This year saw – again – a painstakingly high amount of attacks, data leaks and cybercrimes. This is especially concerning, as we see the rise of the Internet of Things (IoT) and 5G, which will likely widen the attack vector for mischief again. However, looking at the research community and the industry for cybersecurity alike, we also perceive that a paradigm change towards a more offensive approach is developing
In the past, cybersecurity was all about defending infrastructure and applications against attacks. Firewalls, Anti-Virus solutions, Security Information and Event Management (SIEM) systems and endpoint security have one thing in common: they are trying to identify suspicious activities and prevent them from doing harm in any way. In other words, they are reactive approaches. And, obviously, this is an important step in defending against attacks from both the inside and the outside.
These reactive measures are necessary, because when IT components were developed, no one had security on their mind. Take the http protocol, for example, which was developed at the CERN in the late 1980s and early 1990s. When the use of the internet erupted, it became clear that information needed to be transferred in a secure manner, which brought the development of https in 1994 by Netscape. Being able to transfer encrypted information was a big step forward, but it wasn’t until very recently that https saw broad adoption, and even today many websites still use the unencrypted http protocol.
At the beginning of the internet era, nobody could perceive how much of a problem cybercrime would become, which is why most solutions were not designed with security in mind. With the rise of 5G and the IoT, this has changed significantly. Researchers, the industry and even users now understand the importance of security and privacy. This lead to a drastic change of view on how IT solutions are to be conceived. Security is now becoming an integral part of every development approach. In addition, there are now more and more solutions which are validating systems and software for vulnerabilities, down to the actual architectural level, thereby identifying weaknesses before they can be exploited by attackers.
To be more precise, development methods like DevSecOps (link) are not only picking up, but will become the de-facto-standard in the near future. Tools which assess the security of a newly developed solution before it goes productive become more and more important, scanning code vulnerabilities, software architecture and even API calls. Last, but not least, technologies like blockchain ensure that information cannot be tampered with, artificial intelligence and machine learning helps with clearing the tremendous amount of data generated by the billions of devices which will be connected to the IoT and 5G networks.
On the other hand, there are still many problems to be dealt with. Governments asking for backdoors in IT systems, cheap IoT devices which can – and are – used for distributed denial of service attacks (DDos), easier accessibility for hacker tools are just some of the issues which counteract against efforts to secure the technological world. Not to mention the growing complexity of IT systems in general, which will definitely create vulnerabilities no-one can perceive just yet.
So what will we see in 2020 for cybersecurity? The research community will lead the way in developing possibilities to harden new solutions right from the beginning, while from the industry we will see some of the first implementations of solutions which look at security from a holistic perspective. This covers both tools which are deployed early in the development process, ensuring “security by design” or “security by default”. In addition, cybersecurity providers will enhance the scope of their defensive solutions by covering more attack vectors. This will initiate a shift from “best-of-breed” solutions to a “one-stop-shop” approach. For the industry, this will mean increased competition, but as more and more customers are seeing the importance of securing their systems, the security market as a whole will benefit.
As we enter a new decade, cybersecurity will therefore see a drastic change. The IoT and 5G will call for new approaches to securing systems, other measures will become commodities or even fade out, new technologies will bring a broader adoption of security for everyone. In other words, 2020 will be an exciting year to be in cybersecurity and we at Cybersecurity Magazine will accompany these changes with insights into the research community and the industry.