In light of everything we experienced in the last few years concerning our data (data breaches after data breaches) and privacy (Facebook selling access to our data), it’s important to emphasize this sobering, even cynical, point about our cybersecurity going into 2019 and beyond:
We have to assume all our information is already stolen or sold.
At this point of our technological evolution, we have to come to terms with the fact that there are known and unknown breaches that, when put together, suggest our data has already been breached. It’s just a matter of how much of our data, and whether it’s something that’s fixable.
The good thing about data like our emails and passwords is that they can be updated. Just change your passwords – everywhere – and use a password manager so that not even you know what your passwords are. However, if the hackers have already gained access to more sensitive data, then those things aren’t 100% fixable: things like social security numbers, dates of birth, your private photos or videos.
The only thing we can really do there is to mitigate our losses and make sure our current and future data is safer.
So, with that as our practical goals, what do we have to look forward to in 2019 and beyond when it comes to data and privacy? We’ve put together a list of the 7 top cybersecurity trends and predictions that you should be aware of.
#1 Greater accountability for data breaches
We’ll start it all off with some good news: as data breaches and scandals stay in the public mind, state and federal regulations will kick in to hold those responsible accountable.
Already, the FTC is considering leveling “record-setting” fines against Facebook for all its many, many data “whoopsies.” That’s not to mention the $1.6 billion dollar fine the EU is considering slapping against Facebook.
What it all means is this: as consumers get more troubled by the constant stream of data breaches, lawmakers will be working overtime to hold those companies accountable so that these situations are avoided in the future.
#2 Blackmail for cryptocurrency
This really took off in 2016 and 2017, but it’s only set to continue going into 2019 and beyond. Ransomware, where users’ sensitive files are held for ransom in exchange for Bitcoin or other cryptocurrency, will only become stronger going forward.
Normally, hackers will either threaten to release sensitive files, or block access to those files, until the user pays up. The ransomware market is also expected to consolidate with fewer groups working together for more effective campaigns.
That means bigger targets for bigger sums with a higher frequency.
#3 More state-sponsored hacking
Since there are no rules for cyber warfare, it’s very likely that nations will continue working to attack each other on any and every digital front. This happened most famously with the following:
- Russia’s interference in US elections
- China’s stealing of intellectual property
- North Korea hacking Sony Pictures
- The US and Israel using malware to destroy nuclear equipment
This trend is only set to increase as the technological development of cyber warfare increases.
2017 saw the huge boom of cryptocurrencies, and 2018 saw that mostly burst as Bitcoin prices lost roughly 8x its November 2017 values. But that doesn’t mean that crypto is dead, especially when it’s so easy to mine it – using other people’s computers.
In fact, with weak IoT devices and the abundance of malware options, it won’t be too difficult for hackers to use the computer power of users’ devices to mine for cryptocurrency. Known as crypto-jacking, this type of attack can go largely unnoticed by the user – except in seeing significant slowdowns in their device performance.
#5 IoT devices 1: weak protections will bring about more powerful botnets
It happened most famously in October 2016 with the Dyn cyber attack that affected large parts of North America and Europe. The DDoS attack was assisted by poorly-protected IoT (Internet of Things) devices linked together in a powerful botnet.
More IoT devices are being put on the market, and most of them have really low protection. These devices can include any “smart” thing, including smart thermometers, smart speakers, smart fridges, smart TVs, and more. Unfortunately, most IoT devices will have the same usernames and passwords set to “admin,” “password” or something equally easy.
As the IoT market booms, the likelihood of botnets using IoT devices increases as well, and it will only be a matter of time before another major attack happens. This time, it will only be worse.
Some cybersecurity experts predict that we’ll begin to see “swarm” networks or “hivenets” – self-sufficient bots that can make decisions, gather together their collective intelligence, and work independently to target vulnerabilities in networks. They will also be able to identify new vulnerable devices to add to the hive.
With the new 5G networks rolling out soon, this will only be compounded, allowing these hivenets to become even more effective.
#6 IoT devices 2: the ethical and legal dangers-by-design
Perhaps the most popular IoT devices now are smart speakers, powered by the virtual assistants Alexa or Google Home. As they gain in popularity (and their prices come down), we’ll be seeing the following ethical and legal situations popping up.
No reasonable expectation of privacy
Your Alexa- or Google Home-powered devices are always on, listening for the magic wake up word (“Alexa” or “OK Google”). But beyond that, there’s a lingering fear in consumers’ minds that Alexa is always listening, always recording. This leads some homeowners to even speak more quietly in their home or preferring to have private discussions in another room.
We wish it were merely paranoia, but two instances have proven otherwise. First is the Portland, Oregon, couple that had their conversation about hardwood floors sent to one of their employees.
And then there’s the Frankfurt man who was mistakenly sent 1,700 audio files of a complete stranger. Of course, it’s allvery explainable: the second situation was a simple human error on Amazon’s side. And, for the first, it’s possible that they said a word similar to the wake-up word – something like “Alexis” (a woman’s name), “a Lexus,” or any other similar-sounding string of words – that caused the smart speaker to start recording.
But it has happened and, as time goes on, will continue happening. That’s leading Alexa-owning homeowners to have no reasonable expectation of privacy, even in their own homes.
No notice of consent
If someone buys an Echo with Alexa, it’s logical that they’ve implicitly consented to having their voice data recorded. This is for the basic functioning of the Echo, so that it actually does what they want it to do.
But now the question: does Alexa have consent for any guests to the owner’s home? There is no explicit notice of consent – Alexa doesn’t ask them for it – and therefore no explicit consent is given. So, does Alexa have the right to record and store voice data on random people? What if those people include children – say, those under the age of 12?
Combine that with the possibility of another “unforeseen and completely rare error,” and we’ll likely get into some interesting legal issues here.
Long-term emotional tracking
Alexa can connect many separate Amazon products and devices. Google Home goes further by working on any compatible smart device. These virtual assistants also have the ability to sync across devices, allowing them to share data to provide a better, more seamless experience for the user.
One of the possible outcomes of this is long-term emotional tracking, where certain data points are recorded and a proprietary algorithm works on predicting what the user wants, when he wants it.
Let’s say it starts with the AI learning what cycle to order your toothpaste, toilet paper, and milk based on your behaviors. One evening you and your girlfriend have a fight, the next morning you ask Alexa to play your favorite sad song – Van Morrison’s “Carrickfergus” for example – and then Alexa goes ahead and orders your favorite ice cream.
Pretty appropriate for the state you’re in, but this kind of calculation means recording not just your actions, but also your emotions at any given time. Seeing as there’s a pretty fine line between prediction and manipulation when it comes to profits, we’re getting into some ethical issues here.
While it may seem far off, Amazon has already patented the technology to analyze your emotions based on your voice alone – and to use that data for “advertisements or promotions.”
#7 On the horizon: AI-created photo and video fakes
Nvidia researches unveiled some extremely realistic-looking photographs of people that had been completely generated by their AI software. The process allows them to copy the styles of real faces and create blends that are scarily realistic.
The software is also able to create realistic images of cars, cats, and bedrooms.
What’s so scary: putting images together in a sequence creates a video. In the current global political climate, having amazingly realistic (but fake) video about real people can have some huge, negative impacts.
The technology-regulation gap
Many of these items in this cybersecurity trends and predictions list comes down to the gap between the rapid development of technology and the laws needed to regulate that technology.
Companies like Facebook have claimed many times that it’s best to let them self-regulate. But the last two years have shown us that is a complete and utter lie. With the intersection of technology and profits, regulation will always be required.
Promising regulation is coming about in places like California to deal with the atrocious vulnerabilities of the IoT devices market. Newer regulations like the GDPR have also helped ensure that companies are being careful with users’ online data.
But as technology continues its break-neck speed, and governments are more focused on in-fighting rather than solving real-world problems, this gap will only continue to widen.
In that gap, then, it’s important to lessen these dangers. Stronger passwords, better online behaviors (such as not clicking on suspicious links) and the use of VPNs to help anonymize your online presence can help keep you safe online.
After all, using a VPN not only helps you hide your real IP address, but it also encrypts your data so that snooping eyes won’t be able to see what you’re up to. There are some truly great VPNs with strong data-protection history and independent audits that can be trusted.
However, at the end of the day, your online safety is in your hands. It’s more important now than ever to remain vigilant.