A look into the future
'The Winter of AI' and other cyber predictions
Artificial intelligence isn’t coming to save us. At least not in cybersecurity, and at least not right away.
Cloud breaches will bring computerized industrial systems to a screeching halt. Hackers will figure out how to fool face-recognition software. An insider threat case will play out in civil court. International IP theft and cyber espionage will rise. Businesses will use “edge computing” to improve user privacy, and industry-wide security ratings will do for commerce what Zagat did for restaurants
Those are the predictions for 2019 in a new report from Forcepoint, a commercial cybersecurity company jointly owned by Raytheon. Experts from both companies will hold a webinar Dec. 11 to discuss the report, which makes predictions in seven areas:
Artificial intelligence: The buzz on AI-enabled cybersecurity has far outpaced the reality, writes Raffael Marty, the company's vice president of research and intelligence. Companies are buying in without understanding the risks, AI startups are hiding how reliant on humans their products are, and venture capitalists could cut off funding at any minute. Meanwhile, attackers have made AI the “gold standard” in hacking efficiency, he writes, pointing to their use of bots to write especially effective spearphishing emails.
"Everybody has this idea that artificial intelligence is going to solve all our cybersecurity problems ... it's probably not going to happen,” Marty said. “We'll have more smart algorithms that are going to help us look through the data and help us advance cybersecurity for sure, but it's not going to be the be-all, end-all algorithm or solution that just magically solves all of our security problems."
The Industrial Internet of Things: Attackers will breach the cloud computing infrastructure that underpins industrial control systems, writes George Kamis, Forcepoint’s chief technology officer for global governments and critical infrastructure. That would put manufacturing, energy production and other vital sectors at risk.
“While attacks on consumer IoT are prevalent, the possibility of disruption in manufacturing and similar industries makes the threat all the more serious,” Kamis writes.
Fooling facial recognition: Mainstream use of biometric authentication means attackers now have a vested interest in finding ways to defeat it – and history tells us they’ll do just that, writes Nico Fischbach, Forcepoint’s global chief technology officer. Behavioral biometrics – like how people hold their phones, how fast and how hard they type – are much harder if not impossible to imitate.
“Facial recognition is going to be great, but it’s also going to have problems,” he said. “and what you need to look at is user behavior to drive trust.”
Insider threat litigation: A corporate data leak will spill into court, with an employer suing an employee for stealing data or deliberately causing a breach, writes Marlene Connolly, Forcepoint’s group counsel and senior director. Even if the employer wins, it will come at a cost: exposing weakness in the company’s cybersecurity practices.
“This is not to say 2019 will be the year of ‘Us vs. Them,’ or pit employee against employer,” Connolly writes in calling for sensible, transparent user analytics in the workplace. “…Protection of personal data and privacy are no longer best practices, but are basic essentials to any successful organization.”
A cyber cold war: Isolationist trade policies will lead to an uptick in cyber-driven spy tactics, including IP theft and disruption of government and critical infrastructure, writes Luke Somerville, Forcepoint’s head of special investigations.
“Companies and nations have always been naturally protective of their IP, but as opportunities for legitimate access dwindle,” he writes, “people on the other side of embargoes will have real incentive to acquire it by nefarious means.”
The age of edge computing: Historic consumer data breaches mean the days of data sitting in big piles on a cloud somewhere are ending, writes Richard Ford, Forcepoint’s chief scientist. An emerging alternative is edge computing, where data and the algorithms that process it remain on a device, with only metadata going to the cloud. But consumers either won’t understand the change, or won’t trust companies that it’s actually happening, Ford writes.
“It is not enough for organizations to comprehend and secure data both at the device and in the cloud,” he writes. “In order to engender trust, they must make consumers believe that the company is indeed doing this.”
A Zagat for cyber: What if poor cybersecurity directly affected a company’s bottom line? That’s the idea behind “security trust ratings,” essentially a cybersecurity score that would become part of the due diligence companies do when buying a service or striking up a partnership. And they’re about to become reality, Forcepoint Chief Information Officer Meerah Rajavel writes.
“Security cannot just be the responsibility of the IT teams and the technologies they implement,” she writes, “but must become a cultural and business value that is recognized and rewarded.”