts globally, and discusses seven key cybersecurity trends which will be important to be aware of in 2020. These include attacks on smart supply chains, threats to medical equipment and weaknesses in real-time operating systems.

"From our point of view, it is particularly serious that cybercrime is increasingly affecting our personal security and the stability of society as a whole," explains Petr Láhner, Business Executive Vice President for the business stream Industry Service & Cybersecurity at TÜV Rheinland. "One of the reasons for this is that digital systems are finding their way into more and more areas of our daily lives. Digitalization offers many advantages - but it is important that these systems and thus the people are safe from attacks."

TÜV Rheinland cybersecurity researchers and experts say the top seven cybersecurity trends to be aware of in 2020 are:

1. Uncontrolled access to personal data carries the risk of destabilizing the digital society

According to TÜV Rheinland, in 2017, Frenchwoman Judith Duportail asked a dating app company to send her any personal information they had about her. In response, she received an 800-page document containing her Facebook likes and dislikes, the age of the men she had expressed interest in, and every single online conversation she had had with all 870 matching contacts since 2013, says the company. "The fact that Judith Duportail received so much personal data after several years of using a single app underscores the fact that data protection is now very challenging. In addition, this example shows how little transparency there is about securing and processing data that can be used to gain an accurate picture of an individual's interests and behavior," notes the report. 

2. Smart consumer devices are spreading faster than they can be secured

The number and performance of individual "smart" devices is increasing every year, making them a very attractive target for cyber criminals, says the report. With the proliferation of smart devices, the attack surface could quickly increase hundreds or thousands of times, TÜV Rheinland says.

3. The trend towards owning a medical device increases the risk of an Internet health crisis

Over the past ten years, personal medical devices such as insulin pumps, heart and glucose monitors, defibrillators and pacemakers have been connected to the Internet as part of the "Internet of Medical Things" (IoMT), the report notes. At the same time, researchers have identified a growing number of software vulnerabilities and demonstrated the feasibility of attacks on these products, which can lead to targeted attacks on both individuals and entire product classes, notes the organization. 

4. Vehicles and transport infrastructure are new targets for cyberattacks

Through the development of software and hardware platforms, vehicles and transport infrastructure are increasingly connected. The disadvantage is the increasing number of vulnerabilities that attackers could exploit – broad cyberattacks targeting transport could affect not only the safety of individual road users, but could also lead to widespread disruption of traffic and urban safety, says TÜV Rheinland. 

5. Hackers target smart supply chains and make them “dumb”

With the goal of greater efficiency and lower costs, smart supply chains leverage Internet of Things (IoT) automation, robotics and big data management – smart supply chains increasingly represent virtual warehousing, or any place where a product or its components can be located at any time, says the organization. Nevertheless, smart supply chains are dynamic and efficient, but are also prone to cyberattacks. 

6. Threats to shipping are no longer just a theoretical threat but a reality

Many aspects to shipping can be vulnerable to attack, such as ship navigation, port logistics and ship computer network. There is ample evidence that states and activist groups are experimenting with direct attacks on ship navigation systems and attacks on the computer networks of ships used to extort ransom have been reported, says the report. 

7. Vulnerabilities in real-time operating systems could herald the end of the patch age

In 2019, Armis Labs discovered eleven serious vulnerabilities (called "Urgent/11") in the real-time operating system (RTOS) Wind River VxWorks, says the report. Six of these flaws exposed an estimated 200 million IoT devices to the risk of remote code execution (RCE) attacks. This level of weakness is a major challenge as it is often deeply hidden in a large number of products and organizations may not even notice that these vulnerabilities exist. In view of this, the procedure of always installing the latest security updates will no longer be effective, predicts the report.