Digital dust, the complexity of connected systems, and espionage all compound against a shortfall of workers to demand bold new approaches to cybersecurity.
Nearly two dozen cybersecutity experts from Georgia Tech, business, government and defense, share their observations about emerging trends in a more connected world -- where cyberattacks grow more persistent and sophisticated by the day. While some threats and response mechanisms continue unchanged year over year, other conflicts and challenges are becoming dramatically more intense. Academia, industry and government must work together in bold new ways to solve the grand challenges of cybersecurity.
Download the 2016 Emerging Cyber Threats Report
1. The privacy tug-of-war between individuals and organizations has become a tug with no war. Today, individuals are forced to completely give up tremendous amounts of data in take-it-or-leave-it policies that make privacy loss the price of convenience. No progress has been made to create flexible policies that would allow consumers to opt into portions of a service in exchange for partial use of their data. Plus, our increasing preference for mobile devices over desktop devices means we have become walking, trackable “intellectual property assets” for a wide range of organizations, says Peter Swire. Privacy policies must advance to be flexible and consumer-minded.
2. Exponential growth in the Internet of Things over the past two years creates a larger cyberattack surface, but consumers have yet to prove they want or will pay for a more secure IoT device. The result is that today’s device manufacturers do not naturally have security in their mindset, which leads to engineering staff that are not incentivized to think about secure design, says Bo Rotoloni.
3. The digital economy is growing more complex while a lack of highly trained security workers persists worldwide. “IT everywhere” requires the need to safeguard IT everywhere, says Mustaque Ahamad. More workers are needed in the Americas, Europe and Asia. For the first time since 2012, the majority of corporate boards now report that they are actively addressing cybersecurity. Some corporations are training and retraining workers through unique arrangements with universities like Georgia Tech to provide real-world scenarios that infuse cybersecurity curriculum into a wider range of courses and degree programs.
4. Cyber espionage shows no sign of abating. Once upon a time, cyber conflicts between nation states were considered “low intensity,” albeit active. Today, in the aftermath of the Office of Personnel Management breach, Target breach, and Sony Pictures hack, attackers are burning the house down in the most high-profile ways. Bad actors remain unlikely to be caught, but those with the data are armed with the best weapon – knowledge of who is or isn’t an intelligence operative. We expect in 2016, that huge swaths of private industry will be hacked by enemies for their own national security purposes.
The 2016 Emerging Cyber Threats Report was prepared by journalist and author Rob Lemos of Lemos & Associates based on more than 25 interviews with individuals in and outside of Georgia Tech. The report is released each October at the annual Georgia Tech Cyber Security Summit.