topic Re: How about an ISC2 Community Predictions for 2020? in Industry News

How about an ISC2 Community Predictions for 2020?

Caute_cautim — Mon, 09 Oct 2023 09:23:12 GMT

Hi All

How about some debate about security and privacy predictions of our own for 2020?

1) Pushing things off the ramp, I believe IoT, IIoT, and OT - putting them in the same domain, although there is some subtle differences within OT. This area will become a major concern in 2020, especially after the study on RSA digital certificates state within these IoT devices: https://www.computing.co.uk/ctg/news/3084715/iot-encryption-weak?utm_source=Adestra&utm_medium=email&utm_content=&utm_campaign=CTG.Daily_RL.EU.A.U&im_edp=4684348-d52db0a2a87831d1%26campaignname%3DCTG.Daily_RL.EU.A.U&utm_term=Other%20-%20Vendor&im_company=IBM&utm_term=5000%20to%2049%2C999

2) Is it not time for passwords to be phased out and for us to go FIDO instead? https://fidoalliance.org/

Any thoughts on how to establish and achieve this in 2020?

3) Ransomware is increasing, as shown with many education establishments in the USA lately being held to extortion attempts - so relate to IoT and they the cyber-criminals are likely to literally make a killing in terms of increased revenues to themselves.

4) The ramifications of the CCPA and SB-327 will be known in 2020 and the likelihood of USA adopting a GDPR like legislation?

5) Any others that come to mind?

Regards

Caute_cautim

Re: How about an ISC2 Community Predictions for 2020?

CISOScott — Wed, 18 Dec 2019 13:47:08 GMT

I would have said ransomware if you hadn't already. I really expect it to explode this year (2020).

Re: How about an ISC2 Community Predictions for 2020?

rslade — Wed, 18 Dec 2019 19:13:24 GMT

> CISOScott (Community Champion) posted a new reply in Industry News on 12-18-2019

> I would have said ransomware if you hadn't already. I really expect it to
> explode this year (2020).

Up in Canada we've got a lot of media attention over LifeLabs. They've reported
paying ransom, so I assume it's ransomware, but, as always, the media hasn't got a
clue and are reporting it like it was a breach (which ransomware really isn't) and as
if someone came and took the records away and then gave them back when the
ransom was paid. They are talking about medical records being stolen and the
privacy implications of it. What's worse, is the media is finding talking heads,
supposed security experts, who don't understand the difference either. (One report
last night had a putative security expert opining that the "theft" of DNA data
would make a problem with biometrics. Argh!!)

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
We should be careful of each other, we should be kind, while
there is still time. - Philip Larkin
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

Re: How about an ISC2 Community Predictions for 2020?

Caute_cautim — Wed, 18 Dec 2019 20:57:22 GMT

@rsladeYes, Ransomware will figure higher in 2020, now that some have decided to pay the ransom, which promotes the perpetrator to do it again and again.

However, I foresee Ransomware, IoT, 5G Edge Computing and vast speeds being a serious issue in 2020 myself. I think I can safely add AI and poor Machine Learning coding and development with poor ethics and bad data to the list as well.

I spoke to a fellow colleague the other day, about her PhD subject,which is designing antenna or aerials for 5G purposes within buildings. Having studied radio communications from a young age, it is amazing how little the younger generation appreciate how pervasive radio communications can be in its many forms.

We seem to be in such a rush for high speed communications, higher transfer rates, yet we have little time to fathom the implications of those decisions, even if they are innovative and great for marketing, product, operational and business models.

Regards

Caute_cautim

Re: How about an ISC2 Community Predictions for 2020?

CISOScott — Wed, 18 Dec 2019 21:25:40 GMT

@Caute_cautim wrote:

I spoke to a fellow colleague the other day, about her PhD subject,which is designing antenna or aerials for 5G purposes within buildings. Having studied radio communications from a young age, it is amazing how little the younger generation appreciate how pervasive radio communications can be in its many forms.

We seem to be in such a rush for high speed communications, higher transfer rates, yet we have little time to fathom the implications of those decisions, even if they are innovative and great for marketing, product, operational and business models.

Regards

Caute_cautim

We are slowly microwaving ourselves. We should be good and cooked by 2050.

Re: How about an ISC2 Community Predictions for 2020?

Caute_cautim — Thu, 19 Dec 2019 02:21:05 GMT

@CISOScottRemember 2.45 GHz is the frequency at which water boils within a Microwave, but there are many Watts of power within an enclosed space. The other issue rather like LED Lamps is the increased level of electromagnetic noise generated, many issues are created by the actual power supplies not being filtered or because they use switched mode Power Supply Units apart from other shielding. In fact some of my colleagues, will actually go into electrical outlets and take an AM radio and check them out, before they purchase them.

Getting back to predictions: Other thoughts -

1) 5G and Wifi-6 high speed, high band width wireless networks

2) Artificial Intelligence and Machine Learning - ethics and how good the original data actually is

3) Application Programming Interfaces and secure coding and development techniques or lack of

4) Lack of pre-production testing and testing for the unexpected.

Regards

Caute_cautim

Re: How about an ISC2 Community Predictions for 2020?

denbesten — Thu, 19 Dec 2019 05:44:15 GMT

@Caute_cautim wrote:
2) Is it not time for passwords to be phased out and for us to go FIDO instead? https://fidoalliance.org/

It is clear that passwords being deemphasized as a sole source of authentication, but I don't anticipate any one mechanism as the replacement. There are just too many competing options with financial advantage for different parties. For example, Windows will cooperate with other SAML authentication and FIDO plugins will not be blocked, but somehow things will work best if you use Microsoft Authenticator and Microsoft Hello.

In addition to @Caute_cautim's list, I am hoping to see:

A trend towards Private VLANs (aka port isolation) to prevent lateral movement in an attack -- both in enterprises and in consumer-grade equipment.
Greater efforts by manufacturers to eliminate default passwords (ala the California "default password" law) and perhaps adopting similar legislation in larger populations.
An emphasis on backups (potentially including cloud-sync) as a preventative measure against ransomware.
An improved focus on human-factors in authentication design -- as suggested in NIST 800-63b.
Improved consumer/public awareness and sensitivity to surveillance, be it by ring cameras, Alexis, hidden cameras, Teslas, cop-cams, etc. Perhaps, legislation requiring indicator lights and prominent notice on all recording devices.
That browser manufacturers uphold their promise to kill flash.

Re: How about an ISC2 Community Predictions for 2020?

Caute_cautim — Thu, 19 Dec 2019 19:36:30 GMT

@denbestenOn the password front, we definitely need to sort this out given this trend from this study:

https://securityintelligence.com/news/study-3-in-4-users-required-a-reset-of-a-forgotten-password-in-the-last-90-days/

In terms of predictions, here is another 11 add to the list:

https://securityintelligence.com/posts/ibm-x-force-security-predictions-for-2020/

Let the madness begin.

Regards

Caute_cautim

Re: How about an ISC2 Community Predictions for 2020?

CISOScott — Thu, 19 Dec 2019 20:57:35 GMT

I once worked at a place of about 5000 employees. The helpdesk averaged 600-700 password resets a week! I pointed out to the CIO how this was problematic and he did nothing to resolve it. This was across several platforms like Network, Email, and some applications, but still 10% of your employees needing to reset passwords every WEEK?

I left before I could implement any change there. So I agree with the doing away with passwords and moving to something better approach.

Re: How about an ISC2 Community Predictions for 2020?

Starat — Tue, 24 Dec 2019 21:41:45 GMT

Legislation discussion around security will grow in 2020

Cloud technology will begin to grow beard.....and become an household item for all organization

Re: How about an ISC2 Community Predictions for 2020?

dcontesti — Thu, 26 Dec 2019 08:32:46 GMT

Sorry to be late to the discussion, I believe one thing that will plague Security folk in 2020 are the ever changing and new Privacy laws that are coming at us. NY has two new privacy laws coming out in March of 2020 and while similar to CCPA and GDPR, there are differences sufficient enough to warrant concern.

As a suggestion, this conversation would make a great blog post. Maybe we could each write a paragraph on one item and then we could combine and ask (ISC)2 to issue.

Thoughts?

Re: How about an ISC2 Community Predictions for 2020?

Caute_cautim — Thu, 26 Dec 2019 19:14:19 GMT

@dcontesti A marvellous thought indeed, lets compile some paragraphs, and let have a go at your suggestion? Anyone want to kick this off to prepare the pathway to 2020?

I will produce a paragraph at least by the end of today, everyone feel free to contribute and see what we can come up.

Suggestions: IoT, IIoT, OT; Zero Trust Security; Ransomware, Flash; End of Passwords; Fake News: AI: etc etc.

Lets compile and see what brilliance we can up with - the challenge is on.

Regards

Caute_cautim

@dcontesti wrote:
Sorry to be late to the discussion, I believe one thing that will plague Security folk in 2020 are the ever changing and new Privacy laws that are coming at us. NY has two new privacy laws coming out in March of 2020 and while similar to CCPA and GDPR, there are differences sufficient enough to warrant concern.

As a suggestion, this conversation would make a great blog post. Maybe we could each write a paragraph on one item and then we could combine and ask (ISC)2 to issue.

Thoughts?

d

Re: How about an ISC2 Community Predictions for 2020?

dcontesti — Thu, 26 Dec 2019 20:23:06 GMT

I will write something on Privacy (unless someone else wants this one).

My initial thought is to have maybe ten to twelve "predictions" for the blog post but as always open to others thoughts/suggestions/etc.

now to go shopping on Boxing day LOL

Re: How about an ISC2 Community Predictions for 2020?

Caute_cautim — Thu, 26 Dec 2019 20:36:05 GMT

Crazy person - watch out for those Smart devices embedded oh IoTs - I will do a write up on these for starters. Have fun.

Re: How about an ISC2 Community Predictions for 2020?

AppDefects — Thu, 02 Jan 2020 00:08:35 GMT

Data breaches will get bigger! Duh, no kidding;) Who will be next? Why do we continue to put up with data breach excuses? What sob story will we hear from CEO's? We are truly sorry... blah, blah, blah. We need laws to change. Mandatory jail time for executives that don't care about security and privacy. Jail time for people using production data in test. Lock them up!

In the 2020's we need to rethink identity.

Re: How about an ISC2 Community Predictions for 2020?

rslade — Thu, 02 Jan 2020 00:44:20 GMT

Trebor the Magnificent knows all and tells all.

In 2020, a major institution will be hit by ransomware. Media will report that
millions are at risk of having their data stolen EVEN THOUGH RANSOMWARE
DOESN'T DO THAT!!!!

In 2020, a security company will call for the end of passwords because they have
come up with a proprietary authentication scheme. It will be complex, expensive,
and unworkable.

In 2020 many security experts will urge people to move to the cloud, and claim it
is inherently much more secure than using your computer, EVEN THOUGH
CLOUD JUST MEANS SOMEBODY ELSE'S COMPUTER!!!!

In 2020 some idiot in either politics or law enforcement (or both) will call for the
development of encryption which, magically, the good guys can read but the bad
guys can't. They will also call for the banning of all current encryption systems.

In 2020, Facebook will once again abuse users trust.

In 2020, someone will realize that, if you have a cell phone, somebody knows
where you are at all times.

In 2020, someone will realize that, if you post everything about your life on
publicly accessible social media, people will be able to find out about you.

In 2020, there will be yet another law passed making telemarketing, robocallers,
untraceable calls, and other phone nuisances illegal. It won't change anything.
(And there will also be special dispensation noting that it doesn't apply to
politicians.)

In 2020 there will be a special month devoted to making everyone aware of
cybersecurity. Nobody will notice.

In 2020 you will have a Happy New Year, whether you realize it or not.

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
I hate, I despise your religious feasts; I cannot stand your
assemblies. Even though you bring me burnt offerings and grain
offerings, I will not accept them. Though you bring choice
fellowship offerings, I will have no regard for them. Away with
the noise of your songs! I will not listen to the music of your
harps. But let justice roll on like a river, righteousness like
a never-failing stream! - Amos 5:21-24
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

Re: How about an ISC2 Community Predictions for 2020?

Caute_cautim — Thu, 02 Jan 2020 01:38:56 GMT

@rsladeThe giant has awoken, the Kraken lives on. I was following a threat the other day on Linkedlin, where someone suddenly realised that Huawei was owned by the People's Republic of China or PRC. This apparently was so devastating to them in terms of being a realisation of reality. But later on over the festive period we see that India has full embraced Huawei, so comes a load of pain for over 95 million people in which rich surveillance will be available in due course.

And you remarks about court cases and legislation - could not be truer according to: https://www.law360.com/telecom/articles/1224443/cybersecurity-privacy-cases-to-watch-in-2020

HNY 2020

Caute_cautim

Re: How about an ISC2 Community Predictions for 2020?

AndreaMoore — Thu, 02 Jan 2020 16:18:11 GMT

@dcontesti @Caute_cautim @rslade @AppDefects @Starat

I LOVE this idea of a group authored blog post!!! The theme could be something like 2020 Vision for Cybersecurity...

Once you have it written, send it to me at communications@isc2.org as well as a list of the authors and your twitter handles (if you want to be tagged). We'll edit it (and if it is really long make it into multiple blog posts).

Thanks so much to all of you! Let's make 2020 the best year yet for the Community!

@AndreaMoore

@Kaity

Re: How about an ISC2 Community Predictions for 2020?

rslade — Thu, 02 Jan 2020 19:34:20 GMT

> AndreaMoore (Community Manager) mentioned you in a post! Join the conversation

> I LOVE this idea of a
> group authored blog post!!! The theme could be something like 2020 Vision for
> Cybersecurity... Once you have it written, send it to me at
> communications@isc2.org as well as a list of the authors and your twitter
> handles (if you want to be tagged).

We already did that. (Well, *I* already did that ...)

> We'll edit it

This implies that somehow what we/I did is not good enough, which is not so ...

> Let's make 2020
> the best year yet for the Community!

Somebody make sure that Andrea lies down for a little bit ...

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
The world will little note, nor long remember, what we say here
- Abraham Lincoln, the Gettysburg Address
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

Re: How about an ISC2 Community Predictions for 2020?

DHerrmann — Thu, 02 Jan 2020 20:37:30 GMT

@Caute-cautim - I recently used the term "radio" to describe WiFi.

The people I was talking with had no idea that WiFi was radio!