Knowing what's ahead is a matter of survival. It's a feeling of having control over our fate. We face uncertainty, which can amplify our fears. To combat this, we try to predict (guess) what the future holds. And we tend to do it as we close out each year. There is no shortage of musings being offered up each December. Some take a stab at what things will look like many years – or decades – later. Others look a little closer. All are usually taken with a healthy dose of skepticism because no one really knows what lies ahead. And that's exactly the point of predictions – they're really about envisioning what's to come. Knowing what's coming lessens our fear and allows us to take risks.
At RSA, we do both; envision (predict) what's coming and take risks. It's how we have successfully innovated in and protected the digital world for nearly 40 years. As we enjoy the final weeks of 2019, we compiled a list of things to come in 2020. We also talked with some of our customers to learn what they envision over the next year. Here's a bit about what to expect.
Critical infrastructure and utilities will continue to be the focus of cyberattacks: The backbone of global infrastructure and utilities – such as power and water – is aging technology that is harder to monitor and is more vulnerable to exploitation. Yes, there are risks in upgrading due to the potential of interruptions and downtime, but 2020 will be the year that nations start to look at bolstering their monitoring and defenses before attacks on ICS environments become commonplace.
A.I. Becomes Less of a Black Box – The security, integrity, and comprehensiveness of data used by A.I. and machine learning systems is critical. If even a small fraction of the data is corrupted – whether by accident or on purpose – the resulting A.I. and machine learning models generated from that data will become corrupted. Subsequent decisions made off corrupted models could become faulty, causing financial and reputational harm to organizations. As few intimately understand how A.I. and machine learning algorithms work, it'll be challenging to detect data integrity compromises in real-time. In 2020, we will see capabilities that focus on making A.I. less of a black box so decisions can be more readily understood - even by those who are not technical. In the meanwhile, organizations need to focus on who has accessed what, who should have access to what, and ultimately what is being done with that access.
The emergence of the "cyber savvy" board: Accountability for cyber and risk incidents moves up the organizational hierarchy and becomes a central issue for the CISO, C-Suite and Board of Directors. In 2020, expect mindful organizations to begin hiring Board members that bring experience in risk management and information security as a way to prepare the business for the digital future. Gradually, this will become a "new normal" for the enterprise as investors pressure leadership for clear strategies on how they are managing digital risk.
BYOD Will Focus on Bring Your Own "Data" – Although data can be a tremendous asset, it quickly turns into a liability given the seemingly endless barrage of large-scale data breaches. As the stakes increase from breach-related expenses, regulatory fines, and irreparable loss of customer trust, we will see where certain industries consider "Bring Your Own Data" policies. It will leverage user-owned decentralized storage, reducing the liability in the event of a breach. Healthcare providers benefit from this paradigm since patients can more readily store an entire medical record amalgamated from seeing multiple providers, and providers can access this record on demand to provide optimum healthcare without having to store patient data themselves. For organizations that do not directly monetize data, this new reality shifts the responsibility of data security to consumers.
Spoofing will go mainstream: A mobile-based application will emerge in 2020 that will offer on-demand animated spoofing for consumers. Its popularity will trigger discussions about deep fakes, the integrity of media and how to regulate/police false content.
This last prediction sums it up best: change is inevitable. Is your business ready? Is your security and risk strategy dynamic enough to adapt for an evolving threat landscape and new digital risks?
As we enter 2020 and a new decade full of innovation potential, the question becomes: did you take the right risk to create a game changer for your organization's future?
# # #
Check out our eBook, 20 Predictions for 2020; Preparing for the Future of Digital Risk, for more insight into what's coming.