Cybersecurity in 2020: Critical Year Ahead Presents Gauntlet of Potential Potholes

Posted on by Tony Kontzer

If years hold any numerical significance, then 2020 should be a year in which we see things exactly as they are. That said, if 20/20 is considered a baseline for functional vision, then when it comes to cybersecurity, the business world has been operating at about 20/200, or the threshold for being considered legally blind.

And here's the thing: 20/20 cybersecurity vision has never been needed more than in the coming year. And it's not just because a steady string of breaches is expected to cause numerous companies embarrassment while chipping away at consumer confidence in the organizations we trust with our information, although that would be reason enough. It's because 2020 is setting up to be a seminal moment in the history of cybersecurity.

In fact, for an exhaustive take on many ways security is expected to take front and center in 2020, look no further than the 141 cybersecurity predictions for 2020 Forbes recently collected from thinkers around the industry. And if that's not enough—and apparently it's not—Forbes published another 42 predictions when it realized 141 wasn't enough. 

Of course, making year-end predictions for the following year is a time-honored tradition for generating content, and everywhere one looks, there are lists of security predictions for 2020. Security Boulevard has numerous such lists, including this list of 11 predictions and another one highlighting five expected trends. CSO Online has identified nine security threats to watch, and Information Age recently offered up its eight predictions.

But while most of these lists offer up predicted attack vectors and technology trends (I'm talking to you, AI), a close look at the 2020 calendar shows a string of significant events that are likely to present a variety of big-picture security implications that may not be covered in your typical cybersecurity tactical playbook.

For instance, things kick into high gear on the first day of the year, when the California Consumer Privacy Act goes into effect. The long-talked-about legislation, perhaps the most comprehensive privacy law ever enacted, will almost certainly bring costly lessons to companies that continue to leave consumer data vulnerable, highlighting the need for constant awareness and diligence.

Fast-forward a few months, and the Summer Olympics will take place in Tokyo. Recent Olympics have made it clear that cybercriminals consider the biennial events to be an attractive target—see the cyberattack that hit the 2018 Winter Olympics in Seoul, or how a denial-of-service attack hit the 2016 Summer Olympics in Rio de Janeiro, or how no one was safe from hackers at the 2014 Winter Olympics in Sochi, Russia. So we can certainly expect the Tokyo games to attract some kind of nefarious activity.

It's also probably safe to expect some cyber-shenanigans as the Oct. 1 deadline to obtain a Real ID approaches. Americans will no longer be allowed to board flights or access federal facilities unless they've had their ID updated to conform to the Real ID Act of 2005, which has been implemented in stages over several years. While the law is intended to make flights and federal facilities safer, there are plenty who argue that Real IDs will only ramp up personal and national security risks.

A month after that brings the real doozy: Americans head to the polls to determine whether Donald Trump gets another four years in office, and I think we all know what a target US elections have had on their back. The security of our election systems has played a critical role in nothing less than the never-ending impeachment proceedings that have dominated American politics for months, and there's little question that, come November 3, 2020, all eyes will be on Russia, not to mention any other foreign actor that might see the US election system as full of holes to exploit. Certainly, election system security, which is an ongoing subject of debate in Washington, will be a hot topic of discussion leading up to the vote, and it will be heavily scrutinized during and after the election.

If that's not enough, 2020 looks to be a watershed year for the advancement of key technologies with huge security implications. As mentioned above, expected leaps in AI over the coming year figure to bring lots of new security issues to light, as numerous contributors to Forbes' exhaustive list suggested. If nothing else, AI will be embedded in more security products than ever, and it will increasingly be considered a key tool in the cybersecurity battle, used by security teams and perpetrators alike.

Similarly, the fast growing Internet of Things promises to create many more points of exposure as organizations look to take advantage of the ability to have machinery communicate, self-adjust and, in some cases, make decisions. The bad guys have already shown a propensity for hijacking everything from self-driving cars and security cameras to doorbells, and those charged with securing ubiquitous IoT devices will have their work cut out for them.

And then there's the rollout of 5G networks, which promise unprecedented speed, as well as new levels of security. But here's the thing: The quality of security in any part of the global network will depend upon who built it. Which is why FCC Chairman Ajit Pai stressed, in comments he made at a recent event in Los Angeles, that equipment from vendors with questionable security records (hello, Huawei) should be banned.

Given all of this, it sure seems that 2020, which is already seen as a critical moment on fronts ranging from climate change to geo-political unrest, is shaping up to be a critical stretch on the path to more effective cybersecurity.

Hold on, everyone. It's going to be a wild ride.

Tony Kontzer

, RSA Conference

Hackers & Threats

Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community