Your IoT Cybersecurity Predictions for 2020
Your IoT Cybersecurity Predictions for 2020
Companies, analysts, and experts share their predictions for 2020 in IoT and cybersecurity. Here's what they said:
Join the DZone community and get the full member experience.Join For Free
While 2019 might not have including catastrophe's like NotPetya and WannCry, there's been plenty to keep white hackers and cybersecurity analysts and experts occupied. We've seen ransomware cripple local municipalities, attacks launched against energy utilities, facebook amongst numerous companies fall victim to data leaks, smart locks yet again show their appalling security, and numerous hacking of ring cameras.
You may also like: Top 10 Cybersecurity Predictions of 2019
Greater numbers of attacks have been attributed to nation-state actors. Research has revealed the (not surprising) havoc a hacked autonomous vehicle would cause on the road.
We've also seen further attempts to create progress legislation to place standards as to the security of IoT devices with progress in the Internet of Things (IoT) Cybersecurity Improvement Act of 2019 and California's SB-327 Information privacy: connected devices
As a tech journalist, I am privileged to speak with some of the most connected companies, analysts, and experts when it comes to IoT and cybersecurity. I recently asked them their predictions for 2020. Here's some of what they said:
Hacking and Ransomware Will Persist With SMBs the Biggest Victims
There were 1244 reported data breaches in 2018. At the end of October 2019, the number of data breaches in the US stood at 1272 with two months to go indicating a return to the normal pattern. In 2019, for the first time, hacking became the #1 cause of a data breach, followed by malicious actors (insiders and outsiders), and accidental breaches.
Hacking will continue to become a bigger share of attacks that result in data loss or system takeover. Ransomware will also continue to increase as businesses and governments continue to pay the ransom. (The average ransomware payment has increased 6X in 2019).
SMBs will be a bigger share of victims because they don’t have adequate resources to protect their data and systems. The average cost of an attack against an SMB is now $200,000.
— John Adams, CEO, Waratek
A Growth in Security-First Devices
2020 will be the year that we see a deeper integration of security and WAN technology. Historically, the network has always come first, and then security is bolted on to protect it. We're rapidly heading towards a security-first and connectivity-second approach — the total opposite of how the Internet was designed!
— Josh Flinn, Director of Product Strategy and Innovation, Cybera
Next-generation IoT devices and cybersecurity solutions will need to take a different approach; one that will move the control from the vulnerable device to a more powerful and trusted entity. One that will protect the device even before the first activation, all through manufacturing and supply chain. And one that is reliably informed and tightly managed.
Reliable, tightly managed cybersecurity for IoT devices will be the glue that will keep these increasingly sophisticated networks together and operating to their highest capacity. We need a future-proof approach that moves the root of trust from a device’s OS or processor, to the flash memory of a device, such as a flash-to-cloud approach.
This approach creates a secure channel, starting from the moment an IoT device is created on the factory floor, between the device’s flash memory and the management system in the cloud so that, even if the device’s software or processor is compromised, the device will remain secure.
— Nitzan Daube, CTO, NanoLock Security
5G Creates Its Security Challenges
Although 5G offers an improvement over 4G on better verification and stronger encryption, it needs to be seen how 5G security will fare when mass adoption comes to reality. Some of the known attacks against 5G include fake mobile base stations that could allow stealing user information. IoT device connection to 5G networks adds a tempting factor for cybercriminals to find and exploit flaws for their gain.
The amount of data being shared via IoT and 5G is only ever going to increase, so the management of risk, prevention of attacks, and complexity of cybersecurity must be embedded from the initial concept and roll-out, not just a case of trying to keep pace.
— Harman Singh, Managing Consultant, Defendza Ltd
Compliance is There to Help, Providing Companies Embrace it
There are a plethora of different security frameworks available for security professionals to use. From the NIST CyberSecurity Framework and CIS Top 20 Controls through to ISO 27001 and the EU GDPR rules on data privacy, these approaches aim to provide best practice support for security and help control the huge complexity of modern IT infrastructure.
For 2020, using compliance frameworks for security planning will move over to one based on managing risk rather than any particular security problem or threat. This involves getting guidance on what the biggest issues are for the company, which represents a risk to the business, and then planning based on what priorities exist. This becomes a “whole company” issue rather than one that is specifically linked to IT security or technology.
Shared Responsibility for the Cloud Still Needs to be Understood
Cloud deployments are getting more and more popular. Providers like Google Cloud Platform, Microsoft Azure and Amazon Web Services all offer a range of options for hosting, managing and implementing applications. Companies are also looking at multi-cloud and running across different cloud services where locations are available.
While the cloud providers are clear on what they are responsible for, there have been many cases where assumptions have been made and security flaws discovered. Poor database deployments or the use of insecure storage with default configurations have been the most common culprits.
Next year, these issues will continue as developers rush to get their applications finished or miss out on working with IT security teams on moving services into production. To avoid this, companies will have to take more responsibility for their deployments. Educating developers is part of this, but building better DevOps processes that incorporate security tools into the release workflow will be just as important. This will make security “business as usual” rather than an additional headache.
— Marco Rottigni, Chief Technical Security Officer EMEA at Qualys on operational technology and IT security.
Enterprises Will Combine Raspberry Pi and Software-Defined Perimeters (SDP) to Create Secure Low-Cost IoT Networks
Raspberry Pi is a great platform for IoT — its a very cheap computer that runs Linux and provides a set of open GPIO (general purpose input/output) pins that allow you to control electronic components.
Software-defined perimeter (SDP) software improves the security of data flows between devices by removing an IoT device's network presence, eliminating any potential attack surfaces created by using a traditional virtual private network (VPN). In 2020, enterprises will take advantage of the ubiquity of RasPi and the security of SDP software to enhance product differentiation with high-value IoT networks.
— Don Boxley, CEO, and Co-Founder, DH2i
Smart Endpoints and Software-Defined Perimeters Will Transform Cloud-Based Disaster Recovery (DR)
Many organizations are pursuing a cloud-based Disaster Recovery (DR) strategy to achieve the business objectives of:
1. Getting replicas off-site.
2. Eliminating the cost and complexity of building and maintaining a DR site.
These DR strategies typically depend on a VPN to connect the on-premises source to the cloud-based target. That's a problem because traditional VPN software solutions are obsolete for the new IT reality of hybrid and multi-cloud. They weren't designed for them. They're complex to configure, and they expose "slices of the network," creating a lateral network attack surface.
In 2020, a new class of DR software with integrated SDP security will emerge to eliminate these issues and disrupt the cloud DR market. This new SDP-enhanced DR software will enable organizations to build smart endpoint DR environments that can seamlessly span on-premises and the cloud without the added costs and complexities of a VPN, and with virtually no attack surface.
— Don Boxley, CEO, and Co-Founder, DH2i
Opinions expressed by DZone contributors are their own.