2014 was a year rich in innovations. The appearance of connected clothing and the development of the Internet of Things are of course receiving all the attention and promise a year 2015 that is just as rich. However, there is always a shadow on the table: cybercrime. Our personal data is more exposed than ever and governments do not seem determined to enforce laws to remedy it.
2014, a year of highs…
In 2014, the cloud and mobile technologies helped make our lives easier, more productive and more enjoyable. As for mobile devices, they now represent more than 30% of Internet traffic, twice as much as 18 months ago.
Mobile technologies themselves continue to evolve. I am thinking in particular of connected clothing and accessories, such as Google Glass or watches. But as trendy as they are, these technologies are nothing compared to the Cloud. Over 90% of businesses and 90% of Internet users now rely on the Cloud for easy, affordable and permanent access to their favorite data and services. The Internet is no longer a means of connecting to information, but the place where it is stored.
… And down!
Unfortunately, innovations and risks are inseparable. We saw this with the succession of large-scale computer attacks that affected businesses in all sectors this year.
Our adversaries are no longer just criminals and hacktivists. The sophistication and the increasing number of attacks are all signs that point the finger at states, new players in cyberwar. And these dubious practices have started to provoke diplomatic crises in the real world. I am thinking in particular of the tensions which have increased between the United States and China.
Some governments around the world are trying to stem the phenomenon, but there is very little progress that is worth mentioning. The revelations of Edward Snowden in 2013 continued to polarize the debate on privacy and to slow down the legislative efforts, which were nevertheless necessary. In this context, what can we expect in 2015?
1. National cyber attacks will continue to evolve and increase, but the damage will be borne more by the private sector
In 2014, states around the world pushed the acceptable limits of cyber attack to control their own populations and spy on other states. Because no one has been actively engaged in developing acceptable standards of digital behavior – a digital Hague or Geneva Convention, so to speak – we can expect this secret digital war to continue. However, private sector companies will increasingly be drawn into this war either as a targeted victim or as an involuntary instrument of attack on other companies.
2. The privacy debate will mature
3. The distribution sector is the current target and personal health information (PHI) is in the crosshairs
Following numerous loopholes in the retail and financial services sector in 2014, companies that manage payment card data are strengthening their defenses and narrowing the window of opportunity for cybercriminals, making them less profitable as targets. Unfortunately, the distribution sector is massive and global in scope, and it will continue to be an environment rich in targets. In 2015, however, well-organized cybercriminals will increasingly turn to the theft of another type of less secure data, very profitable to monetize in the cyber crime economy, and largely owned by companies that do not have no defense against sophisticated attacks: personal information held by health service providers. Alas, it is likely that we will see another round of hacks until providers have strengthened their security to effectively combat these threats.
4. The identity of (connected) objects
Despite the hype around software and system vulnerabilities, they become less lucrative for criminals than social engineering and other easier-to-execute trust exploits. I read a tweet this year that pretty much said, "No need for Zero Days when you're stupid." The increased human-machine and machine-machine interaction will only aggravate this situation. As a result, the authentication and management of the identities of people and connected objects that access our networks and data will be an increasingly critical security element in 2015. Get ready for the Botnet of objects. Considering this trend, the rapid growth of the Internet of Things in the healthcare industry, and my prediction on Personal Health Information (PHI), the ramifications are really scary.
Although we have witnessed a change in the chairmanship of the United States Senate, I am not optimistic about the chances of seeing cyber security legislation evolve in 2015. Although this is an important issue critical for the future of all nations, it is complex and progress will be difficult in the current geopolitical climate. In the absence of comprehensive legislation, industry regulators will step in to fill the void by creating a patchwork of potentially incompatible new compliance requirements (alas…).