Top Seven Cybersecurity Trends for 2020

Tuesday, February 25, 2020

TÜV Rheinland’s seventh annual report on Cybersecurity Trends for 2020 (a collaboration between many cybersecurity experts globally), identified seven key cybersecurity trends we should be aware of in 2020.  

Peter Láhner, business executive vice president for the business stream Industry Service & Cybersecurity at TÜV Rheinland, stated: "From our point of view, it is particularly serious that cybercrime is increasingly affecting our personal security and the stability of society as a whole … One of the reasons for this is that digital systems are finding their way into more and more areas of our daily lives. Digitalization offers many advantages – but it is important that these systems and thus the people are safe from attacks."

Here are the top seven cybersecurity trends that TÜV Rheinland cybersecurity researchers and experts say you should be aware of in 2020:

  • Uncontrolled access to personal data carries the risk of destabilizing the digital society.  In 2017, a French woman, Judith Duportail, asked a dating app company to send her any personal information it had about her. She received an 800-page document containing her Facebook likes and dislikes, the age of the men she’d expressed interest in and every single online conversation she’d had with 870 matching contacts since 2013. The fact that she received so much personal data after several years of using a single app underscores the fact that data protection is now very challenging.
  • Smart consumer devices are spreading faster than they can be secured. The number and performance of individual "smart" devices – such as smart speakers, fitness trackers, smart watches, thermostats and smart home security cameras – is increasing every year, making them a very attractive target for cybercriminals. With the proliferation of smart devices, the attack surface could quickly increase hundreds or thousands of times.
  • The trend toward owning a medical device increases the risk of an internet health crisis. Over the past 10 years, personal medical devices, such as insulin pumps, defibrillators, pacemakers and heart and glucose monitors have been connected to the internet as part of the "Internet of Medical Things" (IoMT). Researchers have identified a growing number of software vulnerabilities and demonstrated the feasibility of attacks on these products, which can lead to targeted attacks on both individuals and entire product classes.
  • Vehicles and transport infrastructure are new targets for cyberattacks. Through the development of software and hardware platforms, vehicles and transport infrastructure are increasingly connected. The disadvantage is the increasing number of vulnerabilities that attackers could exploit – broad cyberattacks targeting transport could affect not only the safety of individual road users but could also lead to widespread disruption of traffic and urban safety.
  • Hackers target smart supply chains and make them “dumb.” With the goal of greater efficiency and lower costs, smart supply chains leverage Internet of Things (IoT) automation, robotics and big data management – smart supply chains increasingly represent virtual warehousing or any place where a product or its components can be located at any time. Nevertheless, smart supply chains are dynamic and efficient but are also prone to cyberattacks.
  • Threats to shipping are no longer just a theoretical threat but a reality. Many aspects of shipping can be vulnerable to attack, such as navigation, port logistics and ship computer networks. There’s ample evidence that hostile nation states and activist groups are experimenting with direct attacks on ship navigation systems and attacks on the computer networks of ships to extort ransom.
  • Vulnerabilities in real-time operating systems could herald the end of the patch age. In 2019, Armis Labs discovered 11 serious vulnerabilities (called "Urgent/11") in the real-time operating system (RTOS) Wind River VxWorks. Six of these flaws exposed an estimated 200 million IoT devices to the risk of remote code execution (RCE) attacks. This level of weakness is a major challenge as it’s often deeply hidden in large numbers of products, and organizations might not notice that these vulnerabilities exist. In view of this, the prediction the practice of installing the latest security updates will become ineffective.