Cybersecurity in 2020: Vigilance and the human element

Todd Inskeep, of Booz Allen Hamilton and the RSA Conference Advisory Board, writes that individuals must remain vigilant to stay a step ahead of those wishing to inflict chaos. Here’s how humans and technology can work together in 2020 to combat threats.

cyber threat security compromised vulnerable men on the street
Getty Images

Another year, another record-breaking 12 months of cyberattacks. According to Norton, 2019 saw more than four billion records breached, impacting organizations of all sizes across all sectors -- not to mention consumers. As the number of data breaches continues to grow, so too must the vigilance of all businesses and consumers to fight the ongoing threats.

As we enter 2020, one thing remains certain: cybersecurity, at its core, is inherently connected to the human element. Humans and technology will become even more intertwined as they work to address scams of various forms, as they partner with technology such as AI, and address growing threats from around the world.

To successfully navigate the cybersecurity landscape in 2020 and beyond, individuals within the government as well as corporations must remain vigilant, constantly examining their approach to these threats, to stay one step ahead of those wishing to inflict chaos. Below are a few ways humans and technology will work together in 2020 to combat threats faced in the new year and beyond.

Scammers gonna scam

Scam artists have been around as long as their unsuspecting targets, and even though the technology used to trick these naive victims has evolved, scammers will undoubtedly continue to wreak havoc in 2020. The problem is that our nature as humans is to be trusting -- but that is also the core of the cybersecurity industry; people protecting people from threats in every aspect of their lives.

Con artists have always preyed on this trust. As the internet and digital world has progressed, their methods have become almost scientific -- playing to fears to incite a quick response. Now, technology is expanding so rapidly that people and businesses might not be able to adapt to  new threats, or even adapt to the pace of change that we will see in the next decade and beyond. The gap between technology and our ability to prepare for those threats will leave opportunities for con artists to exploit.

While scams like the mysterious Nigerian prince attempting to give away his fortune do not  seem to be going anywhere, a more insidious scam took hold in 2016 that shook up the industry -- the spread of disinformation across social media platforms that ultimately shaped the presidential election that year. These fraudulent ideas are tested on platforms like 4Chan in countries that are unstable with lax laws and are disseminated across social circles until it finally reaches mainstream audiences on platforms like Facebook and Twitter.

Businesses, government officials and everyday citizens must remain vigilant against potential scams in 2020, no matter how appealing or view-affirming they may be. The adage holds true: If it appears to be too good to be true, it probably is.

Using AI with caution

Artificial intelligence adoption has been widespread across many industries and lines of business in the last five years and cybersecurity is no exception. But businesses should be cautious about implementing the technology too quickly, before algorithms can be tested sufficiently against inherent biases. Business leaders are poised to learn a lot of new lessons from the usage of AI in cybersecurity this coming year and how these algorithms work (or do not in some cases).

Recently, Apple came under fire for an algorithm it relied on to determine credit limits for their new Apple Card. Because of one decision tree within the algorithm, the end result was that men and women were being offered different credit limits, with no discernable difference in their application other than gender. This underscores the slippery slope of relying solely on an algorithm to determine outcomes, despite their usefulness at building scale and curating an image of evenhandedness.

[ Security ebook: Guide to top security certification ]

In the coming years, businesses should absolutely implement AI into their workstreams, as it can provide a lot of benefits to companies, but leaders must remain skeptical of the algorithms and not be afraid to test them for unintended human bias. Extensive testing, not only for what the algorithm is intended to be used for, but also what it wasn’t designed to do, is the only way to remove these biases and prevent errors like the one Apple experienced.

Government’s role in addressing cybersecurity risks

Despite an anticipated spike in the number of organizations that are able to defend themselves against cyberattacks, companies large and small will continue to be the target of malicious actors, some of which will be successful. Where will these cyberattacks be coming from? Even a crystal ball would have trouble channeling that tidbit, but in 2020, China will likely keep moving into a role more like a "big brother" when it comes to companies operating in China, requiring government access, permissions and controls beyond specified encryption tools that will impact companies' security.

We have already seen some government initiatives to address the growing need for structured guidelines for cybersecurity standards and best practices through policies like CMMC (Cyber Maturity Model Certification). This policy will drive enforcement of requirements that have been contractual for some time, including requiring a verification component to contracts and allowing for third party organizations to audit companies to determine risks for cyber threats.

In 2020, it is possible that we will start seeing organizations miss out on government contracts because companies can't or haven't demonstrated a level of maturity in addressing cybersecurity threats. CMMC is going to improve some of the foundational security work that companies should have been doing all along. It’s also going to take some time.

People are going to start auditing and getting audited against the CMMC, and that is going to improve foundational security functions and processes -- a great first step in protecting businesses from the growing threats coming in from bad actors around the world.

2020 will likely bring more of the same as past years:  cyber threats, scams and efforts from government and businesses to stay ahead of these threats. The question of 2020 will not  be “will there be a cybersecurity threat?” but rather “how prepared are we to address that attack when it does come?” And that answer will depend on the groundwork that businesses, governments, and individuals lay today.

With all the new technologies and strategies that are being employed by both security pros and threat actors, one thing remains on the front line of those attacks: vigilant individuals who have made it their careers to protect their fellow citizens.