I’ve always been a loner, avoiding crowds as much as possible, but last Friday I found myself in the company of 500 million people. The breach of the personal accounts of Marriott and Starwood customers forced us to join the 34% of U.S. consumers who experienced a compromise of their personal information over the last year . Viewed another way, there were 2,216 data breaches and more than 53,000 cybersecurity incidents reported in 65 countries in the 12 months ending in March 2018.
How many data breaches we will see in 2019 and how big are they going to be?
No one has a crystal ball this accurate and it’s difficult to make predictions, especially about the future. Still, I made a brilliant, contrarian, and very accurate prediction last year, stating unequivocally that “there will be more spectacular data breaches” in 2018 .
Just like last year, this year’s 60 predictions reveal the state-of-mind of key participants in the cybersecurity industry (on the defense team, of course) and cover all that’s hot today. Topics include the use and misuse of data; artificial intelligence (AI) and machine learning as a double-edge sword helping both attackers and defenders; whether we are going to finally “get over privacy” or see our data finally being treated as a private and protected asset; how the cloud changes everything and how connected and moving devices add numerous security risks; the emerging global cyber war conducted by terrorists, criminals, and countries; and the changing skills and landscape of cybersecurity.
It’s the data, stupid
“While data has created an explosion of opportunities for the enterprise, the ability to collaborate on sensitive data and take full advance of artificial intelligence opportunities to generate insights is currently inhibited by privacy risks, compliance and regulation controls. The security challenge of ‘data in use’ will be overcome by applying the most universal truth of all-time―mathematics―to facilitate data collaboration without the need for trust from either side . For example, ‘zero-knowledge proof’ allows proof of a claim without revealing any other information beyond what is claimed. Software that is beyond trust and based on math will propel this trend forward”―Nadav Zafrir, CEO, Team8
“IT security in 2019 is no longer going to simply be about protecting sensitive data and keeping hackers out of our systems. In this day and age of big data and artificial intelligence―where cooperation on data can lead to enormous business opportunities and scientific and medical breakthroughs―security is also going have to focus on enabling organizations to leverage, collaborate on and monetize their data without being exposed to privacy breaches, giving up their intellectual property or having their data misused. Cybersecurity alone is not going to be enough to secure our most sensitive data or our privacy. Data must be protected and enforced by technology itself, not just by cyber or regulation. The very technology compromising our privacy must itself be leveraged to bring real privacy to this data-driven age”―Rina Shainski, Co-founder and Chairwoman, Duality Technologies
AI is a dual-use technology
“ AI-driven chatbots will go rogue . In 2019, cyber criminals and black hat hackers will create malicious chatbots that try to socially engineer victims into clicking links, downloading files or sharing private information. A hijacked chatbot could misdirect victims to nefarious links rather than legitimate ones. Attackers could also leverage web application flaws in legitimate websites to insert a malicious chatbot into a site that doesn’t have one. In short, next year attackers will start to experiment with malicious chatbots to socially engineer victims. They will start with basic text-based bots, but in the future, they could use human speech bots to socially engineer victims over the phone or other voice connections”―Corey Nachreiner, CTO, WatchGuard Technologies
“While next-gen technology like Artificial Intelligence (AI) and Machine Learning (ML) are transforming many enterprises for the better, they’ve also given rise to a new breed of ‘smart’ attacks. The ability to scale and carry out attacks is extremely enticing to cybercriminals , including use of intelligent malware. The rise in next-gen threats means that security professionals must be extra vigilant with detection and training against these threats, while also adopting new methods of automated prevention methods”―John Samuel, Senior Vice President and Global Chief Information Officer, CGS
“Cyber defenders have been researching and working on their machine learning/AI/deep Learning for a long time.We expect over the next 5 years that these technologies will also empower adversaries to create more powerful and elusive attacks through a new generation of tools, tactics and procedures . While AI/ML-savvy offensive cybercriminals are in their infancy, this is like any other business.They will invest in whatever provides them the greatest return.Unlike defenders, those on the offense are willing to collaborateand share innovation freely, which could increase rapid development and innovation”―David Capuano, CMO and VP Sales, BluVector
“Automation is the name of the game in security and machine learning is here to help. AI is all about automating expert systems, and security is all about experts answering some form of the question: ‘Does this matter? Does this alert matter? Is this vulnerability risky?’ Machine learning will help filter out the noise , so that the limited number of practitioners out there can use their time most efficiently”―Michael Roytman, chief data scientist, Kenna Security
“Recent updates to exploit kits, specifically natural language and artificial intelligence capabilities, has made the automation of highly convincing and unique social engineering emails a very simple process . Meaning, an attacker can upload a file with one million email addresses and can automate the creation of effective and unique phishing messages to send out to victims”―Brian Hussey, VP of Cyber Threat Detection and Response, Trustwave SpiderLabs“ When it comes to using AI in cybersecurity, be wary . AI offers companies huge potential, but it is a largely untapped area. If you do plan to implement it, do a proof of concept to make sure that it integrates into your company’s environment, ensuring that you’re getting the maximum value”―Joan Pepin, CISO and VP of