14 global cybersecurity challenges for 2013

14 global cybersecurity challenges for 2013

Summary: Cybercrime, cyberespionage, and straight out cyberattacks will increase in both frequency and ferocity over the next 12 months. Here are some of the challenges we're going to be dealing with.


I spent most of Monday writing my Digital Defense column for Counterterrorism Magazine, looking forward at the cybersecurity issues we're likely to be facing in 2013. I'm also giving a lecture next week at the University of New Hampshire School of Law about cybercrime issues, so I've been doing a lot of thinking about 2013 trends over the past few days.

The bottom line is 2013 will hurt. When it comes to cyber-preparedness, we are not in the best position.

Here's a way to put this issue into perspective. I've talked to my fair share of generals and FBI SAICs (special agents in charge), and many of them seem far more freaked out about cyber-related issues than conventional threats. Remember that these are people who have access to a vast amount of real, live, go-boom firepower, and they're deeply worried at a pretty fundamental level about cybersecurity.

Cybercrime, cyberespionage, and straight out cyberattacks will increase in both frequency and ferocity over the next 12 months. Here are some of the challenges we're going to be dealing with:

1. Security breaches will be constant: Just today, the Japan's Ministry of Agriculture, Forestry and Fishery admitted it had been hacked, more than 3,000 documents stolen (which included some of their negotiating strategies).

2. At least one login credential for almost every user will be in the hands of bad guys: With the enormous user authentication database thefts of the past year, and the expected increase in penetrations over the next year, huge, aggregated, big-data databases of user authentication information will be available to criminals.

3. 2013 will be the year the password dies: Because so much data is available to criminals about how we humans think about assigning passwords, password-based security will become essentially useless.

4. 2013 will be the year of multi-factor authentication: Likewise, because passwords will become less and less secure, expect to see most services offer a multi-factor authentication capability, whether via a dedicated dohickey or mobile phone.

5. Mobile gets really messy: Speaking of mobile, 2013 will be the year that smartphones turn into mobile nightmares. While iOS devices are relatively secure, Android phones are one download away from being completely corrupted. From mobile spying devices to always-moving botnet nodes, these things are used by people with minimal technical skill, virtually no attention to security, and a desire for instant gratification. Plus, they contain rich catalogs of juicy identity theft information.

6. Light office users move to tablets for security: As a counterpoint to the previous trend, light office users will move to tablets like the iPad and Surface RT for their increased security and ease of maintenance. Rather than basic, cheap desktop PCs or laptops, users who only need to access Web, email, and Office applications will be running on these thin clients.

7. Cloud failures will result in substantial data loss: Users of large-scale PC applications like Office and Photoshop will be pushed even harder to rent their use online rather than install on their local machines, thereby providing an ongoing revenue stream to application vendors. With so much mission-critical data now residing in the cloud, expect at least one or two shocking cloud failures that not only result in breaches, but also devastating loss of data to users.

8. Hacktivist groups morph: Expect hacktivist groups like Anonymous to remain strong, even though international law enforcement is actively pursuing their members. Individuals, acting anonymously from all over the world, will continue to wreak havoc against any organization that annoys them. However, expect to see these groups infiltrated by both law enforcement and agents of nation-states, and expect the agendas of these previously apolitical groups to be pulled in different directions as professional spies dig in and apply hidden influence.

9. Healthcare-related fraud increases exponentially: As more and more healthcare organizations and doctors' offices go online, and as healthcare continues to get more and more expensive, expect to see shocking levels of healthcare fraud, especially since, as the Washington Post reports, healthcare security is among the worst of all industries.

10. Security-as-a-Service becomes a new cloud market: Some vendors, like GFI, already have solid cloud-based security offerings. But as security becomes more and more of a problem and continues to increase in complexity, expect to see a wide-range of cloud-based security offerings, including some that are very helpful and some that are nothing more than snake oil.

11. Companies will still be unwilling to spend what it takes for good cybersecurity: Even though the economy has been improving, it's certainly not going gangbusters. CTOs will be competing with CMOs for tech dollars, and senior executives will still not fully understand how bad things will get from a security breach or large-scale failure.

12. Nation-state cyberwar escalates: Stuxnet may well have been the tip of the cyberwar iceberg. Expect to see cyber-based attacks used to augment the more traditional work of on-the-ground spies and saboteurs with a longer reach and lower risk -- unless, of course, the attacking weapons fall into the hands of the bad guys, as was the case with Stuxnet. Oops.

13. Rogue nations use cybercrime for fund-raising: Even though many North Koreans don't even have light bulbs, the country has been using cybercrime as a way of raising cash. Expect to see more of this activity, not only from North Korea, but from many of the former Soviet states and smaller Asian and African nations.

14. Congress will continue to disregard the Constitution and our privacy rights: Whether it's a misguided way of protecting us against terrorist attack or simply a wholesale sellout to the music and movie industries, Congress will continue to field bills that undermine our Constitutional rights. Sometimes it's hard to tell who is worse for Americans: the cybercriminals or our politicians.

The bottom line is 2013 will hurt. When it comes to cyber-preparedness, we are not in the best position. Getting our senior executives, politicians, friends, and family to pay attention and pay for security is perhaps our biggest challenge.

Topics: Security, Government, Privacy


David Gewirtz, Distinguished Lecturer at CBS Interactive, is an author, U.S. policy advisor, and computer scientist. He is featured in the History Channel special The President's Book of Secrets and is a member of the National Press Club.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • RE: 14.

    "Sometimes it's hard to tell who is worse for Americans: the cybercriminals or our politicians."

    Easy, its the politicians. Cyber-crime has little impact to me since I don't do on-line banking or on-line bill paying, and never will knowing what I know about computer insecurity. And while I get new credit cards every year because some idiot I buy stuff from stores credit card numbers and has been hacked, my losses are zero.

    Its the politicians that are robbing us blind via taxation and monetary policy!
  • re: 4 and others

    "2013 will be the year of multi-factor authentication"

    We can dream.

    There's always gonna be that business that didn't make the change, though, sigh. Can't even get banks onto good security practices consistently.

    "users who only need to access Web, email, and Office applications"

    Who think they exist - until they remember that one other application that they use. I'm skeptical this theoretical group is really as big as many claim it to be.

    "expect to see these groups infiltrated by both law enforcement and agents of nation-states,"

    I'm sure they already are. It's not as if the government is going make that sort of information public.

    I hope "hacktivism" (more like cyber terrorism IMO) is not a long term trend.
  • "and many of them seem far more freaked out"

    No IT person should find any value in this fact. They are all morons. Yes, those wannabe-superagents. While they *should* be edge-of-line and flexible, they are completely retarded about technology. Remember the recent CIA scandal?

    Probably about 10% of them are not retards and idiots. But those smart 10% have interests in affiliated business structures, so they do their best to promote those "threats" because it is big bucks, and very well paid employment for them after they retire from service. So...
    • Exceptional public servants

      I disagree. Many of our public servants are exceptional, and could make far more in the private sector. You don't get to be a general or an SAIC without being highly educated and the best of the best. Many of the people who work (not make policy mind you, but work) in government IT and government tech security are brilliant, on a par with the best in universities and top commercial firms.

      Don't dismiss public servants because they've chosen to serve their country and their fellow citizens.
      David Gewirtz
      • Unfortunately, they are also idiots with technology.

        Which is why there are so many expensive design failures when it comes to weapons.

        Who else would allow windows to be used as a weapons control system... only to have it kill the entire ship due to a divide-by-zero error.
      • Agree wholeheartedly

        I've never met a general or colonel who I haven't wholeheartedly respected (while allowing for some personal eccentricities, in some cases) ... and to call them tech idiots is ridiculous, while it may not be their field, depending on their focus, anyone who has gotten to that rank has the intellectual capacity and, just as importantly, the ability to judge and weigh risks in context, to be able to understand and deal with cyber-risks. Those saying otherwise haven't dealt with such people day-in/day-out, or are riding a hobby-horse.
  • No. 14 should be No. 1

    More Kaynesian spending, more taxes, more debt (will easily go above $20 trillion before Obama is done), more cameras, more laws, more wars, more bombings, more security, more TSA, more cops, more lobbyists, more corruption, more greed.

    Less rights, less freedoms, less guns, less choice, and less listening to crappy mainstream media from me.

    Also I doubt passwords will be going away this year...However, I do use the text msg codes to login to Paypal after my account was compromised 5 years ago. I bought a YubiKey a few months ago, but sadly I rarely use it (too scared if I lose it).
  • 14 global cybersecurity challenges for 2013

    They missed number 15 the most important one ..................keep Loverock Davidson away from his computer and pay more attention to flipping those burgers....................
    Over and Out
  • Accurate cyber identification

    Or perhaps David, 2013 will be the year that the world first uses a 100% accurate cyber identification process. The process will utilize any one of thousands of unique biological characteristics of any specific person. The process utilizes unique biological characteristics of a person that can never be copied and repeated by any other person or device. And the use of the new process will put an abrupt end to all of your cyber concerns for 2013 while still providing each person on the planet with the highest levels of cyber privacy that will ever be attained.
    Welcome to the future...
  • I doubt it!

    "3. 2013 will be the year the password dies..."

    The leaders in on-line security may move to something better than passwords, but it's silly to assert that the password will die in 2013. None of the financial or email or other sites I use have made any mention of eliminating passwords as of this writing (January 4, 2013) and any changeover as drastic as that will take more than a year to fully implement.

    Perhaps (and I say PERHAPS) the more security-conscious sites will BEGIN to offer something more secure than passwords. Some already ask a security question if you log in from an unregistered computer, though they still also ask for a password. Rather than saying that the password will die in 2013, perhaps you should have said that the most forward-thinking sites will begin to offer options for additional security.

    Get Rid of Donald Trumps Ugly face from "You May Also Like"