2020 Predictions: 5G, Mobile, Industrial and IoT

This is our first annual roundup of expert predictions for the coming year. Here’s what leading industry figures have to say about 5G, mobile security, industrial and IoT security in 2020:

• Geopolitical instability will result in major cyber-incidents in neutral locations. Multinational corporations that operate in geopolitically sensitive regions are clearly exposed to higher levels of cybersecurity risks. For these multinationals, their activities in sensitive countries represent risks not only to the industrial sites located in areas targeted by attackers, but also to their entire networks, including their headquarters and subsidiaries in other regions. These risks are particularly high for industrial enterprises with tightly connected operational networks across their organizations. For instance, if an operational network is left unsegregated, then a malware attack can easily propagate itself from one to site to another site. An example of this type of attack happened in 2018 when the Italian energy contractor Saipem was attacked with the Shamoon malware. Evidence shows that the attackers originally targeted the Saipem’s industrial sites in Saudi Arabia and eventually were able to impact the company’s servers at sites across Europe and in India. Our research team has witnessed other similar attacks in recent months and we believe that these types of attacks will continue going forward. – Ilan Barda, CEO of Radiflow

• 2020 will be a key year for mobile device security given new demands placed on these devices.While employees and consumers have started to take a more proactive approach when it comes to cyber security over the past few years, there is still more that can be done around mobile devices. Organizations have enjoyed the multiple benefits of BYOD, and employees desire even more business functionality on their devices – but the implications for security are enormous. Fortunately, as the concept of the network perimeter has changed with the rapid adoption of cloud and mobile technologies, attitudes towards security have shifted. Businesses now realize that breaches – including breaches involving mobile devices – are inevitable. Businesses must embrace a solution that provides security without compromising privacy or functionality. As the concept of a network perimeter further dissolves over the coming years, the enterprise especially will need to re-shape security strategy to account for the flexibility we are extending our work force. It’s time to acknowledge a simple fact, you can’t protect what you can’t see. – Anthony Di Bello, Vice President, Strategic Development, OpenText

• 5G promises some dramatic changes. 5G will continue to mature, so some of the benefits that may begin to manifest throughout 2020 include lower latency (reduced app load time and less battery drain), empowerment for mobile app developers to provide better consumer experiences across mobile apps and steps towards computing occurring off device—meaning we are closer to a wearable that’s not tied to a mobile device. It is also important to remember any benefits developers and consumers experience from 5G will also be available to attackers. – Sam Bakken, Senior Product Marketing Manager, OneSpan

• 5G adoption will drive hackers to target mobile as a main attack vector. The proliferation of 5G will make Wi-Fi and hard lines no longer a necessity for fast internet connections. Because of the freedom and speed 5G provides, we will see more consumers relying on their 5G enabled mobile devices as their sole means for internet access. Though today’s mobile-based malware is notoriously difficult to set up and distribute, we’ll start seeing mobile malware that piggy backs on social engineering attacks, specifically targeting bank transfers and ecommerce transactions. This social engineering component via phishing emails and text messages will make the malware easier to inject and spread. While 5G has many built in protections against direct attacks, as the protocol begins to develop more widespread adoption, we will likely see a further degrading of the traditional “network perimeter”. With that will come more challenges for security professionals trying to ensure the security of the data and systems in their charge. – Karl Sigler, Threat Intelligence Manager, Trustwave SpiderLabs

• Dev-security lifecycle becomes the Achilles heel for IoT devices. IoT devices are not getting any safer. With the huge influx of IoT devices in homes and organizations, the attack surface targeted by criminals is just getting larger and more diverse. Manufacturers and developers need to take the security reins. But today’s IoT solutions are often missing security quality assurance during their product development lifecycle. High bandwidth, direct connections to the internet via 5G will increase the threat of Mirai-like botnets. These direct connections will also provide attackers the ability to bypass perimeter protections that are normally in place in homes and organizations. All manufacturers should add security vetting to their product development lifecycle, especially with the cloud and 5G in mind, to get IoT device security in check before the number of vulnerable devices in the market becomes overwhelming. – Karl Sigler, Threat Intelligence Manager, Trustwave SpiderLabs

• We will see an increase in attacks on IoT devices, including smart home devices, home automation systems and more. We might see new forms of IoT financial cybercrime, building on first generation IoT attacks on ATMs and their networks. Cybercriminals will exploit payment services and open banking initiatives such as Google’s plan to offer checking accounts, Apple Pay, Google Pay and possibly Facebook’s Libra. These technologies will provide opportunities for a new type of cybercriminal who utilizes next generation payment providers to hack into accounts and not only access customer data but steal funds as well.    – ThetaRay CEO Mark Gazit

• The market for 5G infrastructure technology is expected to reach $4.2 billion and two-thirds of companies intend to deploy 5G in 2020, according to Gartner. 5G technologies allow businesses to replace existing networks with a lower latency, higher bandwidth alternative, letting them connect more types of devices and enhanced capabilities around technologies like A.I., edge computing and automation. This presents a significant opportunity to companies to advance their technology posture. But as adoption spreads, so do potential security threats from these devices. Companies will reach a critical mass of these devices in 2020, forcing them to reevaluate their risk paradigm for connected devices. Further complicating that paradigm is the fact that devices leveraging 5G could potentially bypass some traditional cybersecurity technologies by connecting directly to cellular networks.  It’s unclear if this changing risk paradigm will result in an attack or breach in 2020 due to the newness of the technology, but regardless, companies will have to consider changing their security strategies or leave a growing section of their devices without adequate protection. – Rob McNutt, CTO at Forescout

• IoT security continues to be a weak spot. Last year we saw our first major hacks against IoT devices and IoT authentication mechanisms. This year we can expect to see even more of these.  Most IoT devices are still only protected by a static username and password, or even worse, nothing at all except the API key that connects to the third-party cloud service (which can easily be stolen). This will need to change quickly before we experience something even more terrible than simply having our thermostat set to 90 degrees in the middle of the summer. IoT security should be one of the primary movers in the security world for next year. – Will LaSala, Director of Security Services, OneSpan

• IoT/smart city security will continue to grow as a target for attackers. Securing cities must begin with preventing phishers from gaining access to computers where they could push out commands to IoT devices remotely. There are many challenges with IoT security, least of which is authenticating device-server communications. Additionally, using default passwords and outdated encryption makes these systems easy to hack. In 2019 we read about some annoying and spooky incidents based on IoT hacking – but heading into the new year what we really need to be concerned about is hackers targeting energy grids and other major infrastructure to cause serious economic and social disruption. – Peter Goldstein, CTO and Co-founder Valimail