By Dan Cole, Director, Product Management, ThreatConnect

With the advent of the next decade upon us, predictions for the future are sure to abound. Prophets will prophesy, forecasters will forecast, augurs will augur, and soothsayers will… sooth… say… But we don’t need to be consulting oracles and interpreting bones – it’s a fool’s errand anyway, especially in the world of infosec, which moves at a level of speed and unpredictability not seen in other sectors. Instead, information security leaders should focus on the known, and ready themselves by putting into practice a clear security vision for the near future. As we head into 2020, there are three concrete cybersecurity concerns that should be at the top of every cyber analyst’s mind.

The California Consumer Privacy Act (CCPA)

While not quite as famous as California Senate Bill 420, the CCPA is far more likely to get your legal bills high. The CCPA is a California bill that will create new consumer rights relating to personal information collected by businesses. The bill takes effect at the exact start of the New Year. Much like California’s former governor, this bill also fights predators. The intentions of the Act are to provide residents with a suite of rights, including the rights to:

  • Know what personal data is being collected about them.
  • Know whether their personal data is sold or disclosed and to whom.
  • Refuse the sale of their personal data.
  • Access their personal data.
  • Request a business to delete any personal information collected on them.
  • Sue companies which collected data that was later stolen or breached.
  • Protection against discrimination for exercising such privacy rights.

Much like GDPR, the CCPA will impact businesses far beyond its immediate geographic borders. Any company which serves California residents and has at least $25 million in annual revenue will need to comply with the law. In addition, companies that have personal data on at least 50,000 people or that collect more than half of their revenues from the sale of personal data will also be required to comply.

From an IT perspective, the CCPA will necessitate that security teams work closely with database administrators. Tools for dealing with the issue will need to have full visibility into data stored across a range of the internal corporate environment, while still ensuring that access to such data is properly secured. If the data is stored on the cloud, the problem becomes even more complicated. But hey, your companies will have a whole 30 days to figure that out before it can be fined for violations. And it’s only up to $7,500 per record. So, if you meet the minimum threshold of 50,000 people that’ll only cost around… 375… million… dollars…

The 2020 Elections

Hoo boy, here’s a big one. Election fraud has been gaining an increasingly acute level of scrutiny, especially following accusations of Russian meddling in 2016. While paper ballots have significant pros over electronic ones, it seems that many electorates are all aboard the electric train, so we need to find ways to prepare to roll with the punches. As Bruce Lee said, “Be water, my friend.”

In an act that is unprecedented in U.S. history, seven government agencies have issued a joint statement warning that foreign powers intend to manipulate the 2020 elections. While your SecOps team might not be responsible for protecting voting booths, if your organization is tasked with stewarding any appreciable volume of personally identifiable information, you could still come under attack. Any sort of personal information could be used by malicious actors to target groups or areas that may be crucial in the upcoming election. While this threat may not imply some sort of qualitative break with the past, it means that the threat level we can expect for the next year to be higher, putting an even greater level of pressure and responsibility on cybersecurity teams.

SecOps teams should be on the lookout for DDOS attacks, phishing, and malware attacks against infrastructure and networks that may be deemed critical to the elective process. While these are standard threats that cyber analysts have been dealing with for years, their level of sophistication is increasing, and the channels for the attack are sure to multiple alongside the spread of 5G and IoT.

The Roll-Out of 5G

5G means more than just access to 1080p Twitch streams while you’re on the go (have you checked out lara6683? She’s awesome). Advanced AI in devices, combined with cloud computing and now edge computing, will lead to the creation of a distributed computing environment connecting billions of devices and leading to a new generation of consumer and business applications. The International Telecommunications Union (ITU) divides 5G’s use cases into three main categories:

  • Enhanced Mobile Broadband (eMBB)
  • Massive Machine-Type Communications (mMTC)
  • Ultra-Reliable and Low-Latency Communications (URLLC)

The first of those (eMBB) will give you faster access to cat videos, but the other two are worth mentioning as well! At the micro-level, mMTC will extend the Internet of Things to a massive number of new devices, supporting roughly ten times as many devices in an area than are presently supported. At a more macro level, URLLC will allow for “mission-critical” communications, enabling industrial automation, drone control, new medical applications, and autonomous vehicles.

By the end of 2020, most countries around the world will have some form of limited access to 5G, and half of the United States is expected to have access. Considering the number of cities in the United States that currently have access is… barely more than 20… that means this is going to be a fast rollout. With speeds increasing by 10-20x, and the number of connected devices rapidly proliferating, the implications for our daily lives could be massive. However, some serious cybersecurity concerns remain.

With the multiplication of connected devices, there will be an even greater number of vulnerabilities under threat from bad actors. At the same time, SecOps teams will find themselves inundated with a flood of data, as the proliferation of devices compounds the number of connections exponentially.

Combine the sheer increase in volume along with a dramatic boost in speed, and it becomes clear that cybersecurity teams will need to increasingly rely on software such as SOAR platforms, which orchestrate and automate responses to security events. Through the usage of such platforms, SecOps teams will be able to proactively program playbooks to respond to events, allowing analysts to turn their high-level knowledge into automated routines relieving them of the mundane – and increasingly impossible – the job of providing triage to every event or threat that comes through.

Conclusion

I know how much we in the tech community love to speculate on the future. My fingers are crossed that the singularity is near, and I, for one, welcome our new Skynet overlords. But as much fun as such speculations are, our cybersecurity practices, unfortunately, need to be a bit more grounded. These three issues are not far-flung, they are not Jules Verne, they are not Heinlein, Asimov, Dick, or Herbert – these are concerns we need to focus on now, these are happening in 2020.

I mean, if you want to be able to afford nanotech immortality, you’ll need to at least keep your job for a few more years, right?

About the Author

Dan Cole, Director of Product Management at ThreatConnect, has spent the last decade as a product manager working to create awesome software that gets to the core of solving the unique problems faced by a myriad of industry verticals. From large financial and insurance providers to global telecom carriers, to federal agencies, Dan believes that the right software can free companies and users to focus on and enable their key missions.  Learn more about Dan and visit him online at https://threatconnect.com/.