Last year I made cybersecurity predictions, broadly rendered as:
- An increase in SSL visibility.
- Increased flight of data and sites from the US.
- Increased necessity for digital forensics in the mobile platform space.
- TOR would face more scrutiny and have to harden itself against those.
- Bitcoin would increase its dominance while Ethereum would become more of a thing.
- Biohacking would start needing security safeguards.
- Data science would start to be applied to emerging threats.
I’d have to say I did well, getting at least 6 of 7 of them – I’m not sure that biohacking has started implementing security as such just yet.
There’s definitely been an increase in SSL, and an increase in calls for responsibly decrypting it for companies. Not only has my company experienced growth in this area, a number of competitors have tried to enter the market. I don’t speak for the company officially in any way, but a quick Google search would show this to have been on track. (You might have to add “-blue” and “-coat” to your search results to see the efforts being made by others.)
It looks like I was wrong on the increased flight of data and sites from the US. While there are still efforts everywhere to move data to locations in which it must reside, it’s actually becoming less of an issue. Technological solutions are being made so that things like tokenisation of data ensures that the data never leaves the original premises while cloud applications store the tokens, and a substitution is done in the middle at the network border. As such, it’s becoming less of an issue. Additionally, a Google Trends analysis of “offshore hosting” seems to show a downward trend over time, and for 2015, a fairly flat-to-downward trend. I’m definitely calling this one a miss.
While it’s not the only term, I think the trend is clear.
Interesting the expiration of “Safe Harbour” clause in Europe has been forcing more in the way of technological changes, ensuring that data will remain with in the country of its origination as required by most laws now.
It looks like I didn’t quite hit the mark on mobile forensics, either. Most of the data associated with mobile devices is moving to the cloud, and securing that data just means securing the cloud. The other thing hampering this is the number of models and operating systems available on today’s devices – it’s hard for mobile digital forensic vendors to keep up. There’s still a need for mobile digital forensics, of course, but it didn’t quite increase as I thought it would.
Tor has definitely faced more scrutiny. They are undergoing a fund-raising campaign right now, and even Edward Snowden has asked for the internet’s help in that regard.
Yes, the Edward Snowden.
This article mentions some of the challenges to Tor, which aren’t just technical.
Bitcoin has continued to dominate the cryptocurrency space, and one has only to look at the price chart for this year to see that:
Chart from coinbase.com.
It started the year around $200 per bitcoin, and is now more than double that. It’s also gotten a lot of praise for its underlying technical qualifications, primarily blockchain technology, which is being investigated by financial institutions and banks. There are suggestions it will go to $1000 again, and possibly as high as $4000+ when the next halving occurs in July.
Ethereum became significantly more mature. Aside from its own crowd-sale in 2014 raising millions of dollars, it is now a complete platform on which another platform will be built, the Augur reputation platform. Augur had their own crowdsale, raising over five million dollars, validating both platforms.
[In the interests of full disclosure, I own bitcoins, ethereum, and augur. I’m planning to be fully stocked for the glorious agorist future.]
The Council for Responsible Genetics put out a paper on the responsibility of gene therapists to not experiment on genes in the germ line, i.e., make it so that changes were not inheritable. Biohacking has generally been on the rise in the last year, and Bulletproof Coffee is essentially mainstream. Other than a great episode of “Limitless” where prosthetic arms got hacked, there weren’t any notable instances of biohacking needing safeguards, and certainly no non-fiction ones, so I”ll call this one a miss as well.
However, the Data Science prediction was spot-on. Aside from the fact that companies like Palantir have been doing things like this (or exactly this, they don’t say) for a while, it reached mainstream easily this year, and with regards to my prediction specifically, I know for a fact that data science is coming to bear on threats to enterprises, and particularly in the malware space. There are a number of initiatives; my employer (for whom I do not speak, but am relating public knowledge) purchased a company that does exactly that – apply data science to threats and user behaviour to enhance enterprise security. Google “data science” and “malware” and you’ll be able to see for yourself – and you won’t have to adjust the date range because most of what you’ll get is from this year.
That puts me at 4 out of 7 for 2015, or about 57%. Better than chance, but not by much… we’ll have to see how I do for next year!