2019 was an interesting year for cybersecurity. Ransomware as a service, though around for a while now, really saw a sharp uptick in popularity. Numerous state and city governments were hit with malware. China allegedly hacked the phones of its Uyghur citizens, and hijacked both ASUS update servers and videogame developers to target specific Asian regions. We saw our first major GDPR fine when British Airways getting hit with $230 Million USD and the number of DDoS attacks increased by almost 1000%. Truly it was a great time to be around on the internet.
While the exact number of IoT devices reported in the world is surprisingly debated, or an inconsistently quoted number, at minimum by the end of the year Wi-Fi connected toasters will outnumber humans 4 to 1. In 2016, there was a DDoS attack that was more than one terabits per second, and with the expansion of the numbers of IoT devices along with the cringeworthy level of security applied to them, it seems increasingly likely we’ll see a significantly larger DDoS attack in 2020.
2020 will also see the implementation of some new, American forms of GDPR-ish legislation. While obviously this will do little to decrease the rate at which breaches happen, it seems likely to decrease the amount of time companies take to notify people of breaches. Last year, popular online media company RoosterTeeth waited a full 10 days to notify users that their credit card information was stolen. This was one of the shortest periods of time between discovering and announcing breaches. Grocery store chain HyVee waited two months to disclose that its credit card system had been infiltrated. With the pressure of additional laws mandating disclosure we should see these waiting periods get shorter.