The cybersecurity issue has remained at the top of the list of priorities and concerns for individuals, companies, and governments in recent years. In 2020, the Olympic Games, American presidential elections, the expansion of connected devices and the 5G internet, in addition to the new data protection laws, are some of the events that will keep the cybersecurity topic on the spotlight and direct organizations’ actions and investments to mitigate risks in Information Security, considering the context of digital transformation.
In this context, we have prepared a list of issues that, in our view, may be linked to cybersecurity with the greatest impact on economies, governments, and society:
1 – Protection of IoT devices and edge computing
With the 5G internet, the number of connected devices will continue to expand, which will increase the surface for cyber attacks. Despite this, IoT implementations currently prioritize connectivity over security. Thus, the variety of devices (ranging from smartphones to connected refrigerators and toys) poses a challenge to the lack of standardization in relation to operating systems and hardware and network settings. In this case, the application of Zero Trust-associated concepts can help mitigate the risks related to IoT devices protection, which involves protecting not only the data but also the data traffic and access to the devices.
2 – Security at major events
Major events, such as the Japan Olympic Games and the World Expo in Dubai, will test the protection of connected devices to deliver the best user experience. In the case of the Olympic Games, these devices range from box office equipment to those for broadcasting the games. To get an idea, in 2019, the Japanese government scanned more than 200 million connected devices, such as routers, cameras, and home devices, to find possible vulnerabilities that could be exploited by malicious attackers.
3 – Systems and DevOps Integration
In a context of increased communication between different vendors, protecting these integrated systems (including legacy systems) will be a major challenge for cybersecurity leaders. Attacks involving insecure APIs will increase in 2020, which can result in the exposure of sensitive data from employees, customers, partners, and suppliers. In addition, with the evolution of the software development cycle, the concepts associated with DevOps will gain even more visibility and maturity within organizations, including the adoption of strategies such as microservices. Many development teams are already considering the security aspect of application development, involving behavioral profile, automatic policy generation and compliance tests for infrastructure as code. It is no coincidence that the term DevSecOps is already common, which consists of not only Development and Operation but also Security of applications.
4 – Data Protection Laws
In addition to the consolidation of GDPR in Europe, the use of LGPD in Brazil, CCPA in California and NY SHIELD in the state of New York will test the effectiveness of the sanctions provided for in these laws. Through pressure from businesses and congressmen, the United States is expected to begin debates on the creation of a federal data protection law. The Saudi Arabian Monetary Authority’s (SAMA) cybersecurity framework, in addition to GDPR’s extraterritorial impacts, have been pressuring countries in the Middle East to update their privacy laws. An example of this was the launch of the public call for a new data protection law, issued in June 2019, by the Dubai International Financial Centre Authority (DIFCA). Another important aspect that should be taken into account is the liability of third parties in the event of data leaks, especially in a scenario of exploitation by malicious attackers for greater integration through APIs.
5 – The Future of User Identity
The lack of proper management of credentials and passwords is usually a flawed aspect of Information Security, which will cause identity theft to continue to be the reason for most security incidents. With the growth in the adoption of cloud solutions, remote teams and the greater number of connected devices to improve team productivity, the number of identities associated with users will also tend to grow. The result is an increase in the attack surface and the related business risks.
6 – Cyber War
2020 proves to be a challenging year for governments around the world. With tensions rising – mainly between the United States, Russia, and Iran – agents linked to those countries will continue to focus on malware and ransomware attacks. It is worth to mention that the goal of these agents is not to obtain credit card data to sell on the Dark Web but to attack the critical infrastructure of their targets, such as nuclear power plants and telecommunications infrastructure. In addition, with the US presidential elections scheduled for 2020, an increase in cyber attacks is expected to confuse and affect voter confidence.
7 – Deepfakes
The issue of deepfakes is related to user identity. However, instead of stealing user credentials and passwords, deepfakes also allow one to steal your digital identities, such as biometrics and voice. This means that, for example, in a remote conference between individuals, it will no longer be possible to ensure that the people speaking are who others may think they are. Deepfakes have been changing the cybersecurity perspective and organizations must put any effort into creating new forms of validating the identity of users and thus mitigating the new associated business risks. Deepfakes can also be used to influence American elections by creating fake news.