Hi All
How about some debate about security and privacy predictions of our own for 2020?
1) Pushing things off the ramp, I believe IoT, IIoT, and OT - putting them in the same domain, although there is some subtle differences within OT. This area will become a major concern in 2020, especially after the study on RSA digital certificates state within these IoT devices: https://www.computing.co.uk/ctg/news/3084715/iot-encryption-weak?utm_source=Adestra&utm_medium=email...
2) Is it not time for passwords to be phased out and for us to go FIDO instead? https://fidoalliance.org/
Any thoughts on how to establish and achieve this in 2020?
3) Ransomware is increasing, as shown with many education establishments in the USA lately being held to extortion attempts - so relate to IoT and they the cyber-criminals are likely to literally make a killing in terms of increased revenues to themselves.
4) The ramifications of the CCPA and SB-327 will be known in 2020 and the likelihood of USA adopting a GDPR like legislation?
5) Any others that come to mind?
Regards
Caute_cautim
I would have said ransomware if you hadn't already. I really expect it to explode this year (2020).
@rsladeYes, Ransomware will figure higher in 2020, now that some have decided to pay the ransom, which promotes the perpetrator to do it again and again.
However, I foresee Ransomware, IoT, 5G Edge Computing and vast speeds being a serious issue in 2020 myself. I think I can safely add AI and poor Machine Learning coding and development with poor ethics and bad data to the list as well.
I spoke to a fellow colleague the other day, about her PhD subject,which is designing antenna or aerials for 5G purposes within buildings. Having studied radio communications from a young age, it is amazing how little the younger generation appreciate how pervasive radio communications can be in its many forms.
We seem to be in such a rush for high speed communications, higher transfer rates, yet we have little time to fathom the implications of those decisions, even if they are innovative and great for marketing, product, operational and business models.
Regards
Caute_cautim
@Caute_cautim wrote:
I spoke to a fellow colleague the other day, about her PhD subject,which is designing antenna or aerials for 5G purposes within buildings. Having studied radio communications from a young age, it is amazing how little the younger generation appreciate how pervasive radio communications can be in its many forms.
We seem to be in such a rush for high speed communications, higher transfer rates, yet we have little time to fathom the implications of those decisions, even if they are innovative and great for marketing, product, operational and business models.
Regards
Caute_cautim
We are slowly microwaving ourselves. We should be good and cooked by 2050.
@CISOScottRemember 2.45 GHz is the frequency at which water boils within a Microwave, but there are many Watts of power within an enclosed space. The other issue rather like LED Lamps is the increased level of electromagnetic noise generated, many issues are created by the actual power supplies not being filtered or because they use switched mode Power Supply Units apart from other shielding. In fact some of my colleagues, will actually go into electrical outlets and take an AM radio and check them out, before they purchase them.
Getting back to predictions: Other thoughts -
1) 5G and Wifi-6 high speed, high band width wireless networks
2) Artificial Intelligence and Machine Learning - ethics and how good the original data actually is
3) Application Programming Interfaces and secure coding and development techniques or lack of
4) Lack of pre-production testing and testing for the unexpected.
Regards
Caute_cautim
@Caute_cautim wrote:2) Is it not time for passwords to be phased out and for us to go FIDO instead? https://fidoalliance.org/
It is clear that passwords being deemphasized as a sole source of authentication, but I don't anticipate any one mechanism as the replacement. There are just too many competing options with financial advantage for different parties. For example, Windows will cooperate with other SAML authentication and FIDO plugins will not be blocked, but somehow things will work best if you use Microsoft Authenticator and Microsoft Hello.
In addition to @Caute_cautim's list, I am hoping to see:
@denbestenOn the password front, we definitely need to sort this out given this trend from this study:
In terms of predictions, here is another 11 add to the list:
https://securityintelligence.com/posts/ibm-x-force-security-predictions-for-2020/
Let the madness begin.
Regards
Caute_cautim
I once worked at a place of about 5000 employees. The helpdesk averaged 600-700 password resets a week! I pointed out to the CIO how this was problematic and he did nothing to resolve it. This was across several platforms like Network, Email, and some applications, but still 10% of your employees needing to reset passwords every WEEK?
I left before I could implement any change there. So I agree with the doing away with passwords and moving to something better approach.