One in three people has seen their personal data “compromised” during this year that has just ended, according to the “2018 Consumer Cybersecurity Study” conducted by “First Data (NYSE:FDC).
It’s not a joke, it’s reality. A situation that reaches levels of being the usual if we talk about the range of ages from 24 to 34 years, the “millennials”.
This capture of our personal data is referred to in slang as “data breaches”. Spectacular cases are known. From the already famous dating website (Adult-Friend-Finder) which exposed more than 400 million accounts back in 2016, to the Marriott hotels in 2018 which has exposed more than 500 million accounts. Not even NASA, which admitted to having suffered last October data theft of its employees (and ex-employees) including something as sensitive for U.S. residents as their social security number.
Before sharing my predictions about cyber-security 2019, I would like to emphasize the element that I consider most influential: Artificial Intelligence and some of its main impacts and consequences.
Advances in technology related to Artificial Intelligence are opening up immense opportunities that translate into new services, scientific advances, improvements in healthcare and, of course, business. However, this new era of data sharing has its double edge in data protection. The industry consensus is that neither cybersecurity nor regulation will by themselves be sufficient to protect us. Data has to be protected by the same technology that generates it, not just by regulation or cyber-security. In plain English, data has to incorporate factory cyber-security, not to go unarmed waiting for external elements of cyber-security to protect you or regulation to discourage bad practices.
Artificial Intelligence will permeate all aspects of our “cyber” life. For example, there will be more and more instruments that will behave like “quasi” humans. We see them in instruments like Alexa (Amazon), Google assistant (Google/Alphabet), or Siri (Apple). There are also those that we do not see, such as telephone assistants who we think are people, but they are not. They are robots with artificial intelligence, “chatbots” in the jargon, which are indistinguishable, on the part of the person on the other side, from authentic people.
These interesting services, and therefore susceptible of being used by hundreds of millions of people, are like honey attracting the bad guys. They will increasingly use these tools to deceive us, creating malicious chatbots that will attempt social engineering by clicking on links, downloading files or sharing private information. And beware, I’m not just talking about deceptions made by false people on social sites like Facebook, Twitter, Instagram or similar. I’m talking about phone or voice fraud (simulating or “hacking” instruments like Alexa or similar). Let’s not forget that even Smart-tv’s or automobiles have voice recognition capabilities and therefore the ability to listen to what we say.
Having said that, here are my predictions about cyber-security for 2019:
- Massive attackson our data that do not incorporate “factory” cyber-security. Main areas:
- Service providers who have us as clients (social networks, hotel chains, mass services)
- Fraud. They areexpected to continue in 2019 and continue to cost billions of euros, especially to companies that use e-commerce.
- Sensitive workplaces that have us as employees (Public Administration, companies such as NASA, Telefónica, etc.).
- Automotive. New cyber services are being implemented in the automotive sector (remote assistant, remote control of vehicle elements, driving without a driver, etc.). However, the elements of vehicles in general do not yet incorporate adequate protection from the factory, but are put as layers or patches on them. This makes them tremendously vulnerable to external attacks that can take control over the elements of the vehicle. This will affect both the physical elements (brakes, heating, etc.) and the virtual elements (listening to what we are talking about inside the vehicle).
- Personal attacksby malicious Chatbots based on Artificial Intelligence and Deep Learning. This impersonation of what we believe we have in front of us and what we relate to may cause us to pass on private and sensitive personal information (family, health, business, etc.) that may be used against us.
- Progress in cyber defence systems. Artificial intelligence elements, especially Deep Learning technology, will be used to increase the threat detection capacity and decrease the number of threats that are not really threats (false positives). This same tool has its dark side which is the use that the “bad guys” will give it to create more and more sophisticated elements of “malware” that make the task of the “good guys” more difficult.
- Attacks based on the new working models. A third of cyber-attacksare based onCyber-attacks exploiting unsecure remote working. What gives us comfort and quality of life such as working from home or wherever we are also opens a door of opportunity that allows the “bad guys” to slip into the middle of that process and either access our data or use us as a bridge to enter our organizations putting them at risk.
- State-sponsored” attacks. The efforts required to create the ever more sophisticated “malignant” tools require ever-greater support. The traditional dark side path of sharing its findings in order to unite forces will be joined with increasing weight by the resources of States. This will be especially true for attacks involving so-called Critical Infrastructures. In the broad sense, the political structure of a country could also be considered critical, and therefore the efforts made by these Nations to modify them and create situations that favour their interests would fall within this chapter. Russia has proven its capabilities in this sense, but it is not the only one, nor do they have to be external. A good connoisseur…
We are presented with a 2019 full of uncertainties and possibilities. Many of them, derived from the impact of Artificial Intelligence, especially Deep Learning, in all spheres of our relationship with data. The repercussions will be massive, and I foresee a strong impact on the change of society. We will see how consumers will begin to become aware of the value of their data and claim its control and monetization. We will see a greater importance of regulation and its impact on data protection. We will see a greater sophistication in the tools and techniques of cyber-security, both for defense and for attack. However, the biggest change I anticipate for 2019 is the incorporation of protection into the factory’s own intrinsic design. In other words, taking the automobile as an example, it is not that we protect access to the brakes by means of external protection layers; it is that the brake itself is designed with the protection incorporated at the factory. Although it may seem the same, it is not, and although it may seem strange that it is not already incorporated, it is not.
We will review these concepts in January 2020. In the meantime, enjoy 2019, manage your own data prudently and demand that those who lend you data do the same. You will be grateful.