As we do each year, the LogRhythm Labs team came together recently to reflect on the year in cybersecurity and think about what’s to come.
2019 was definitely interesting. Breaches continued to keep organizations on their toes, with over 5,000 breaches reported between January and November 2019 and nearly eight billion records exposed.
But on the bright side, we saw some progress made towards improving how organizations maintain and report on cyber happenings. For example, while the U.S. may not have an overarching cybersecurity policy like the GDPR, individual states took matters into their own hands: all 50 states have some type of cybersecurity law(s), and at least 31 enacted new legislation in 2019.
But what about 2020? With a new decade right around the corner, we think the time is ripe for new innovations (by both good guys and bad guys), new threats, and new scandals. So without further delay, here are LogRhythm Lab’s cybersecurity predictions for 2020.
Cybersecurity Predictions for 2020
1. An insider will manipulate AI to wrongly put an innocent person in prison.
Because people train artificial intelligence (AI), AI adopts the same human biases we thought it would ignore. However, this hasn’t stopped the legal system from employing it. Just last year, a judge ordered Amazon to turn over Echo recordings in a double murder case. With AI already primed to make biased decisions based on the information it receives, an insider could exploit this to feed it false information to more directly implicate someone of a crime. In making AI more human, the likelihood that it makes mistakes will increase.
2. The U.S. election will definitely be hacked and influenced.
After the revelation of Russian interference in the 2016 U.S. presidential elections, election tampering is at the forefront of the news as we approach the 2020 elections. Hackers (nation-state or others) won’t have to do much more than infiltrate the system — or make it seems like they’ve infiltrated the system — to undermine people’s confidence in the election and exacerbate the current state of turmoil.
3. We’ll see the consequences of increased adoption of biometrics.
Before we see adequate regulation and security to protect biometric data, there are going to be some unlucky people whose biometric information is stolen and used for repeat fraud. If your credit card details are stolen, you can easily change your account number. But what if your face gets stolen? Once that information is compromised, there’s no swapping it out. Before the industry catches up and understands how to properly protect it, we’re going to see the consequences of the increased adoption of biometrics.
4. Iran’s offensive cyber operations will grow at a faster rate than China’s.
While China has been seen as one of the top nation-state threats in recent years, we’re going to see Iran outpace the country in 2020. Tensions between the U.S. and Iran have increased since the multiple incidents seen over the summer. And unlike China, Iran doesn’t have formal diplomatic relations with the U.S. It’s also not a big trade partner. Combined, these factors mean they have less to lose.
5. Quantum computing will break out of the lab and see use by users and threat actors alike.
Google’s “Sycamore” project was heralded as a breakthrough for quantum computing earlier this year. And while we’re certainly still far off from the advanced quantum computing that could change the way we perform standard cryptography, we are already seeing quantum computing make its way into the mainstream. For example, Microsoft announced its new Azure Quantum service, which will soon allow select customers to run quantum code and use quantum hardware.
These developments in quantum computing will likely have a significant impact on modern AI as well, helping to speed up AI’s data analysis and subsequent decision making. And by offering quantum technology to the masses, we’re sure to see an uptick in the development, adoption, and usefulness of quantum and modern AI throughout 2020 — both among legitimate users and malicious hackers.
6. Deepfakes will become convenient scapegoats.
Hackers have successfully been using deepfakes to impersonate executives to get large sums of money transferred to them. But in 2020, deepfakes will become a tool for not just hackers; regular people will start using them. However, instead of using them to steal, we’ll see “deepfake as a defense” — a convenient scapegoat to avoid professional or even legal repercussions.
7. Ransomware is going to expand into the critical infrastructure business.
Ransomware continues to be easy cash for hackers, recently reaching an average payout of $41,000 USD. Given ransomware’s proven track record, it’s time for hackers to take it to new markets. Critical infrastructure is a prime target. While most ransomware isn’t built to target infrastructure, it can still be used in such environments. And shutting down a power grid can yield a significantly higher than average payout to the attacker — not to mention, it can also lay the foundation of distrust in the government’s ability to protects its citizens. Critical infrastructure is due for another significant breach, making 2020 the perfect opportunity to introduce ransomware into this space.
8. Eavesdropping on smart speakers will result in a major political scandal.
If our smart devices are listening to us to improve the decisioning in the devices’ AI, then a human needs to be listening too. We believe this will result in a behind-the-scenes employee becoming the next whistleblower — exposing secrets that will lead to the next political scandal.
What do you think we’ll see in the next year? Share your thoughts in the comments below. And for more predictions fun, download our infographic!