If you read our previous blog on 2017 Cyber Security Predictions, you will have an idea of what we think may happen in the coming year. But this one… this is where I get to have a little more fun and predict what cyber security will look like in 5 short years. Read the seven headlines below and let me know what you think!
5-year Prediction #1: The end of privacy laws.
Following hundreds of major data breaches from 2017-2021, citizens in countries throughout the world have voted to discontinue all privacy laws because there is no longer any more information that is private. Instead, countries have moved from laws that require non-disclosure of private information to laws that require alternate factors and validation before any private data is used. No one cares anymore what is known about you, but it is now illegal to use this information to deny benefits, employment, or gain credit. We will have moved from a prevention model to one that is defensive and specific.
5-year Prediction #2: No more operating systems to compromise.
Operating systems have gone away and every laptop on the market is now running an emulator that functions as a start-up program on embedded firmware. Nothing can ever be infected anymore because a few key vendors got together to actually use the trusted modules inside technology.
5-year Prediction #3: No more embedded passwords in IoT devices.
Following a wide-spread, multi-day Internet outage as the result of multiple botnet attacks—all originating from IoT devices—the IEEE will have developed some new standards for communications and encryption on these IoT devices, and they will have dynamically generated passwords that require physical access. Every vendor has removed default passwords, and people are now used to physically touching most devices to display the password.
5-year Prediction #4: Decrypted Internet traffic makes anti-virus software irrelevant.
Speaking of IoT, communications providers, sick of their constant fight against IoT vulnerabilities and DDoS attacks, gain permission to begin decrypting traffic for the sole purpose of blocking attacks that do not match industry standards. This effectively knocks all non-IEEE standard devices off of the Internet and reduces the total consumption of bandwidth by 90 percent on the Internet. This move single-handedly makes anti-virus software irrelevant, as viruses can no longer even traverse the Internet without being blocked.
5-year Prediction #5: Terrorism and cyber-terrorism form a bloody convergence.
As terrorism has morphed, we see multiple occurrences of terrorists cutting off body parts of their victims and use them to gain access to computer systems. This will morph the biometrics industry into requiring two or more factors, including body heat and electrical impulses of skin.
5-year Prediction #6: Embedded technology into the human body automates multi-factor authentication.
Speaking of two-factor, we have started to see users embed technology into their body as part of their second factor of authentication. This chip will only work when a certain heart rate, GPS location, and temperature are detected, but contains your entire life history and will be used for medical purposes, authentication, and other forms of things that require you to be physically present. This device is powered by your body.
5-year Prediction #7: Hacked self-driving cars lead to “Drive-thru ransomware.”
Malicious software that was planted in autonomous vehicles is responsible for driving people across the country. In hundreds of cases of self-driving car failure, mischief makers have locked passengers in their cars and have had them driven across the country from San Francisco to New York before letting them out. Another strain, now called, “Drive-thru Ransomware,” requires the passenger to pay a fee to be let out of the car. In other more malicious parts of the world, this technology has also been used to kidnap unsuspecting passengers, who have had to pay a ransom to get out.
Scott Carlson, Technical Fellow
As Technical Fellow, Scott Carlson brings internal technical leadership to BeyondTrust, strategic guidance to our customers, and evangelism to the broader IT security community. He also plays a key role in developing innovative relationships between BeyondTrust and its technical alliance partners. Scott has over 20 years of experience in the banking, education and payment sectors, where his focus areas have included information security, data centers, cloud, virtualization, and systems architecture. He is also a noted thought leader, speaker and contributor to RSA Conference, OpenStack Foundation, Information Week and other industry institutions.
Prior to joining BeyondTrust, Scott served as Director of Information Security Strategy & Integration with PayPal, where he created and executed security strategy for infrastructure across all PayPal properties, including worldwide data centers, office networks, and public cloud deployments. He led several cross-departmental teams to deliver information security strategy, technical architecture, and strategic solutions across enterprise IT environments. As a member of the office of the CISO, CTO and CIO, Scott spoke on behalf of the company at global conferences. In addition, he was responsible for infrastructure budget management, vendor management, and product selection, while also serving as the cloud security strategist for private OpenStack cloud and public cloud (AWS, GCP, Azure). Prior to PayPal, Scott held similar roles with Apollo Education Group and Charles Schwab.