Specific Criticism of CVSS4
Marc Ruef
As we do every year, we are once again publishing a forecast at the end of 2018 for the coming year, 2019. Here are the topics we expect to become most relevant or which will continue to evolve:
We have seen the advent of cyber insurance policies in recent years, and this year many customers considered purchasing them. During discussions with the relevant insurance companies, we were repeatedly reminded that people are still very uncertain about the likelihood of incidents and their potential impact. The policies offered by many insurance companies contain very vague language or exclude specific types of damage (e.g. ransom payments), and this will lead to disputes in the future. We are sure to see the first major security incidents involving claims for which the parties will try to rely entirely or to a large extent on cyber insurance policies.
So far, there have been no major consequences of the EU General Data Protection Regulation – apart from all the hectic preparations. So it is only a matter of time before we see the first major cases of sanctions and fines. These could be targeted chiefly at large non-European companies as a strategy for gaining an economic and political advantage through the GDPR. The viability of these unilateral sanctions is controversial, and rightly so.
Talk about ransomware reached a fever pitch in the media last year with the wave of WannaCry attacks. Digitalization and networking will, however, make larger and more basic IoT devices especially susceptible to such attacks. Smart TVs will be the most lucrative targets by far. Taking it a step further, more basic elements like smart homes (heating/air conditioning systems) as well as Internet-connected vehicles will become risk factors. Targets that can affect entire ranges of products could be a potential jackpot for cyber criminals, who are already preparing attacks and doing so with professional zeal.
Over the past two years Siri, Cortana, and Alexa have made their big social debuts thanks to artificial intelligence. The general public is starting to take notice of the possibilities they offer and accept them. AI is therefore going to become a fundamental driver of technology that will significantly transform, or at least leave its mark on, various aspects of modern society. This includes systematic analysis (e.g. images, court records, securities) and even automated decision making (e.g. travel bans, court judgments). We can, for instance, expect to see a large increase in commercial services for Amazon Alexa (e.g. banking, insurance, shopping). As a society, we need to be conscientious and constantly scrutinize these technologies and strive for maximum transparency.
Deepfakes allow automated face-swapping in pictures and videos. So far, the technology has not become widespread and has been used only in an experimental context. If we want delve deeper into the problem of fake news, we see that deepfakes offer juicy prospects for political mudslinging. Meanwhile, the film industry wants to test out new possibilities that would allow for more dynamic casting. The viewer could pick out their preferred actor and experience a “customized” story.
In the last two years, products such as PlayStation VR, HTC Vive and Oculus Rift have entered an important developmental stage in the quest for societal acceptance of VR. Better resolutions and faster response times have greatly improved the immersion factor. Further developments in the field (we can expect to see a direct integration of PSVR in the next PlayStation generation) may open up new opportunities and markets. There are now almost 500 games available for PSVR, which clearly indicates that Sony believes in the technology and its business viability. And in the field of psychology, VR is increasingly becoming a complementary or substitute form of therapy.
The pressure on social networks in general and certain providers in particular continues to grow. The case of Cambridge Analytica has weighed heavily on Facebook. Users are beginning to grasp that they are trapped in filter bubbles created by algorithms and that these products are part of the problem. Users are increasingly seeing their dependency on visibility in social networks as a risk, which is why many of them are turning their backs on the well-established networks. It is unlikely that people will go back to privately hosted services altogether – the loss of networking potential is much too great for that. What we can expect to see, however, is enormous market shifts that will create new targets and possibilities for attacks.
Apple has shown how its own platform can inspire users thanks to a comprehensive ecosystem. Other makers have followed suit, and it is the smaller solutions in particular that have contributed to a somewhat chaotic fragmentation of the market. Although this trend will continue to evolve due to the business interests in play, paradoxically we are seeing an opening of the individual ecosystems. For example, Apple Music will soon be available for Amazon Alexa – something that would have been unthinkable not long ago. Whether Apple hopes to compensate for declining iPhone and iPad sales remains to be seen. This opening, linking and intermixing of ecosystems could create a new market dynamic. And in some cases, it will be a matter of survival (e.g. SiriKit must become more open to compete with Alexa).
Our experts will get in contact with you!
Marc Ruef
Marc Ruef
Marc Ruef
Marc Ruef
Our experts will get in contact with you!