Cybersecurity Predictions 2022: mid-year review

Every year we collate the predictions of our researchers, scientists and engineers.  We anticipate changes in the threat landscape, trends in engineering adoption, upcoming regulatory and compliance factors and other influences that will touch on you when operating in today’s concern environs.

In November 2018 we announced our 2019 Cybersecurity Predictions so at this mid-year indicate nosotros thought it plumbing equipment to review the central issues of the year so far.

The predominant theme of the 2019 Forcepoint Cybersecurity Predictions Report was that of trust.  Trust underpins relationships; relationships between employer and employee, business and client, business and investors, and inside a supply chain.  Cyber-attacks (whether malicious or accidental) can erode trust and result in loss of income, lost market value, loss of reputation, regulatory fines (estimates show figures of 100 GDPR fines and 60,000 breach reports across Europe) and loss of customers.  It is no surprise that the Globe Economic Forum’due south Global Risks Perception Survey 2019 listed cyber-attacks in the loftier-impact, high-likelihood quadrant.

Our 2019 Predictions reflected on the trust we place in people, process and technology. What follows is a summary of the primal issues that accept marked 2019 then far.

Our Prediction: “Industry-wide ‘security trust ratings’ will sally as organizations seek assurances that partners and supply chains are trusted partners.”

Equally consumers we are used to checking our credit score which financial institutions utilise to determine our suitably for credit cards, loans and mortgages.  This allows those institutions to manage take a chance and predict a desired result – in this case that nosotros will pay dorsum the loan.  In the cybersecurity realm there are now ways that you lot tin larn cybersecurity ratings/scores derived from numerous factors to signal how secure any given organisation is and how likely they are to successfully protect your data. Any breached company would see their score impacted (negatively) subsequently a breach.

2019 has seen adoption of such ratings at a government level.  In January 2019 the United kingdom of great britain and northern ireland regime ranked the cybersecurity measures of United kingdom of great britain and northern ireland councils on a RAG scale.  In Oct 2018 the United states of america Bedchamber of Commerce released the first national cybersecurity cess called the “Assessment of Business Cybersecurity” (ABC).  Both systems aim to place areas of risk and potential improvement.

In May 2019 Equifax saw their outlook downgraded – the first fourth dimension that an outlook has been downgraded citing cybersecurity bug every bit a named factor.  Confidence and trust in an organisation’southward cybersecurity posture volition continue to take significant influence in the stock marketplace.

To help build confidence in the trust you place in cloud providers the Deject Security Brotherhood’s STAR Registry is a go-to source to assess your cloud providers.  Forcepoint’s entry is here: https://cloudsecurityalliance.org/star/registry/forcepoint-llc/

Our Prediction: “Attackers volition disrupt Industrial Cyberspace of Things (IIoT) devices using vulnerabilities in cloud infrastructure and hardware.”

Our prediction arose from an evolution of our previous predictions.  In our 2015 Predictions nosotros spoke of attacks against connected devices, in 2018 attacks confronting communication between devices and for 2019 attacks on the deject infrastructure underpinning IIoT systems.

In March 2019 US Senators introduced the “IoT Cybersecurity Improvement Act of 2019” to the The states Senate and House of Representatives.  The stated goal of the Act is to “leverage Federal Authorities procurement power to encourage increased cybersecurity for Internet of Things devices, and for other purposes”.  Such initiatives tin help promote cybersecurity and encourage manufactures to build in “security-by-design” to better improve systems no matter if implemented in a consumer, industrial or CI environment.

The OWASP Internet of Things (IoT) Project Meridian 10 for 2018 was released in December 2018, an update from their 2014 list.  OWASP provide a consolidated listing of risks, threats & vulnerabilities applicable to developers, enterprises and consumers alike.  OWASP positioned “weak, guessable or hard-coded passwords” as the top outcome affecting IoT systems.  Many of the problems listed are applicable to the ICS/IIoT space, especially every bit existing poorly secured devices are introduced into IIOT environments.  #iii of the Top ten relates most closely to our prediction, with the remaining nine highlighting the depression bar that an assailant must overcome to penetrate such systems.

The first one-half of 2019 has shown the range of vulnerabilities in cloud systems and government’s want to ameliorate the situation for IOT specifically.

Our Prediction: “Hackers volition game end-user face recognition software, and organizations will respond with behavior-based systems.”

Using biometrics for hallmark is non new but has been popularised by telephone manufacturers and banks, amidst others.  Our prediction stemmed from the onset of using a scan of one’south facial features realising that attackers seek access to, and bypass of, hallmark systems in order to access the data behind that gate.

2019 has seen a backlash against facial recognition technologies citing privacy reasons with San Francisco, CA, Usa banning the use of facial recognition by regime departments while utilize of the technology by United kingdom of great britain and northern ireland constabulary enforcement has been challenged.  Nevertheless, with the (unwanted) attention brought to touch voice recognition systems and national biometric intelligence databases we shall go on to sentinel this space.  Our prediction essentially poses the question “If identification and hallmark methods can be abused what do we as defenders have to fall back on?”

Our Prediction: “There is no real AI in cybersecurity, nor any likelihood for it to develop in 2019.”

Our prediction may have raised eyebrows just information technology stems from our agreement of the adoption of the sub-fields of AI to the cybersecurity domain.  *General* AI in its truest sense has nonetheless to exist developed within whatsoever industry but motorcar learning (ML) and algorithms supported by man-experts most definitely have. See Stanford’south AI Index to see the global adoption of such technologies.

2019’southward acquisitions and IPOs of cybersecurity vendors using AI/ML demonstrate back up for the methods employed while other industries are closely looking at the impact that AI will have on their industry; the US-based FDA proposed a regulatory framework for AI-based software every bit used in medical devices.  In other industries we run across glitches acquired past AI used for software bug remediation and progress in automated generation of whole body images using AI.

Head of Forcepoint 10-Labs, Raffael Marty, presented on the topic of this prediction at the recent Ai4Cybersecurity briefing.  Do you lot agree with his points of view?

2020 Predictions

As the year unfolds other bug volition ascension to the fore.  Towards the terminate of this twelvemonth we will present a full review of the accuracy of our 2019 Cybersecurity Predictions.  At that time we will also release our Cybersecurity Predictions for 2020 so you know what to expect over the next few years; we are already thinking nearly those.

Carl Leonard

Primary Security Analyst

Carl Leonard is a Principal Security Analyst inside Forcepoint X-Labs. He is responsible for enhancing threat protection and threat monitoring technologies at Forcepoint, in collaboration with the company’due south global Labs teams. Focusing on protecting companies against the latest cyberattacks that…

Read more than articles past Carl Leonard

Source: https://www.forcepoint.com/blog/x-labs/cybersecurity-predictions-2019-mid-year-review

Check Also

Will Dogecoin Go Up In Value

Will Dogecoin Go Up In Value

On Dec. 6, 2013, Billy Markus and Jackson Palmer decided to combine their dearest of …