Industrial Internet of Things (IoT) attacks on a large scale through cloud infrastructure and over-reliance on artificial intelligence (AI) in cybersecurity systems are two critical risks for enterprises in 2019, says Forcepoint in its outlook for the coming year.
The company made seven predictions about increasing risks to critical infrastructure and national intelligence in its report.
"The cybersecurity industry and attackers expended effort in a never-ending cycle of breach, react, and circumvent -- a true cat-and-mouse game," said Brandon Tan, principal security consultant in Southeast Asia for Forcepoint.
There are several cybersecurity concerns for 2019 -- including over-reliance on AI tech in cybersecurity systems despite a lack of system maturity; attacks to industrial IoT in bigger ways; phishing attacks via counterfeit reflection; more courtroom face-offs between employers and employees via disputes of stolen data.
Mr Tan said there will be more conflicts on the course to a global cyber cold war; change of cybersecurity cultures that need security trust ratings for enterprises; enterprises will keep some privacy within the services they provide and not keep all critical data in cloud systems, called the "driven to the edge" trend.
He said AI in global cybersecurity systems are not truly AI that efficiently carry out self-learning, self-decision or self-adjustment for cybersecurity systems, but are instead machine learning.
Compared with AI tech development in other sectors such as automobiles and transport that have matured, AI in highly sophisticated systems like cybersecurity have not yet matured, said Mr Tan.
Over-reliance on AI in the existing cybersecurity system of enterprises will create increasing risks to enterprises worldwide from 2019, he said.
Attacks on consumer IoT are prevalent, but the possibility of disruption in manufacturing and similar industries makes the threat more serious. Meltdown and Spectre vulnerabilities have given attackers a way to target hardware -- cloud infrastructure may be next.
The third risk is counterfeit reflection. Although biometrics offer additional security by using data more unique to each end-user, newfound vulnerabilities in facial recognition software lead experts to put faith into behavioural biometrics.
The fourth risk is the possibility of courtroom face-offs. There will more disputes between employers and employees on leaked data, he said.
Mr Tan said fracturing trust between world powers and trade embargoes have dominated the media in 2018.
Industrial espionage presents a way for nations to acquire new technology they would have otherwise purchased legitimately.
Sixth, consumers exhausted by breaches and abuse of their personal data have led organisations to introduce new user privacy needs inside of the services they provide, rather than keep all critical data in cloud storage.
Lastly, there will be changes to cybersecurity cultures, especially the need for security trust ratings systems that will indicate to potential partners how safe it is to permit suppliers to handle personally identifiable information or other critical data.
Large-scale breaches defined 2018, impacting user privacy in a way no one has never seen before, said Mr Tan. In 2019, promises of advanced cybersecurity technologies are rampant, attribution becomes more difficult to prove, and new attack techniques subvert organisations not yet ready to deal with the ever-changing cyberlandscape.
Enterprises and governments are facing a hyper-converged world where connected systems put not only critical data and intellectual property but also physical safety at risk, he said.
