Cyber futures in 2020

Issue 1 2020 Cyber Security

The best way to polish up the old crystal ball and see into the future is to use the exact science of hindsight – especially when it comes to cybersecurity and risk predictions. However, looking backwards and then pronouncing what should have happened is far easier than getting predictions for 2020’s cyber risks right.

Having said that, trends of recent years do have a pattern. One thing is for certain, threats are more sophisticated by the day and increasing in intensity.

Utilities will continue to be a target

In July of this year City Power, owned by the City of Johannesburg, announced a major ransomware attack* that shut down its IT systems, encrypted its databases, applications and network, leaving an estimated quarter of a million people affected.


MJ Strydom.

One global example of an attack on a utility is that of the cyberattack reported on the US grid that created blind spots at a grid control centre and several small power generation sites in the western United States**. It is worthy of note because a report posted by the North American Electric Reliability Corporation (NERC) advised: “Have as few Internet facing devices as possible.” This is no mean feat in the age of IoT.

It should be noted that in many cases, critical power and water distribution infrastructure use older technologies that are vulnerable to remote exploitation because upgrading them can mean service interruptions and downtime. SA utilities will need to look at radically strengthening cyber defences around critical infrastructure.

IoT; exponential data volumes

The US NERC warning might not seem possible to heed in the midst of technology advances and the attractions of Internet facing devices, but the fact of the matter is that the more IoT devices there are, the greater the risks.

As 5G networks roll out, the use of connected IoT devices will accelerate dramatically and will massively increase networks’ vulnerability to large-scale, multi-vector Gen V cyberattacks. IoT devices and their connections to networks and clouds are still a weak link in security. It’s hard to get visibility of devices, and they have complex security requirements.

We need a more holistic approach to IoT security, with a combination of traditional and new controls to protect these ever-growing networks across all industry and business sectors. The new generation of security will be based on nano security agents such as micro-plugins that can work with any device or operating system in any environment, controlling all data that flows to and from the device, and delivering always-on security.

The bandwidth that 5 G enables will drive an explosion in the numbers of connected devices and sensors. eHealth applications will collect data about users’ wellbeing, connected car services will monitor users’ movements, and smart city applications will collect information about how users live their lives. This ever-growing volume of personal data will need to be protected against breaches and theft.

Artificial intelligence (AI)

AI will accelerate security responses – most security solutions are based on detection engines built on human logic, but keeping this up to date against the latest threats and across new technologies and devices is impossible to do manually. AI dramatically accelerates identification of new threats and responses to them, helping to block attacks before they can spread widely. However, cybercriminals are also starting to take advantage of the same techniques to help them probe networks, find vulnerabilities and develop ever more evasive malware.

Security at the speed of DevOps

The commercial world is already running the majority of its workloads in the cloud, but the level of understanding about securing the cloud remains low, and security is often an afterthought with cloud deployments because traditional security measures can inhibit business agility. Security solutions need to evolve to a new paradigm of flexible, cloud-based, resilient architectures that deliver scalable security services at the speed of DevOps (DevOps is a set of practices that combines software development (Dev) and information-technology operations (Ops) which aims to shorten the systems development life cycle and provide continuous delivery with high software quality – Wikipedia.).

A rethink on cloud is required

Enterprises need to rethink the approach to cloud. Increasing reliance on public cloud infrastructure increases exposure to the risk of outages, such as the Google Cloud outage in March this year. This will drive companies to look at their existing data centre and cloud deployments and consider hybrid environments comprising both private and public clouds.

Today’s hyper-connected world creates growing opportunities for both businesses and cyber criminals, and every IT environment is a potential target: on-premise networks, cloud, mobile, and IoT devices. However, forewarned is forearmed: using advanced threat intelligence to power unified security architectures, businesses of all sizes can do much to protect themselves.

For more information contact MJ Strydom, DRS, mj@drs.co.za, www.drs.co.za

* www.bbc.com/news/technology-49125853

** http://https://www.eenews.net/stories/1061111289




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Seven security trends for 2020
Issue 1 2020 , Cyber Security
What challenges await the security professional in 2020? Lukas van der Merwe looks at the trends for the year ahead.

Read more...
Security is not a single product solution
Issue 1 2020 , Cyber Security
Adopting a phased approach to security allows companies to develop a layered security posture to help control costs as well as the complexity.

Read more...
From physical security to cybersecurity
Access & Identity Management Handbook 2020, Genetec , Cyber Security, Security Services & Risk Management
Genetec discusses the security-of-security concept as a means to protect cameras, door controllers and other physical security devices and systems against cybercriminal activity.

Read more...
Minding the gaps to protect industrial PLCs from cyber threats
November 2019, AVeS Cyber Security , Cyber Security
PLCs, designed to control machinery and specific processes, were never built with cybersecurity threats in mind and protecting PLCs against these threats requires healthy isolation from the Internet.

Read more...
African trust centre launches cyber division
November 2019 , Cyber Security
Advancing cybersecurity to more stringent heights, LAWtrust has launched a new division focusing on cybersecurity services to complement its identity, encryption and digital signature offerings.

Read more...
What are the cybersecurity issues in video surveillance?
November 2019, Axis Communications SA , Editor's Choice, CCTV, Surveillance & Remote Monitoring, Cyber Security
he importance of the data captured by surveillance cameras – and what can be done with it – has led to a new breed of cybercriminals, looking for insights to steal and sell.

Read more...
Protecting the outer perimeter with cloud services
November 2019 , Cyber Security
Business leaders now have a choice whether they want to continue using their trusted firewall or move to a next-generation firewall delivered by appliances or as cloud services.

Read more...
Information security outsourcing service
November 2019, Condyn , Cyber Security
SearchInform launches information security outsourcing service for companies that face the problem of corporate fraud and data leakage.

Read more...
Block threats before they target your business
November 2019 , Cyber Security
The antivirus solutions of a decade ago are woefully inadequate weapons in the fight against today’s complex threats.

Read more...
Encrypted communication in compact cellphone format
November 2019 , Cyber Security
embedded brains develops hardware, mechanical components and power management strategy for plug-and-play personal security device genucard 3.

Read more...