I was recently asked for my take on the big trends in consumer security. Futurology is mostly a fool’s errand, but for what it is worth here are 6 general trends that I expect to remain true for at least the next 5 years:
1. More and bigger data breaches
There is already more than one account for every human on Earth in the most well known breach database.
Just this week, we learnt that Facebook has been storing hundreds of millions of passwords in plain-text for the last 7 years.
This problem is not going away, so Keep Calm And Use A Password Manager!
2. IoT getting cheaper and so more omnipresent
Until regulation catches up to consumer safety regulation, security and privacy issues that we thought we fixed 10, 20, 30 years ago will keep appearing, just at a bigger scale than before.
Have you ever checked if your fridge isn’t leaking toxic gases when you get it home, and patched the leak yourself?
Have you ever checked if your curtains are really flame resistant enough when you get them home, and then re-coated them yourself?
Have you ever checked the settings of the teddy bear you just bought for your child to see if the “lead poisoning activated” setting hasn’t been set to “on” by default, and had to manually turn it off?
Then why should you be expected to do the same for your IoT devices?
3. Phishing is still by far the most common way for a breach to start
Around 80% of infections/breaches start from phishing, depending on who is measuring it.
Criminals and nation states take the easy way when they can, and far too often they can.
This isn’t going to change any time soon.
4. Nation state hacking WMDs
The big nation state hackers, especially the US, will not stop developing worse and worse hacking “weapons of mass destruction”.
These weapons will get leaked at some point. And this will lead to new waves of mass attacks.
It happened after Stuxnet – according to Microsoft in the 3 months after Stuxnet became public, the #1 exploit used in Windows cyber-crime attacks was one of Stuxnet’s 4 zero-days.
It happened after some of the NSA’s hacking tools were leaked, with their EternalBlue exploit used by both Wannacry and EternalPetya.
5. Mass non-consensual data collection and surveillance
Mass non-consensual data collection and surveillance by governments and giant corporations is only going to grow.
This is despite GDPR and other efforts to protect privacy rights, because mass data collection and analysis is so easy to do and so powerful.
Our fundamental human right to privacy will be an ongoing battle-front for years to come.
6. Cyber-crime will remain extremely profitable and hard to stop
The exact methods and attacks come and go over time, but the results are the same.
Users remain under constant attack, even if they don’t notice. And users will continue to need protection.
Each and every week, approximately 25% of our users are saved in one way or another by F-Secure SAFE.
The Red Queen’s Race is an idea borrowed from Lewis Carroll’s Alice in Wonderland by evolutionary science to talk about the eternal genetic arms race between different species, and especially between animals and their parasites and diseases.
Each generation is a new fight where maybe the latest Influenza virus will kill forty million people like in 1918, or maybe we will on average live longer and healthier lives year by year, as for a time we gain the upper hand… Until the next global disaster comes along, whether that be a disease, a meteor strike, or a zombie apocalypse.
Modern cyber security is a very similar Red Queen’s Race – we are constantly running to stay in place, against an ever changing and evolving horde of parasites and predators. If we want to get anywhere, we have to run at least twice at fast!
This is why I am confident that these deliberately broad predictions will hold true.
This is why I am confident people wanting a job helping to protect people will find a space for a long long time to come.