2020 Cybersecurity Trends: Industry Poll + Interview
In December 2019, SmartBrief polled readers from four trending newsletters to gauge their priorities for 2020. Accompanying our poll results is an interview with SmartBrief on Cybersecurity’s editor, Sarah Nessel, on her outlook for the coming year.
We recently ran an end-of-year poll in SmartBrief on Cybersecurity asking readers about the trends that will matter most to them in 2020. Which cybersecurity topic do you personally think people should care about most this year and why?
Ransomware attacks tend to generate a lot of media attention because of their bold nature and the sometimes jaw-dropping amounts of money the criminals demand in exchange for unlocking data. Certainly, these types of cyberattacks should be of concern to corporate executives and government officials, because corporate and government entities are the primary targets -- sophisticated hacking groups generally aren’t going to bother encrypting the personal data of Joe Average Citizen’s laptop, since Joe Average Citizen can’t afford to shell out millions of dollars in ransom.
But Joe likely has a bank account or two, and less-sophisticated hackers can easily mount a phishing campaign with authentic-looking emails in an attempt to get Joe’s banking username and password.
Phishing attacks have grown very difficult to detect, and more people need to be on the alert for them. I fell for one myself -- for about a minute and a half. As soon as I realized what had happened, I changed my password and upgraded to two-factor authentication. No harm was ultimately done, but I was one of the lucky ones.
Close to 45% of SmartBrief on Cybersecurity readers polled said data breaches and cyberattacks mattered most to them. Which organizations do you think should be most concerned about these risks and why?
All organizations are now at risk, particularly when it comes to ransomware. Small entities (both private and public) are tempting targets because they’re perceived as having fewer resources to devote to cybersecurity, and large entities are tempting targets because they have more resources to pay ransom.
Cyberinsurance adds a new wrinkle. In many cases, insurers will pay the ransom demands, because doing so is cheaper than covering lost revenue during the time the targeted entity is unable to operate. This, in turn, encourages more ransomware attacks.
Only 4% of readers said data privacy policies were their primary concern for 2020, despite the California Consumer Privacy Act taking effect in January. Should more professionals be concerned about these potentially critical laws?
In terms of ranking tech-related concerns, data privacy policies should probably come right after cybersecurity. The challenge is that in the United States, we’re rapidly headed toward a patchwork of state laws that will, in effect, be next to impossible to fully comply with.
Federal efforts to set overarching privacy legislation have come in fits and starts and are often derailed by competing interests. Now that the impeachment process, the Iran situation and the 2020 election cycle are commanding lawmakers’ time and attention, most observers aren’t expecting federal privacy legislation anytime soon.
When it does come, it may be modeled to at least some degree on the CCPA, but at this point, even that law -- which technically took effect Jan. 1 -- is generating more questions than answers, as the state works to finalize the rules it will operate under. And some observers say that even once it’s fully implemented, relatively few consumers will bother to take action to protect their data under its provisions.
From your experience as editor of SmartBrief on Cybersecurity, what types of articles do readers tend to click on most?
Wide-scale data breaches -- such as the Equifax and Yahoo breaches -- draw more clicks than anything else, both in the initial reporting and the follow-up stories about how to file claims for compensation. Running a close second are stories about vulnerabilities in commonly used hardware and software, such as the risks of “juice jacking” related to the use of public device-charging ports, and vulnerabilities in Android software and popular mobile apps.
Which news outlets consistently provide the best cybersecurity content to include in the newsletter each day?
We try to provide a mix of stories, covering both the technical aspects of cybersecurity and the broader economic and societal picture. For the more technically inclined reader, ZDNet, CNET, TechCrunch, Wired, Computerworld and The Verge offer solid material. Wider-interest publications also doing a good job in this area include Reuters, Bloomberg and The Wall Street Journal. For policy issues, The Hill is useful.
Do you have any final thoughts on the poll results in general?
I was somewhat surprised that household device security didn’t rank higher on the list of concerns. Possibly, this is because such devices aren’t yet prevalent enough to create a “critical mass” of societal concern about surveillance and privacy.
Finally, one element of the cybersecurity landscape that I think people should probably be more informed about is the growing use of biometric data as a security measure.
Proponents like to tout that biometric authentication will make everyone’s life better by doing away with passwords forever, and they often claim it’s foolproof, but at the moment, that isn’t the case. These technologies have a long way to go, and the scope of privacy concerns they’ll create is vast. Along with worries about the possible development of a “surveillance state,” I’m concerned about things on a more personal, household level.
For example, what happens to biometrically accessed accounts when the account-holder becomes incapacitated by age or illness? Family members and legal fiduciaries who need to monitor the accounts of a person with advancing dementia -- and who may live hundreds of miles away -- can easily do so if the access is password-based, but if it’s based on fingerprints, eye prints, etc., things get complicated quickly.
If you enjoyed this peek into 2020, subscribe to ISACA SmartBrief on Cybersecurity for quality content personally curated by Sarah, five days a week. For more informative news coverage, you can subscribe to any of SmartBrief’s 275+ free newsletters.
Poll results based on data from 556 respondents.
- Data breaches & cyberattacks - 248 votes
- Critical infrastructure security - 107 votes
- Household device & IOT security - 69 votes
- Mobile device security - 59 votes
- Government cybersecurity & cyberwarfare - 51 votes
- US & EU data privacy policies - 22 votes