Report: 2020 is the Year Data Gets Weaponized

For information security professionals on up to tech executives in the C-suite, the beginning of the next decade is going to be scary from the cybersecurity standpoint, according to a report released this week by research firm Forrester.

Titled “Predictions 2020: Cybersecurity,” the report depicts a near-future where “evil can adopt artificial intelligence and machine learning faster than security leaders can,” and companies’ and consumers’ dependency on tech will coax governments to create assistance programs to “help them weather the impact of cyber-catastrophes.”

The report estimates deep fakes—audio and video altered by algorithms to make them appear real—will cost business more than $250 million in 2020. Already, deep fakes threaten to upend political norms, as fabricated videos of politicians have become hard to distinguish from genuine ones. However, Forrester’s estimate also comes after a social engineering scheme in March saw an attacker defraud a German energy company out of $243,000 by spoofing the voice of the company’s chief executive officer, convincing another executive to wire funds. As the quality and accessibility of these sorts of algorithms improve, these kinds of attacks will become more mainstream, Forrester states.

“Attackers will use AI and ML to enhance existing attacks using the tremendous amounts of data now available to them. They will also develop new techniques in the form of disinformation campaigns against enterprises,” the report states.

The weaponization of data will extend to the acquisition space, too.

The report suggests companies and foreign powers have already begun to circumvent government oversight and data policies through strategic mergers and acquisitions. The report highlights the purchase of the dating app Grindr by a Chinese firm, which gave Beijing-based engineers access to millions of users’ demographic and health data.

“As the value of data continues to grow—and government oversight of data expands—companies will use the data they collect as a key reason to make acquisitions, allowing them to circumvent controls and regulatory oversight and weaponize data by using it to manipulate, subvert, or target populations,” the report states.

As a sort of response to the past decade’s spike in the amount of potentially-valuable data about people and corporations flooding the web, the report suggests an “anti-surveillance economy” will begin to emerge in 2020. What might this look like? For starters, “enterprises will push back and limit the data they share while consumers will embrace capabilities that allow them to avoid surveillance,” according to the report. In short, companies will use their data strategically in line with more security conscientious views of customers.

In addition, the report suggests a boon in anti-surveillance tech that “conceals, distorts, or blocks public and private surveillance tools.” Such tools exist in the software world, like anonymized search engines and ad blockers, as well as the physical world, such as clothing that fools license plate readers, private storage lockers or anonymous credit cards.