Virtualization Technology News and Information
Tala Security 2020 Predictions: Website Attacks, Privacy and the 2020 Presidential Election will Take Center Stage

VMblog Predictions 2020 

Industry executives and experts share their predictions for 2020.  Read them in this 12th annual series exclusive.

By Aanand Krishnan, CEO & Founder of Tala Security

Website Attacks, Privacy and the 2020 Presidential Election will Take Center Stage

The critical need for comprehensive Website security will become front page news.

In 2018, we saw the first of several large scale website breaches at British Airways and TicketMaster. In 2019, the trend has accelerated, with an average of [6,400] websites being targeted every month (Symantec). An estimated 2 million websites (DarkReading Oct'19 article)  are already infected with credit card skimmers. Just this past week, Macys' website was hacked via a client-side website vulnerability... magecart. British Airways (180 million Euros) was fined by the European Union GDPR regulation for the loss of 0.5 million user credit cards.  Fines will continue

In 2020, we expect attackers to use website and web app attacks to steal credit cards, credentials, healthcare data and more. Many of these attacks are going to continue to happen due to compromised 3rd party attacks, like Magecart.  Data Privacy is impossible to assure without security controls in place. Recent study highlights that only 2% of today's websites can prevent these attacks

In the past decade, websites have incorporated encryption and authentication via TLS, but the time has come to add access control. Website owners, especially in the e-commerce and financial sector should bolt down the security of their websites at the browser level.  There are amazing security controls that are freely available on PC and mobile browsers (e.g., Content Security Policy, Subresource Integrity, Referrer Policy, Trusted Types, iFrame Sandboxing and others).  

Cybersecurity will play a (major or minor?) role in the 2020 presidential elections

2016 was the first presidential election in which adversaries of the US attempted to influence the result of a presidential election using social media, disinformation, ad networks and fake news. Without more comprehensive website security controls in place  ad networks and session hijacks, like those enabled by today's significant client-side security vulnerability, will continue to [put the integrity of these information resources at risk.

Although I believe that the big players in social media have wisened up to the impact that election influencers can have, there are still several gaps in the way they monitor ads and news. I expect Facebook, Twitter and other social media networks to continue to be a conduit for propaganda, fake news and false ads.  Again, the lack of client-side web security controls is contributing to this issue. How much is unknown

Consumers should be careful about relying on social media for news. Trust reputed news outlets as opposed to web links or social media messages.

The privacy pendulum will continue to swing, wildly

On the one hand, the rapid advances in artificial intelligence, facial recognition, sensors and other technologies are making privacy almost impossible to protect at the consumer level.

We have seen regulators step into this debate. GDPR went into full effect in May 2018, and already in 2019 the EU has fined Google (50 million Euros), British Airways (180 million Euros), Marriott (100 million Euros), among others. California is introducing the Consumer Privacy Act (CCPA) that goes into effect in January 2020.  The lack of client-side security and the fact that modern website architecture exposes private data to third parties integrated into every website today makes data privacy nearly impossible to ensure

I expect that the vendor ecosystem around compliance, data management and privacy is going to grow and evolve in 2020.  GDPR has been a buzzword for the past few years. Now that fines have become very real GDPR has become a four-letter word.

The growth of authoritarian regimes in parts of the world means that surveillance technology will also grow in precision and sophistication.


About the Author

Aanand Krishnan, CEO & Founder of Tala Security

Aanand Krishnan 

Aanand is the founder and CEO of Tala Security. Prior to Tala, Aanand was a senior director of product management at Symantec where he built Symantec's first big data security analytics platform and led key strategy projects that helped establish the company's vision and strategic focus.

Aanand spent several years in investment banking and at mergers and acquisitions at Morgan Stanley and Dolby Labs and acted as an adviser to leading security software, semiconductor and clean tech companies. He started his career building high-speed optical networking products at Agilent Technologies. Aanand holds an MBA from Berkeley where he was a recipient of CJ White Fellowship, a Masters in Photonics and Optoelectronics from UC Santa Barbara where he was a QUEST Fellow and a Bachelors in Electrical Engineering with Honors from BITS, Pilani.
Published Friday, December 13, 2019 7:31 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<December 2019>