We invited several leaders from Zscaler to comment on changes they anticipate in the decade ahead. This statement was submitted by Stan Lowe, the Zscaler Global CISO.
With vastly more data flowing across the internet, due in part to 5G, there will be a greater opportunity for rogue actors to threaten, steal, corrupt data, and halt business through DDoS and other attacks. I expect a rapid increase in targeted ransomware attacks on government agencies, especially cities and states, as these entities have shown little ability to secure their environments due to inadequate budgets and resources. The scales of justice are stacked against them because they’re up against adversaries with plenty of money, often accompanied by a radical agenda.
In the first half of 2019, there were more than 70 ransomware attacks against U.S. cities and towns, including Lake City and Riviera Beach, Florida, which, together, paid more than a million dollars in ransom to regain access to their data. There’s also been a rise in the use of cybersecurity insurance, which has had the effect of emboldening attackers because they know they’re going to get paid.
I expect a meteoric rise in infrastructure attacks by nation-states to compromise the United States and its allies’ power grids. The Center for Strategic and International Studies reports on such attacks each month, and its findings show that espionage is a frequent objective, including attacks designed to disable power plants, embassies, universities, and other high-profile, high-value targets. Though the government is taking action, the most recent proposed legislation simply calls for the government to identify vulnerabilities on the grid and establish a working group to secure the grid over the next two years, which may be two years too late.
A new type of identity politics
With ubiquitous access made possible through 5G and cloud services, identity will be of paramount importance. Currently, authentication standards vary from country to country and site to site. But we must develop a global standard for the factors that make up an individual’s online identity and how it should be used, stored, updated, and protected, because something bigger is at play.
Countries are beginning to recognize the intrinsic value of your identity. It no longer simply comprises your shopping habits or browsing history; today, every detail of your life is stored online, from medical records to income tax filings, banking, credit scores, and even voting records in some precincts. The EU’s General Data Protection Regulation (GDPR) took the first significant steps toward protecting user privacy, followed by California’s Consumer Privacy Act (CCPA), which goes into effect in January 2020. It’s likely that Canada will soon have a law on the books and, I hope that we’ll see national privacy legislation in the U.S. But we must push for an international standard.
Meanwhile, companies that are known to protect customer privacy will have a competitive advantage over those that don’t. In a CNN interview, Apple CEO Tim Cook said, “We think privacy is a fundamental human right.” Apple has backed that statement with multiple protections in its hardware, software, and its Safari browser that prevent spying by cybercriminals as well as advertisers, and is even attending CES for the first time in decades just to raise awareness about consumer privacy. Until we have regulatory standards, consumers will have to look to industry, which isn’t promising, in spite of a few exceptions like Apple.
Read other blogs in the "2020s" series:
The Decade that Tears Down LANs, WANs, VPNs, and Firewalls by Jay Chaudhry, Zscaler Founder and CEO
The 5G Frontier by Patrick Foxhoven, Zscaler Chief Information Officer and Vice President of Emerging Technologies
AI and Machine Learning Bring Hope for a Better Future by Howie Xu, Zscaler VP of AI and Machine Learning
An IoT Bonanza by Deepen Desai, Zscaler Vice President of Security Research