Ben Rafferty, Global Solutions Director, Semafone looks at what technology predictions we got right this year, and what ones we got wrong.
One year ago, we predicted what the upcoming year might hold for the technology sector. We believed that 2018 would be the year in which customer privacy and data protection would finally be at the forefront of debate due to the high-profile security breaches which were hitting the headlines late last year, as well as the much-anticipated introduction of the EU General Data Protection Regulation (GDPR).
While some of our predictions were pretty accurate – including our prediction that the world’s billionaires would continue their race to build rockets, proven in February with the well-documented launch of Elon Musk’s Falcon Heavy rocket – we’re still waiting for a few to materialise. Here, we’ve looked back at which of our other forecasts became a reality this year.
Prediction 1: Hackers will go into overdrive…
…on the IoT. Right
Our view was that 2018 would see an increase in DDoS (Distributed Denial of Service) attacks of ever-increasing ferocity and duration on IoT devices. These attacks are conducted by “botnets”, which comprise of a number of internet-connected devices, such as routers and wireless IP cameras, each running one or more bots. This prediction quickly became a reality with the first DDoS attacks occurring on 28th January, targeting a number of government departments and banks in the Netherlands, including ING Bank. Inskit Group, a team of threat intelligence researchers, stated that these attacks were conducted by IoTroop, a ferocious botnet. They fear that IoTroop is continuing to evolve and will facilitate larger DDoS attacks in the future. With adoption of IoT still on the increase, we can expect more of this kind of threat in 2019.
…on autonomous vehicles. Wrong
We predicted that attacks on autonomous vehicles would also increase. However, while there has been development in this technology, widespread adoption has not yet come to fruition, meaning attacks on these vehicles haven’t yet been a major problem. Security experts at Cruise, GM’s self-driving car company, announced that the ongoing development of autonomous vehicles ensures that manufacturers have “more time to get things right“, which includes building encryption and cryptographic code signing into a car’s system. In theory, this could minimise the attack surface hackers can abuse, making these cars less hackable than you might think.
… and on ransomware. Wrong
Contrary to our estimations, global ransomware attacks did not make big news, with ransomware attacks declining by nearly 30% over the past year. This was due to many businesses refusing to pay the ransom, resulting in a reduction in the return on investment for hackers.
Prediction 2: Getting with the regs. Right
We predicted that 2018 would be the year that governments across the world would start to view cyber-security as a consumer protection issue. This proved to be correct in the US, where the California Consumer Privacy Act was passed on June 28th 2018. This granted consumers four basic rights in relation to their personal information, including the right to ‘opt out’ and ask a business to delete their personal information.
In Europe, the GDPR has reshaped the way everyone has had to think about data protection. However, large fines for organisations not respecting the GDPR regulation have not yet materialised. Regulators, such as the ICO in the UK, appear to have focused on educating the industry on their new data protection obligations rather than punishing them straightaway.
Prediction 3: White collar crime. Wrong
With the increase in regulation, especially the November 2017 Data Security and Breach Notification Act in the US, we anticipated that senior executives might finally be sent to jail. It looks as though we may have to wait another year for that. There were no dramatic convictions, even against the Equifax executives, whose reckless behaviour compromised the security of over 140 million Americans as hackers stole their personal and banking information. This is an enormous scandal for a corporation whose core business is collecting consumer data to give credit scores. However, many customers and commentators continue to campaign for the incarceration of Equifax executives so perhaps justice will finally be served in 2019.
Prediction 4: Digital skills gap. Right
Despite the overwhelmingly positive impact the GDPR has had on attitudes towards security, we predicted that it may also have a side effect when it came to the digital skills gap. The regulation has redefined the roles within organisations, as some businesses have now had to appoint a chief data officer (CDO). This has drawn many skilled security professionals away from the coalface and into compliance and privacy management roles, widening the skills gap for chief information officers (CIOs) and chief information security officers (CISO), leaving positions unfilled. According to CyberEdge’s 2018 Cyberthreat Defence Report, 80% of organisations will be affected by the cyber security skills gap, with 4 out of 5 organisations struggling to fill their cyber security positions.
As 2019 looms…
Overall, 2018 saw the compliance landscape become increasingly more complicated and onerous for businesses, with consumer data protection and privacy finally given the recognition they deserve. However, with regulatory law failing to result in the big fines or the punishments that we predicted – both at home and abroad – some of these predictions may spill over into next year. We can only wait and see what happens in the technological world in 2019.