scip Cybersecurity Forecast – Predictions for 2019

scip Cybersecurity Forecast

Predictions for 2019

Marc Ruef
by Marc Ruef
time to read: 6 minutes

As we do every year, we are once again publishing a forecast at the end of 2018 for the coming year, 2019. Here are the topics we expect to become most relevant or which will continue to evolve:

Insurances with first Major Cyber Claims

We have seen the advent of cyber insurance policies in recent years, and this year many customers considered purchasing them. During discussions with the relevant insurance companies, we were repeatedly reminded that people are still very uncertain about the likelihood of incidents and their potential impact. The policies offered by many insurance companies contain very vague language or exclude specific types of damage (e.g. ransom payments), and this will lead to disputes in the future. We are sure to see the first major security incidents involving claims for which the parties will try to rely entirely or to a large extent on cyber insurance policies.

EU GDPR and its Consequences

So far, there have been no major consequences of the EU General Data Protection Regulation – apart from all the hectic preparations. So it is only a matter of time before we see the first major cases of sanctions and fines. These could be targeted chiefly at large non-European companies as a strategy for gaining an economic and political advantage through the GDPR. The viability of these unilateral sanctions is controversial, and rightly so.

Central IoT Devices with serious Ransomware

Talk about ransomware reached a fever pitch in the media last year with the wave of WannaCry attacks. Digitalization and networking will, however, make larger and more basic IoT devices especially susceptible to such attacks. Smart TVs will be the most lucrative targets by far. Taking it a step further, more basic elements like smart homes (heating/air conditioning systems) as well as Internet-connected vehicles will become risk factors. Targets that can affect entire ranges of products could be a potential jackpot for cyber criminals, who are already preparing attacks and doing so with professional zeal.

AI as the Tech Driver

Over the past two years Siri, Cortana, and Alexa have made their big social debuts thanks to artificial intelligence. The general public is starting to take notice of the possibilities they offer and accept them. AI is therefore going to become a fundamental driver of technology that will significantly transform, or at least leave its mark on, various aspects of modern society. This includes systematic analysis (e.g. images, court records, securities) and even automated decision making (e.g. travel bans, court judgments). We can, for instance, expect to see a large increase in commercial services for Amazon Alexa (e.g. banking, insurance, shopping). As a society, we need to be conscientious and constantly scrutinize these technologies and strive for maximum transparency.

Deepfakes for Commercial and Political Gain

Deepfakes allow automated face-swapping in pictures and videos. So far, the technology has not become widespread and has been used only in an experimental context. If we want delve deeper into the problem of fake news, we see that deepfakes offer juicy prospects for political mudslinging. Meanwhile, the film industry wants to test out new possibilities that would allow for more dynamic casting. The viewer could pick out their preferred actor and experience a “customized” story.

Virtual Reality as a new Social Form

In the last two years, products such as PlayStation VR, HTC Vive and Oculus Rift have entered an important developmental stage in the quest for societal acceptance of VR. Better resolutions and faster response times have greatly improved the immersion factor. Further developments in the field (we can expect to see a direct integration of PSVR in the next PlayStation generation) may open up new opportunities and markets. There are now almost 500 games available for PSVR, which clearly indicates that Sony believes in the technology and its business viability. And in the field of psychology, VR is increasingly becoming a complementary or substitute form of therapy.

Social Networks experience Shifts

The pressure on social networks in general and certain providers in particular continues to grow. The case of Cambridge Analytica has weighed heavily on Facebook. Users are beginning to grasp that they are trapped in filter bubbles created by algorithms and that these products are part of the problem. Users are increasingly seeing their dependency on visibility in social networks as a risk, which is why many of them are turning their backs on the well-established networks. It is unlikely that people will go back to privately hosted services altogether – the loss of networking potential is much too great for that. What we can expect to see, however, is enormous market shifts that will create new targets and possibilities for attacks.

Ecosystems experience Fragmentation and less Insularity

Apple has shown how its own platform can inspire users thanks to a comprehensive ecosystem. Other makers have followed suit, and it is the smaller solutions in particular that have contributed to a somewhat chaotic fragmentation of the market. Although this trend will continue to evolve due to the business interests in play, paradoxically we are seeing an opening of the individual ecosystems. For example, Apple Music will soon be available for Amazon Alexa – something that would have been unthinkable not long ago. Whether Apple hopes to compensate for declining iPhone and iPad sales remains to be seen. This opening, linking and intermixing of ecosystems could create a new market dynamic. And in some cases, it will be a matter of survival (e.g. SiriKit must become more open to compete with Alexa).

About the Author

Marc Ruef

Marc Ruef has been working in information security since the late 1990s. He is well-known for his many publications and books. The last one called The Art of Penetration Testing is discussing security testing in detail. He is a lecturer at several faculties, like ETH, HWZ, HSLU and IKF. (ORCID 0000-0002-1328-6357)

Links

You want to evaluate or develop an AI?

Our experts will get in contact with you!

×
Specific Criticism of CVSS4

Specific Criticism of CVSS4

Marc Ruef

scip Cybersecurity Forecast

scip Cybersecurity Forecast

Marc Ruef

Voice Authentication

Voice Authentication

Marc Ruef

Bug Bounty

Bug Bounty

Marc Ruef

You want more?

Further articles available here

You need support in such a project?

Our experts will get in contact with you!

You want more?

Further articles available here