1、 TABLE OF CONTENTS 1 4 2 5 3 2020: The fog thickens 5 9 Smart is the new sexy: From IoT devices to smart cities 18 22 ML vs. ML: Creating security or attacking it? 10 13 Securing the digital transformation 23 26 Conclusion 27 28 Introduction 3 4 Privacy sea change 14 17 INTRODUCTION As devices are u

2、ndeniably getting smarter all the time, the question arises: Are we keeping pace with technological progress in terms of being “smart” enough to derive maximum benefit from these devices without suffering repercussions? The rise of smart devices, which until a few years ago seemed like nothing more

3、than a hopeful vi- sion of the future, has occurred so quickly that the technology has become part of our everyday lives almost without us noticing the change. The gradual but persistent integration of technology into objects we use all the time is likely to change and impact social customs in ways

4、that are yet to reveal themselves. Every year, in choosing topics for Trends, ESET experts decide which aspects of cybersecurity and privacy seem likely to present some of the key challenges for the coming year. Over the five chapters that make up this edition of Trends, we review various cybersecur

5、ity issues with implica- tions for people, governments and companies, as well as general concepts like privacy, democracy, digital transformation, and much more. In the first chapter, Tony Anscombe tackles the topic of the US presidential elections and the echoes of the repercussions that fake news

6、and denouncements of foreign interference had on the 2016 elections. But the US is not the only country to have been through this and it is almost certain that in 2020 the topic will be a big issue again. With that in mind, its worth taking anoth- er look at how (dis)information and fake news could

7、play a role in upcoming democratic processes. Jake Moore then addresses another widely talk ed-about issue in recent times machine learning, which is often misrepresented as artifi- cial intelligence. Machine learning is used to de- scribe a range of technological developments, but in 2019 one of it

8、s applications gained partic- ular relevance for the general public with the briefly popular FaceApp and the rapid improve- ments in deepfake techniques, which have been increasingly visible over the course of the year. What are the cybersecurity implications of ma- chine learning? In addition to be

9、ing used to detect cybersecurity threats, could it be abused to vio- late the security and privacy of individuals and organizations? All these issues are intimately connected to user privacy. In her chapter, Lysa Myers looks at how attitudes have changed since the Cambridge An- alytica scandal, the

10、implementation of legisla- tion at various levels, and the likely implications for companies and governments resulting from user disenchantment about data privacy. The trend for all things “smart” has not only reached the objects people use every day, but has begun to take importance on a larger sca

11、le. There are now many examples of smart buildings around the world, and there are expectations that more and more cities will soon become the latest in the long line to incorporate smart tech- nology. However, could this lead to new types of attacks combining the digital and physical realms? Is cyb

12、ersecurity advanced enough to en- sure that these implementations can be carried out without putting users, citizens, and organi- zations at risk? Cecilia Pastorino discusses these and other issues in her chapter. This paradigm shift is perhaps most visible in the digital transformation processes cu

13、rrently being implemented by many companies around the world, challenging IT teams to keep pace with all the technological change taking place. Camilo Gutirrez Amaya dives deep into this issue, look- ing at the likely challenges for the corporate world in the near future. One of the best tools to be

14、 prepared for the future is to stay informed, so why not read this report to find out what we can expect to see in 2020 and over the next few years? 2020: THE FOG THICKENS 1 Fake news Targeted disinformation and propaganda The voting process De-mist-ifying it all? Tony Anscombe ESET Global Security

15、Evangelist 2020: The fog thickens ”20/20” refers to perfect vision, but 2020 might just be another blurry year for the democratic process. What may stand in the way of our making informed decisions supported by facts? As we head into 2020, there is one prediction from this entire Trends report that

16、is probably guaranteed: there will be claims of meddling and manipulation in election processes during the year. These issues are complex and while it is easy to point the finger of suspicion that there was interference, it can be difficult to prove beyond reasonable doubt. The complex- ity begins d

17、ue to there being several types of interference that can cause election results to be shepherded to a cer- tain outcome or to not actually represent the vote cast by the electorate. When looking at online or cyber-issues, these range from fake news and voting machine rigging, all the way through to

18、targeting parts of the swayable population with biased information. The 2016 US presidential election was shrouded in post-election controversy with claims of fake news, in- terference from other nation-states and the potential hacking of the voting process itself. Further, there are claims that the

19、 Brexit referendum in the United Kingdom was biased due to meddling and that in South America disinformation spread through WhatsApp possibly af- fected the outcome of the Brazilian elections. How can we expect voters to have confidence in the democratic process when all this is clouding the outcome

20、? This chapter summarizes some of the methods we will undoubtedly see used by individuals, activist groups, nation-states and even cybercriminals in 2020 as they attempt to interfere with the worlds democratic processes for their own gain, whatever that may be. 2020: The fog thickens 2020: The fog t

21、hickens Fake news The Collins Dictionary awarded this term Word of the Year in 2017. Its rise to fame was largely due to the 2016 US presidential election and the continual claims by candi- dates that articles appearing in the media and stories spreading on social networks were not factual. The mean

22、ing of the term is self-explanatory and refers to the sensationalism of false information being disseminated under the guise of news reporting. In the wake of the election, Pew Research conducted a survey on perceptions about fake news. The outcome was startling, with 88% stating that Americans are

23、greatly or somewhat confused about basic facts due to fake news. Ofcom, the UKs media regulator, issued a report stating that half of UK adults receive news through social media sites, with 75% of these stating this includes Facebook as a source. This is despite the fact that social media were not r

24、ated as impartial, trustworthy or accurate. TV re- mained the most used, with 75% of adults polled listing it among their news sources, but the influence of social media should not be underestimated and is here to stay. There are different types of fake news: for profit, for po- litical gain, for cr

25、ime, hoaxes, and viral pranks. The types may even be combined: creating a hoax that puts a political candidate in a bad light may create political gain, and with the “right” advertising being displayed around the fake news story it may also generate a nice profit. If the creators of such a campaign

26、could be iden- tified they are likely to have committed a crime, but iden- tifying the source is not always possible. In the run-up to the 2019 UK general election a research organization, Future Advocacy, and a UK artist, Bill Post- ers, created a fake social media video , or so-called “deep- fake”

27、. The video shows the main candidates appearing to endorse each other for prime minister. This example of fake news was created in an attempt to demonstrate the difficulty in identifying real vs. fake and that democ- racy is potentially being undermined. But this issue is not new. I frequently stand

28、 at the check- out of the local supermarket and read the cover head- lines of the magazines: celebrities splitting up, the UK Royal Family all getting divorced, or aliens landing in the car park. The readers of such magazines hopefully know the stories are fake when they choose to purchase them, but

29、 when we switch to internet stories, which are spread quickly to much broader audiences, its not so easy to tell the good from the bad. 2020: The fog thickens Some social networks and search engine providers are responsibly attempting to combat the issue, under pres- sure from political and public o

30、utrage. For example, Twitter has recently announced a ban on all political ad- vertisements about candidates, elections and hot policy issues ahead of the 2020 US presidential election. But, this is a complex topic and it has even been referred to as a freedom of speech infringement if someone is de

31、nied the ability to post or place ads with a certain viewpoint. In reality: as fake news spreads, then page impressions increase and advertising revenue is gained, and not all actors displaying ads on websites are responsible. The issue is speed of dissemination of the disinformation a story appeari

32、ng in the next hour will spread quickly, especially if the creator promotes it and spreads it from multiple accounts and networks at the same time. The companies responsible for the platforms have innovated detection methods and built reporting mechanisms to, when possible, automatically detect, or

33、to allow users to report, fake news. Relying on reporting, though, is a flawed solution. As the disinformation has already been spread, many users will likely not take the extra step to report it . and those who have already seen (and per- haps been influenced by) the disinformation are unlikely to

34、become aware of its retraction. As a cybersecurity professional, I consider fake news that damages democracy to be malicious much like mal- ware intrusions on your devices. There needs to be a more robust technological solution to stopping fake news from spreading when it first appears and killing i

35、t at the source. In the same way that zero-day exploits are detected by antimalware products. With the adoption of machine learning, some innovative solutions are like- ly to come to market that will detect and suppress or delete at least some fake news before the user has been subjected to it. Educ

36、ation is also a longer-term solution to this issue, but the results are slower. In July 2019, the UK, government published new safety guidance for schools; part of this updated policy states that every child will learn about confirmation bias and online risks as a compulsory part of the curriculum.

37、This will help to enable pupils to spot techniques used for persuasion and to identify fake news and risks, but it will take many years for an entire gener- ation to understand what may be real or fake. (My col- league Jake Moore deals with the specter of deepfakes in another chapter of this report.

38、) However, understand- ing what is real or fake will give the next generation con- fidence in the democratic electoral system. More govern- ments are likely to take this proactive stance and add this to their education policies. If they dont, then they should. Targeted disinformation and propaganda

39、The Cambridge Analytica abuse of personal data shocked the world but did not surprise those of us who have al- ways said “if you arent paying for it, then you are the product”; for example, each Facebook user in the US and Canada generates more than US$130 for the company ev- ery year. The scandal e

40、ventually broke when three news organizations combined resources to cause enough trac- tion for anyone to notice after more than two years. Fast forward a little in the story, and Facebook was fined US$5 billion by the US Federal Trade Commission (FTC) for its part in the data breach. I am not sure

41、we can real- ly describe it as a breach, though, as documents now in the public domain show that Facebook knew what was going on it was more an abuse of trust for financial gain. On the day the FTC fine was announced Facebooks share price went up its clear the market either expect- ed the penalty to

42、 be harsher or it understood that the deal struck with the FTC is actually in Facebooks favor. The weaponization of information, be it disinformation or propaganda, is set to continue and will take many dif- ferent paths as the benefactors explore and adopt new methods to attack democracy or to make

43、 money. At the center of this invasive and stealthy issue is data mining, something we cant see and for many people is hard to comprehend. The data points available about individuals, given that the majority of people overshare on social media, are extensive. The ability to adjust and manipulate the

44、 message sent to an individual is driven by technology, unlocking the power to individualize the messages sent to millions of people, all at the click of a mouse. 2020: The fog thickens The voting process Whether the ballot is verifiable is not a new issue and relates to both pen-and-paper and elect

45、ronic voting sys- tems. In addition, its an issue thats unlikely to be re- solved anytime soon. Many states in the US have spent millions of dollars to upgrade systems that will be used in the 2020 elections. One state, Pennsylvania, has benefited from US$14.5 mil- lion to upgrade electoral systems,

46、 but even the new sys- tems may be vulnerable. This is because the underlying underlying operating system, Windows 7, which unless a fee is paid will no longer receive patches from Micro- soft once this version of the operating system reaches its “end of life” in January 2020, 11 months prior to the

47、 2020 US presidential election. At the DEF CON 27 hacking conference in August 2019, there were real-time challenges to find vulnerabilities in election systems. One such experiment showed vulnera- bilities in a ballot marking system. In this instance the attacker had unrestricted physical access an

48、d direct con- nection to the devices, which should never to be the case in the real world. I hope someone might notice an attack- er taking a terminal apart and connecting wires to it. This does depend though on the devices being physically se- cured prior to and during the voting process, which, in

49、 some instances in previous elections has not been the case. This may also lose relevance if the devices remain standalone and are never connected to a public network. While there are many devices that theoretically could be vulnerable, it does not necessarily mean they can or will be exploited. Its clear that technological solutions to both registration and voting will cont