To paraphrase the wise fictional character Ferris Bueller…the IT security world moves at a pretty fast pace. If you don’t stop and look around once in a while, you miss out on a business world rite of passage: 2020 predictions.
Below, nCipher’s CSO Pali Surdhar on what we might expect in 2020, as broken down by topic area.
Consumers will continue to demand a better user experience and ‘always on’ availability of their devices and applications, which will require them to give up even more PII data to applications and services. This will happen readily, despite the ongoing publicity around dubious business privacy practices. As software (or rather, APIs) continue to eat the world, security and securing software (especially embedded systems) will continue to prove challenging, leading to even more breaches. 2019 is proving to be a banner year for breaches, and there’s no reason to believe 2020 will be a positive exception to the rule.
The hype around blockchain will abate, as both consumers and businesses come to understand blockchain is not a financial panacea. Keeping blockchain technology secure still entails relying on security best practices, which include secure key management and correct use of cryptography. Concurrently, we’ll see a focus on quality over quantity: blockchain applications will become more meaningful due to a better understanding of the limitations of the system and where real benefits may be derived.
Supply Chain Security
Supply chain security and assurance will increasingly take the data security spotlight. As companies seek to cut costs and increase efficiencies by collaborating with multiple third-parties, their supply chains have become even more complex. Transparency is necessary for security, but the degrees of separation within a supply chain have made this goal even more unreachable.
The Skills Gap
Security professionals will be more difficult to recruit despite the huge interest and awareness around the importance of this role. This is because the focus on security is moving up the stack. Cloud deployments are becoming more attractive and embedded hardware less so. Security in the cloud requires a different model, and budding professionals are being taught high-level languages such as python. Unfortunately, they’re then missing out on the appreciation of processor architecture necessary when working with lower level languages and embedded systems.
AI and Machine Learning
In 2020, cyber criminals will leverage AI and machine learning (ML) to find exploits on systems – and it will lead to prolific and public data security breaches. AI and ML are powerful tools for data crunching – I expect that we will start to see the development of exploit tools that are based on AI and ML. We also know that AI and ML systems can be defeated or biased to give anomalous results. Additionally, most of the data being used for AI and ML is not normally under the control of a single body. There are multiple sources and owners, so preserving the integrity data used to train intelligent systems is not an easy problem to solve. Attackers can easily exploit this loophole.
A contrived example is that your Garmin collects your health data and your insurance company finds out that you have a heart murmur and decides to increase your insurance premium – so whoever controls the data can modify the outcome. The bottom line is that AI and ML are double-edged swords, and that reality will increasingly become apparent.