Unpredictions for 2020 in Cyber Security

The end of the year tradition of prediction is becoming a guessing game as the pace of innovation is increasing towards pure randomness. So I will stop pretending I know what is going to happen in 2020, and I want to write on areas that seem like the most unpredictable for 2020. Below you can find an honest review of my 2019 predictions.

2020 Unpredictions

5G – A much talked about topic in 2019 with billions poured on rollouts across the globe. However, it is still unclear what are the killer use-cases, which is usually one step before starting to think about threats, security concepts, and the supply chain of cybersecurity vendors meant to serve this future market. I think we will stay in this state of vagueness for at least the next three years.

Insurance for the Digital World – Even though a big part of our lives has shifted into the digital realm, the insurance world is still observing, and hesitatingly testing the waters with small initiatives. It is unclear how insurance will immerse into digital life, and cyber insurance is one example of such unpredictability. It seems like a room for lots of innovation beyond helping the behemoth to transform.

Cloud Security – 2018 and 2019 where glorious years for cloud security – it seems as if it is clear what the customers need, and the only thing left for the vendors is to get the work done. Cloud transformation, in general, is hiding a high complexity and a highly volatile transition of businesses and operations into the cloud. A process that will take another ten years at a minimum, and during that time, technologies/models and architectures will change many times. Since security is eventually attached to the shape this transformation takes, it will take some time until the right security concepts and paradigms will stabilize — much shuffling in the security vendors’ space before we see an established and directed industry. I believe the markets will meet this random realization in 2020.

Alternative Digital Worlds – It seems many countries are contemplating the creation of their own “internet” including countries such as Russia, China, and others, and the narrative is about reducing dependency on the “American” controlled internet. It is a big question involving human rights, progress, nationalism, trade, and the matter will remain unsolved as the forces at play seem to be here for the long haul.

2019 predictions review

IoT – I said IoT security is a big undefined problem, and it still is. I don’t see anything changing in 2020 even though IoT deployments have become more commonplace.

DevSecOps – I predicted 2019 would be the start of a purchasing spree for cloud DevOps related security startups, and I was spot on. The trend will continue into 2020 as the DevSecOps stack is emerging.

Chipsets – I predicted a flood of new chip designs beyond Intel and AMD, and with many security vulnerabilities disclosed. I was slightly right as there are many efforts to create new unique chipsets. However, the market is still stuck with the golden standard of Intel tilting a bit towards AMD product lines. I was dead wrong about the level of interest in researching vulnerabilities in chipsets, maybe because there is not much to do about them.

Small Business Security – I predicted small businesses would emerge as a serious target market for cybersecurity vendors. I was wrong as no one cares to sell to small companies as it does not correspond to the typical startup/VC playbook. Still optimistic.

AI in Cyber Security – I predicted that the hype in the endpoint AI security market would fade, and I was spot on – the hype is gone, and limitations became very clear. There is a growing shift from local AI in endpoints towards centralized security analytics. Pushed by Azure, CrowdStrike, and Palo Alto Networks with the narrative of collecting as much as possible data and running some magic algorithms to get the job done on the cloud – a new buzz that will meet reality much faster than the original hype of AI in endpoints.

AI in the Hands of Cyber Attackers – I predicted 2019 would be the year we will see the first large scale attack automated by AI. Well, that did not happen. There is a growing group of people talking about this, but there is no real evidence for such attacks. I am still a believer in weaponization using AI becoming the next big wave of cyber threats, but I guess it will take some more time. Maybe it is due to the fact it is still easy to achieve any goal by attackers with rather simplistic attacks due to weak security posture.

Data Privacy – I predicted it would be the year of awakening where everyone will understand the fact they “pay” for all the free services with their data. I was right about this one – everyone knows now what is the nature of the relationship they have with the big consumer tech companies, what they give, and what they get.

Elections & Democracy – I predicted that manipulations of elections via social networks would diminish the citizens’ trust in the democratic process across the globe. I was spot on – In Israel, for example, we are entering; unfortunately, the third round of elections and the confidence and trust is at all times low.

Tech Regulation – I wrongly expected regulation to be fast and innovative and that it would integrate with tech companies for tight oversight. I was optimistically wrong. I don’t see anything like that happening in the next five years!

The Emergence of Authentication Methods – I predicted the competition for the best authentication method would stay a mess with many alternatives, old and new, and no winner. I was right about this one. The situation will remain the same for the foreseeable future.

Supply Chain Attacks – I predicted supply chain attacks would become a big thing in 2019, and I was wrong about the magnitude of supply chain attacks even though they played a decent role in the mix of cyber threats in 2019.

 

Happy End of 2019 🥳🎉

My Ten Cyber Security Predictions for 2019

 

Well, 2018 is almost over and cyber threats are still here to keep us alert and ready for our continued roller coaster ride in 2019 as well.

So here are some of my predictions for the world of cybersecurity 2019:

IoT

IoT is slowly turning into reality and security becomes a growing concern in the afterthought fashion as always. This reality will not materialize into a new cohort of specialized vendors due to its highly fragmented nature. So, we are not set to see any serious IoT security industry emergence in 2019. Again. Maybe in 2020 or 2021.

Devops

Devops security had a serious wave of innovations in recent three years across different areas in the process as well as in the cloud and on-premise. 2019 may be the time for consolidation into full devops security suites to avoid vendor inflation and ease integration across the processes.

Chips

In 2019 we will see a flood of chipsets from Intel and AMD, Nvidia, Qualcomm, FPGAs and many other custom makers such as Facebook, Google, and others. Many new paradigms and concepts which have not been battle-tested yet from a security point of view. That will result in many new vulnerabilities uncovered. Also due to the reliance of chipsets on more software inside and of course due to the growing appetite of security researchers to uncover wildly popular and difficult to fix vulnerabilities.

Freelancers and Small Office

Professional and small businesses reliant on digital services will become a prime and highly vulnerable target for cyber attacks. The same businesses which find out it is very difficult to recover from an attack. There are already quite a few existing vendors and new ones flocking to save them and trend will intensify in 2019. The once feared highly fragmented market of small businesses will start being served with specialized solutions. Especially in light of the over competitiveness in the large enterprise cybersecurity arena.

Enterprise Endpoint Protection

The AI hype wave will come to realization and will be reduced back to its appropriate size in terms of capabilities and limitations. An understanding clarifying the need for a complete and most important effective protective solution which can be durable for at least 3-5 years. Commoditization of AV in mid to smaller businesses and consumers will take another step forward with the improvement of Windows Defender and its attractiveness as a highly integrated signature engine replacement which costs nothing.

AI Inside Cyber Attacks

We will see the first impactful and proliferated cyber attacks hitting the big news with AI inside and they will set new challenges for defense systems and paradigms.

Facebook, Google, Twitter…

Another year of deeper realization that much more data then we thought of is in the hands of these companies making us more vulnerable and that they are not immune to cyber threats like everyone else, compromising us eventually. We will also come to realize that services which use our data as the main tool to optimize their service are in conflict with protecting our privacy. And our aspiration for control is fruitless with the way these companies are built and the way their products are architectured. We will see more good intentions from the people operating these companies.

Brain Washing

As more elections will take place across the planet in different countries we will learn that the tactics used to bend the democracy in the US will be reused and applied in even less elegant ways, especially in non-english speaking languages. Diminishing the overall trust in the system and the democratic process of electing leadership.

Tech Regulation

Regulators and policymakers will eventually understand that in order to enforce regulation effectively on dynamic technological systems there is a need for a live technological system with AI inside on the regulator side. Humans can not cope with the speed of changes in products and the after effect approach of reacting to incidents when the damage is already done will not be sufficient anymore.

Authentication

2018 was the year of multitude authentication ideas and schemes coming in different flavors and 2019 will be another year of natural selection for the non-applicable ideas. Authentication will stay an open issue and may stay like that for a long time due to the dynamic nature of systems and interfaces. Having said that, many people really had enough with text passwords and 2fa.

The Year of Supply Chain Attacks

2018 was the year where supply chain attacks were successfully tested by attackers as a an approach and 2019 will be the year it will be taken into full scale. IT outsourcing will be a soft spot as their access and control over customers systems can provide a great launchpad to companies’ assets.

 

Let’s see how it plays out.

 

Happy Holidays and Safe 2019!

Will voice replace the touch interfaces on mobiles?

Siri apparently has started a revolution, at least public relations wise since voice activation has been around for quite a while but never seemed to be perfect. It seems people like to talk to her and she responds back. Few in the industry have written on the impact the new voice interaction paradigm might create – Gigaom discusses the potential loss of mobile ad revenues and Bloomberg reports on Siri doubling data volumes. Voice indeed seems as a killer interface at first glance since it is more natural to operate once it is working well. Of course, the tolerance for errors is much lower than in touch and it can really drive you mad but it seems that the technological conditions are set for a good working model.

Still, the question of whether we will only talk with our devices in the future and not touch them arise. Before touch we clicked on things and when touch has matured to a good working technology we embraced it without second thought. Old nokia phones (apologize to the ones who read it and still own one:) seem now almost “ancient” as the dial phones seemed to the ones who started using touch tone phones back in previous century. Voice indeed hides such a promise where we can blurb at our phones whatever we want and our wishes will be fullfilled automagically. Let’s list the cool use cases we might do with out phones if they were fully voice activated:

  • Deferred talks – actually you can talk to someone without him/her being on the other line and this “talk” will be transferred digitally as a textual message to the other side either immediately or based on some pre-condition, for example on birthdays.
  • Activating apps by voice – If apps had a voice-based interface then we could do anything we want just by voice. For example say: “Alarm, wake me up tomorrow 7 am, ok?”
  • Reply to incoming messages by voice without opening the device, reading the message, clicking reply, writing down the texts tediously and clicking send.
  • Operate the phone basic functionality – for example a cool “silent” shout on a ringing phone can be something really nice
  • Authentication by voice patterns
  • Unlocking the phone by voice – the common check up we do on phones where we open the lock screen and see the status of mails, tweets, Facebook and other data we have on the dashboard can be done with a single word like “What’s up?”

And on and on…

So it does look promising but will it replace touch? One of the inner attributes of touch interfaces and mouse based graphical interfaces is the ability to interact in two dimensions. Interacting in two dimensions creates the ability to have a direct access to available data and actions and voice due to its serial nature is limited in this respect. A difference like then that exists among using tape cassettes and CDs, no need to fast forward. This difference puts the voice-based interaction into a much more limited scope where it can not replace the rich experience created by the visual and touch interaction. Still, in one area I am sure it will be a welcome replacement and that is where we need to go into serial processes on the phone itself using our rich touch interface – for instance typing texts, I hate it, especially on touch phones, I got big fingers and I wish I could dictate it with a good accuracy. It does not have to be perfect since I got enough mistakes when I type with my touch keyboard so I have some tolerance. Maybe a combination of the two would make a perfect match. Another area would be  changing modes or states on the phone where the touch experience has limited value. For example unlocking the phone.

Another major fault of voice interaction is correcting errors and that is by-product of the serial vs. direct access interfaces. When you need to fix something said you get into a problem, like in real life with people:).

So what do you think, will voice make us all look back at touch interfaces as old and dirty?