2019: The Year of Cybersecurity

Author: Ricardo Tavares
Published: 2019-01-02

It’s a rare week when a big company doesn’t announce a major data breach. Though it’s good these breaches are in the public eye, they shouldn’t happen so frequently.  Most cybersecurity experts recognize that it has become impossible to maintain intruders completely out of corporate networks, making a culture of cybersecurity essential to keep them away from critical data.  2019 will be the year of cybersecurity. The problem can no longer be ignored by CEOs, Boards and employees.  

Mobile devices have become essential to modern life, meaning the mobile industry ecosystem has a big role to play in improving cybersecurity at both end-user and network levels.  Mobile operators have ignored cybersecurity threats for too long.  Only a few have taken the initiative to educate and entice users to get more protection for their devices against viruses, trojan-horse programs, unauthorized access, and overly curious apps. 

At the network level, two cybersecurity threats have become an open secret: Stingray, a fake base station that can steal end-users’ data, and the backbone vulnerabilities of Signal System 7 (SS7), that allows intruders to track mobile users and intercept their calls and text messages on a global scale. Cooper Quintin from the Electronic Frontier Foundation urged U.S. telecom companies and government regulators to resolve these issues by redesigning cell tower authentication and phasing out GSM networks in order to prevent Stingray attacks, and developing security standards for SS7.

Governments could be part of the solution, but right now are part of the problem.  Security agencies know about Stingrays and SS7 vulnerabilities, but instead of advocating for policies to close these security breaches, they use them for their own advantage to get the information they want.  With these breaches open, criminals can use plenty of cheap and accessible tools to take advantage of these vulnerabilities as well.

The combination of massive “surveillance capitalism”—companies that sell personal information collected in apps, social networks and search for a profit—and governments interested in eavesdropping has created a situation in which, as Bruce Schneier says, “everyone favors insecurity.” It’s quite hard to change this trend.

But the Internet of Things (IoT), the fastest growing segment of the mobile ecosystem, might just do the trick.  As billions of new connections of things previously independent from the Internet—cars, baby  monitors, freezers, dams, electric grids, you name it—become part of wireless networks, the risks of having vulnerable networks and end-point devices is amplified.  Both consumers and enterprises are increasing their cybersecurity awareness to new levels.

The Internet Society has launched an important campaign to make consumers more aware of IoT security, encouraging them to only buy connected devices that include high security levels. But government regulation may be required to change the game and bring more security to IoT and smartphones.  And that’s the issue likely to dominate the technology policy debate of 2019 worldwide–data privacy and security. It no longer can be postponed as IoT connections skyrocket, amplifying the consequences of vulnerabilities.

Leave a Reply

Your email address will not be published. Required fields are marked *